STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

AC-22

Access ControlRev 5organization

Publicly Accessible Content

Baselines:LowModerateHigh

Control Statement

a. Designate individuals authorized to make information publicly accessible; b. Train authorized individuals to ensure that publicly accessible information does not contain nonpublic information; c. Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and d. Review the content on the publicly accessible system for nonpublic information [Assignment: frequency] and remove such information, if discovered.

Supplemental Guidance

In accordance with applicable laws, executive orders, directives, policies, regulations, standards, and guidelines, the public is not authorized to have access to nonpublic information, including information protected under the [PRIVACT](#18e71fec-c6fd-475a-925a-5d8495cf8455) and proprietary information. Publicly accessible content addresses systems that are controlled by the organization and accessible to the public, typically without identification or authentication. Posting information on non-organizational systems (e.g., non-organizational public websites, forums, and social media) is covered by organizational policy. While organizations may have individuals who are responsible for developing and implementing policies about the information that can be made publicly accessible, publicly accessible content addresses the management of the individuals who make such information publicly accessible.

Related Controls (4)

AC-3AT-2AT-3AU-13

CCI Identifiers (6)

CCI-001475Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included.CCI-001476Review the content on the publicly accessible system for nonpublic information on an organization-defined frequency.CCI-001477Defines a frequency for reviewing the content on the publicly accessible system for nonpublic information.CCI-001473Designate individuals authorized to post information onto a publicly accessible system.CCI-001474Train authorized individuals to ensure that publicly accessible information does not contain nonpublic information.CCI-001478Remove nonpublic information from the publicly accessible system, if discovered.

Linked STIG Checks (1)

Across 1 STIGs. Click to expand.