Doc:NIST SP 800-53r3 Appendix F/AC-22

From FISMApedia
Jump to: navigation, search

AC-22 PUBLICLY ACCESSIBLE CONTENT

Control: The organization:
a. Designates individuals authorized to post information onto an organizational information system that is publicly accessible;
b. Trains authorized individuals to ensure that publicly accessible information does not contain nonpublic information;
c. Reviews the proposed content of publicly accessible information for nonpublic information prior to posting onto the organizational information system;
d. Reviews the content on the publicly accessible organizational information system for nonpublic information [Assignment: organization-defined frequency]; and
e. Removes nonpublic information from the publicly accessible organizational information system, if discovered.
Supplemental Guidance: Nonpublic information is any information for which the general public is not authorized access in accordance with federal laws, Executive Orders, directives, policies, regulations, standards, or guidance. Information protected under the Privacy Act and vendor proprietary information are examples of nonpublic information. This control addresses posting information on an organizational information system that is accessible to the general public, typically without identification or authentication. The posting of information on non-organization information systems is covered by appropriate organizational policy. Related controls: AC-3, AU-13.
Control Enhancements: None.