CMMC 2.0 • LEVEL 1 • ACCESS CONTROL

AC.L1-3.1.22Publicly Accessible Content

Train authorized individuals to ensure that publicly accessible information does not contain CUI. Review the content on publicly accessible systems for CUI and remove such information, if discovered.

NIST 800-171 Mapping

NIST 800-53 Controls

AC-22

Assessment Objectives

  • authorized individuals are trained to ensure that publicly accessible information does not contain CUI.
  • the content on publicly accessible systems is reviewed for CUI.
  • CUI is removed from publicly accessible systems, if discovered.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

AC.L1-3.1.1 Account Management AC.L1-3.1.2 Access Enforcement AC.L2-3.1.3 Information Flow Enforcement AC.L2-3.1.4 Separation of Duties