zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-05 17:28:31 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/ac-22.md
Logan McDonald 1d3dfdb8d5
Add compliance documentation to source control (#116) 
* add initial setup of compliance-trestle
2022-09-14 08:46:43 -04:00

3.1 KiB
Raw Blame History

implementation-status control-origination
c-not-implemented
c-inherited-cloud-gov
c-inherited-cisa
c-common-control
c-system-specific-control

ac-22 - [catalog] Publicly Accessible Content

Control Statement

  • [a] Designate individuals authorized to make information publicly accessible;

  • [b] Train authorized individuals to ensure that publicly accessible information does not contain nonpublic information;

  • [c] Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and

  • [d] Review the content on the publicly accessible system for nonpublic information frequency and remove such information, if discovered.

Control guidance

In accordance with applicable laws, executive orders, directives, policies, regulations, standards, and guidelines, the public is not authorized to have access to nonpublic information, including information protected under the PRIVACT and proprietary information. Publicly accessible content addresses systems that are controlled by the organization and accessible to the public, typically without identification or authentication. Posting information on non-organizational systems (e.g., non-organizational public websites, forums, and social media) is covered by organizational policy. While organizations may have individuals who are responsible for developing and implementing policies about the information that can be made publicly accessible, publicly accessible content addresses the management of the individuals who make such information publicly accessible.

Control assessment-objective

designated individuals are authorized to make information publicly accessible; authorized individuals are trained to ensure that publicly accessible information does not contain non-public information; the proposed content of information is reviewed prior to posting onto the publicly accessible system to ensure that non-public information is not included; the content on the publicly accessible system is reviewed for non-public information frequency; non-public information is removed from the publicly accessible system, if discovered.

What is the solution and how is it implemented?

Implementation a.

Add control implementation description here for item ac-22_smt.a

Implementation b.

Add control implementation description here for item ac-22_smt.b

Implementation c.

Add control implementation description here for item ac-22_smt.c

Implementation d.

Add control implementation description here for item ac-22_smt.d