Navigate

CCI-001476

CCI-001476 Definition

The organization reviews the content on the publicly accessible information system for nonpublic information on an organization-defined frequency.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to review the content on the publicly accessible information system for nonpublic information on an organization-defined frequency. The organization must maintain an audit trail of reviews.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail of reviews to ensure the organization being inspected/assessed reviews the content on the publicly accessible information system for nonpublic information on an organization-defined frequency.

Compelling Evidence

1.) Documentation showing an internal review of the proposed content prior to publishing, with dates of review

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001476.

Control	Description
AC-22	The organization: AC-22a.: Designates individuals authorized to post information onto a publicly accessible information system; AC-22b.: Trains authorized individuals to ensure that publicly accessible information does not contain nonpublic information; AC-22c.: Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and AC-22d.: Reviews the content on the publicly accessible information system for nonpublic information [Assignment: organization-defined frequency] and removes such information, if discovered.

Control

Description

AC-22

The organization:

AC-22a.: Designates individuals authorized to post information onto a publicly accessible information system;

AC-22b.: Trains authorized individuals to ensure that publicly accessible information does not contain nonpublic information;

AC-22c.: Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and

AC-22d.: Reviews the content on the publicly accessible information system for nonpublic information [Assignment: organization-defined frequency] and removes such information, if discovered.