>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AC-22Publicly Accessible Content

PBMM (P1)
Technical

>Control Description

(A) The organization designates individuals authorized to post information onto a publicly accessible information system. (B) The organization trains authorized individuals to ensure that publicly accessible information does not contain confidentially sensitive information. (C) The organization reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that confidentially sensitive information is not included. (D) The organization reviews the content on the publicly accessible information system for confidentially sensitive information organization-defined frequency and removes such information, if discovered.

>Supplemental Guidance

In accordance with GC legislation and TBS policies, directives and standards, the general public is not authorized access to confidentially sensitive information (e.g., information protected under the Privacy Act and proprietary information). This control addresses information systems that are controlled by the organization and accessible to the general public, typically without identification or authentication. The posting of information on non-organization information systems is covered by organizational policy.

Related controls: AC-3, AC-4, AT-2, AT-3, AU-13

>Tailoring Guidance

This security control/enhancement is applicable to the organization as opposed to a specific information system.

Ask AI

Configure your API key to use AI features.