Make sure no CUI ends up on your public website or public-facing systems.
What it actually means
Control CUI posted or processed on publicly accessible systems — make sure CUI never gets published to your public website or other public systems. Designate who can post public content and review it to ensure no CUI slips out. This is also a Level 1 (FCI) requirement.
Pass or fail — an assessor needs a "yes" to each
- Is there a process ensuring CUI is never posted to publicly accessible systems?
- Are authorized individuals designated to manage public content?
What to have ready
- Policy and review process for public content
- List of authorized publishers
Where teams trip up
- No review before posting to the public site
- Anyone able to publish public content
Also a Level 1 (FCI) requirement.
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →