1. Home
  2. FedRAMP
  3. AC-22

BRACKETOLOGY | FEDRAMP

  • FedRAMP Baseline Membership AC-22:
  • LOW
  • MODERATE
  • HIGH

FedRAMP Bracketology

Use the FedRAMP Control Membership information above to determine if a control or control enhancement is required for each Impact Baseline — LOW, MODERATE, or HIGH

Click on the panel below each control or control enhancement to review the FedRAMP Impact Baseline-specific control configuration requirements for each of the [BRACKETS] in each control and/or control enhancement.

Review and use Additional Requirements and Guidance to build FedRAMP-compliant controls for your risk-based cybersecurity program.

To change the baseline view in the panel, click on LOW, MODERATE, or HIGH when the panel is open

Panels only appear where there are [BRACKETS] in the control or enhancement or where there is FedRAMP-specific requirements or guidance available.

AC-22: PUBLICLY ACCESSIBLE CONTENT

The organization:

    • a. Designates individuals authorized to post information onto a publicly accessible information system;
    • b. Trains authorized individuals to ensure that publicly accessible information does not contain nonpublic information;
    • c. Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and
    • d. Reviews the content on the publicly accessible information system for nonpublic information [Assignment: organization-defined frequency] and removes such information, if discovered.

Click Low | Moderate | High below to see FedRAMP control configuration information. It's in BOLD.

AC-22d.: Reviews the content on the publicly accessible information system for nonpublic information at least quarterly and removes such information, if discovered.

AC-22d.: Reviews the content on the publicly accessible information system for nonpublic information at least quarterly and removes such information, if discovered.

AC-22d.: Reviews the content on the publicly accessible information system for nonpublic information at least quarterly and removes such information, if discovered.


SUPPLEMENTAL GUIDANCE

In accordance with federal laws, Executive Orders, directives, policies, regulations, standards, and/or guidance, the general public is not authorized access to nonpublic information (e.g., information protected under the Privacy Act and proprietary information). This control addresses information systems that are controlled by the organization and accessible to the general public, typically without identification or authentication. The posting of information on non-organization information systems is covered by organizational policy.

CONTROL ENHANCEMENTS

NO CONTROL ENHANCEMENTS

REFERENCES:

  • NO REFERENCES