zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-05 09:21:54 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/pl-4.1.md
Logan McDonald 1d3dfdb8d5
Add compliance documentation to source control (#116) 
* add initial setup of compliance-trestle
2022-09-14 08:46:43 -04:00

2.7 KiB
Raw Blame History

implementation-status control-origination
c-not-implemented
c-inherited-cloud-gov
c-inherited-cisa
c-common-control
c-system-specific-control

pl-4.1 - [catalog] Social Media and External Site/Application Usage Restrictions

Control Statement

Include in the rules of behavior, restrictions on:

  • [a] Use of social media, social networking sites, and external sites/applications;

  • [b] Posting organizational information on public websites; and

  • [c] Use of organization-provided identifiers (e.g., email addresses) and authentication secrets (e.g., passwords) for creating accounts on external sites/applications.

Control guidance

Social media, social networking, and external site/application usage restrictions address rules of behavior related to the use of social media, social networking, and external sites when organizational personnel are using such sites for official duties or in the conduct of official business, when organizational information is involved in social media and social networking transactions, and when personnel access social media and networking sites from organizational systems. Organizations also address specific rules that prevent unauthorized entities from obtaining non-public organizational information from social media and networking sites either directly or through inference. Non-public information includes personally identifiable information and system account information.

Control assessment-objective

the rules of behavior include restrictions on the use of social media, social networking sites, and external sites/applications; the rules of behavior include restrictions on posting organizational information on public websites; the rules of behavior include restrictions on the use of organization-provided identifiers (e.g., email addresses) and authentication secrets (e.g., passwords) for creating accounts on external sites/applications.

What is the solution and how is it implemented?

Implementation (a)

Add control implementation description here for item pl-4.1_smt.a

Implementation (b)

Add control implementation description here for item pl-4.1_smt.b

Implementation (c)

Add control implementation description here for item pl-4.1_smt.c