>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PL-4(1)Rules of Behavior | Social Media and External Site/application Usage Restrictions

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Include in the rules of behavior, restrictions on: (a) Use of social media, social networking sites, and external sites/applications; (b) Posting organizational information on public websites; and (c) Use of organization-provided identifiers (e.g., email addresses) and authentication secrets (e.g., passwords) for creating accounts on external sites/applications.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Social media, social networking, and external site/application usage restrictions address rules of behavior related to the use of social media, social networking, and external sites when organizational personnel are using such sites for official duties or in the conduct of official business, when organizational information is involved in social media and social networking transactions, and when personnel access social media and networking sites from organizational systems. Organizations also address specific rules that prevent unauthorized entities from obtaining non-public organizational information from social media and networking sites either directly or through inference. Non-public information includes personally identifiable information and system account information.

>Related Controls

AC-22
AU-13

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern the implementation of social media and external site/application usage restrictions across organizational systems?
  • Who is responsible for social media and external site/application usage restrictions activities and oversight?
  • What is the process for documenting and approving social media and external site/application usage restrictions?
  • How frequently are social media and external site/application usage restrictions activities reviewed and updated?
  • What governance exists for ensuring social media and external site/application usage restrictions aligns with organizational objectives and risk management strategy?

Technical Implementation:

  • What systems or tools support the technical implementation of social media and external site/application usage restrictions?
  • How is social media and external site/application usage restrictions information integrated with other system documentation or repositories?
  • What automation exists for social media and external site/application usage restrictions activities?
  • How are social media and external site/application usage restrictions artifacts version-controlled and maintained?
  • What technical workflows enforce social media and external site/application usage restrictions requirements?

Evidence & Documentation:

  • Provide documented policies and procedures for social media and external site/application usage restrictions.
  • Provide artifacts demonstrating social media and external site/application usage restrictions implementation.
  • Provide evidence of social media and external site/application usage restrictions review and approval.
  • Provide records of social media and external site/application usage restrictions updates and version control.
  • Provide documentation showing social media and external site/application usage restrictions integration with system authorization.

Ask AI

Configure your API key to use AI features.