SC-14 — Public Access Protections

This control (withdrawn in Rev 5) has been incorporated into other controls. The protections for publicly accessible systems are now addressed by AC-2, AC-3, AC-5, AC-6, SI-3, SI-4, SI-5, SI-7, and SI-10.

Example 1: For public-facing web servers, implement input validation (SI-10) and malware protection (SI-3) as described in those respective controls.

Example 2: Apply access control (AC-3) and least privilege (AC-6) to all public-facing systems, ensuring they run with minimal permissions and only serve their intended function.