Under active development Content is continuously updated and improved

DM-21Publicly Accessible Content

>Control Description

Organization protects its public information system presence with the following processes: only authorized and trained individuals may post public information, content is reviewed prior to publishing, information on public systems is reviewed periodically, and non-public information is removed from public systems upon discovery.

Theme

Process

Type

Preventive

Policy/Standard

Data Management Policy

>Implementation Guidance

1. Ensure that a process is defined, documented, and communicated regarding publishing of information on public websites. 2. Ensure public information is reviewed periodically. 3. Ensure appropriate process is defined for removing non-public information from public websites. 4. Ensure appropriate access control exists for posting information on public websites.

>Testing Procedure

1. Inspect and validate whether a process is defined, documented, and communicated regarding publishing of information on public websites. 2. Validate whether public information is reviewed periodically. 3. Validate the process for removing non-public information from public websites. 4. Validate that appropriate access control exists for posting information on public websites.

>Audit Artifacts

E-DM-01
E-DM-23

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

Ask AI

Configure your API key to use AI features.