CCI-001476

Review the content on the publicly accessible system for nonpublic information on an organization-defined frequency.

Implementation Guidance

Determine if: - the content on the publicly accessible system is reviewed for non-public information [AC-22_ODP; the frequency at which to review the content on the publicly accessible system for non-public information is defined]. - non-public information is removed from the publicly accessible system, if discovered.

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing publicly accessible content; list of users authorized to post publicly accessible content on organizational systems; training materials and/or records; records of publicly accessible information reviews; records of response to non-public information on public websites; system audit logs; security awareness training records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for managing publicly accessible information posted on organizational systems; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Mechanisms implementing management of publicly accessible content].

The controls below (if any) were marked by NIST as being related to CCI-001476.