The sensitivity level of all data for publication on a production web site is known and documented.

Associated with IA controls: ECML-1

SV-28771r1_rule The sensitivity level of all data for publication on a production web site is known and documented.

Vulnerability discussion

It is important to be aware of the data sensitivity level and security category of information being published on a web site so that appropriate safeguards may be applied. Such safeguards may include the physical separation of information published on servers located within the DoD DMZ as referenced by the DoD Internet-NIPRNet DMZ STIG. It is important for the IAO to have access to this documentation regarding the data sensitivity level and security category level of hosted information to help ensure that appropriate safeguards have been applied.Initiatives are currently in progress within the NIPRNet DMZ that may require this awareness.

Check content

It is not the responsibility of the hosting agency to document the data sensitivity level and security category of the hosted information. It is the responsibility of the information owner to provide this documentation to the IAO of the hosting agency. If this documentation is not in the possession of the IAO, this is a finding.

Fix text

Acquire the data sensitivity level and security category of information published on a production web site.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.