Title

The sensitivity level of all data for publication on a production web site is known and documented. (Cat II impact)

Discussion

It is important to be aware of the data sensitivity level and security category of information being published on a web site so that appropriate safeguards may be applied. Such safeguards may include the physical separation of information published on servers located within the DoD DMZ as referenced by the DoD Internet-NIPRNet DMZ STIG. It is important for the IAO to have access to this documentation regarding the data sensitivity level and security category level of hosted information to help ensure that appropriate safeguards have been applied. Initiatives are currently in progress within the NIPRNet DMZ that may require this awareness.

Check Content

It is not the responsibility of the hosting agency to document the data sensitivity level and security category of the hosted information. It is the responsibility of the information owner to provide this documentation to the IAO of the hosting agency. If this documentation is not in the possession of the IAO, this is a finding.

Fix Text

Acquire the data sensitivity level and security category of information published on a production web site.

Additional Identifiers

Rule ID: SV-28771r1_rule

Vulnerability ID: V-23835

Group Title: Data sensitivity documented

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.