Mapped to NIST 800-171 Requirement: 3.13.13
CMMC Assessment Objective: SC.L2-3.13.13[a]
What This Control Means
You must clearly identify what tools, technologies, and processes are in place to:
• Control traffic entering and leaving your environment
• Inspect, log, and analyze communications at system boundaries
• Prevent unauthorized or suspicious data flows involving CUI
System boundaries include:
• Internet gateways
• Cloud interconnections
• VPN endpoints
• Inter-organizational or partner connections
• Segmentation points between CUI and non-CUI environments
Why It Matters
Without control and monitoring:
• Unauthorized traffic could enter or leave without detection
• CUI could be exfiltrated without alerting
• Malware could infiltrate through overlooked connections
• Auditors will flag missing or undocumented boundary protections
Controlling and monitoring communications ensures your perimeter isn’t blind or open.
How to Implement It
1. Define Your Boundary Points Examples:
• Firewalls at internet ingress/egress points
• VPN concentrators and remote access gateways
• Cloud service boundaries (e.g., AWS Direct Connect, Azure ExpressRoute)
• Internal VLANs or subnet gateways isolating CUI systems
2. Identify Control Mechanisms Examples:
• Firewalls enforcing traffic rules
• Application layer gateways
• API gateways and inspection points
• Network access control (NAC) devices
3. Identify Monitoring Mechanisms Examples:
• Intrusion Detection/Prevention Systems (IDS/IPS)
• SIEM systems aggregating firewall, VPN, and endpoint logs
• NetFlow monitoring or packet capture solutions
• Cloud-native monitoring (e.g., AWS GuardDuty, Azure Sentinel)
4. Document These Protections
• List tools, locations, monitoring coverage, and management responsibility
• Show where and how traffic is controlled and observed
Evidence the Assessor Will Look For
• SSP entries detailing boundary protections and monitoring tools
• Network diagrams showing control points and monitoring placements
• Firewall, IDS/IPS, and VPN configurations
• Logs showing traffic monitoring and inspection activities
• Security policies mandating boundary control and monitoring practices
Common Gaps
• Boundary devices deployed but monitoring not active
• Only firewalls configured—no active traffic inspection or alerting
• Cloud traffic left unmonitored or unfiltered
• No documentation of how CUI-related communications are controlled and logged
How Cuick Trac Helps
Cuick Trac supports this requirement by:
• Mapping boundary control and monitoring mechanisms to system diagrams and CUI flows
• Documenting active protection points and inspection tools
• Verifying monitoring coverage across cloud, on-premises, and hybrid systems
• Linking control and monitoring activities to compliance reporting and risk assessments
• Providing real-time dashboards to visualize and track boundary defense effectiveness
With Cuick Trac, your communications controls are visible, managed, and defensible.
Final CTA
Your system boundaries are your first and last line of defense—control and monitor them.
Schedule a Cuick Trac demo to document and verify your system boundary protections for total CUI security.