Information on public web servers is reviewed before publication and periodically reviewed after publication.

From Web Policy STIG

Part of Information on public web servers is reviewed.

Associated with IA controls: DCPR-1

SV-28795r1_rule Information on public web servers is reviewed before publication and periodically reviewed after publication.

Vulnerability discussion

The publishing of un-reviewed and unapproved content on a public web server may pose a serious threat to the safety of the warfighter and national security. Security is everyone’s responsibility and, although the originating organization posting the information must ensure that the information has been approved prior to publication, all individuals have a responsibility to raise concern if they suspect that inappropriate content has been published.There are a number of events that may require the removal of publicly posted information from a public web site such as a change in security postures and guidance directives, the discovery of inadvertently released sensitive information, the discovery of the use of copy-righted material without proper permissions, and the removal of outdated or superseded information.

Check content

The organization or activity that sponsors the web site will have web content responsibility. These persons will ensure that all information is kept current and that information placed on the web server is reviewed and approved by the Public Affairs Officer (PAO). This organization will provide assurance to the hosting agency that this requirement has been satisfied. The organization or activity that owns the web site will develop local policies in accordance with the DoD Web Site Administration Policies & Procedures, dated 25 November 1998 (updated 11 January 2002), available at: http://www.defenselink.mil/webmasters/policy/dod_web_policy_12071998_with_amendments_and_corrections.html. The following elements will be included in that policy: 1. All organizational personnel should receive training appropriate to distinguish between public and non-public information, but specific training is given to content approving authority. 2. Periodic re-review of posted information. 3. Procedures and contact information that address the discovery and subsequent removal of published information that is considered to be in violation of current law, policy, directive, or is outdated. A copy of this policy will be provided to the hosting agency for the purpose of the site review associated with this check. It is not the responsibility of the hosting agency to review or re-review posted information. If, however, the hosting agency ever notices policy violations or the posting of questionable content, they will take appropriate action. If review assurance for publicly posted information is not available, or if a policy containing the listed elements is not available, this is a finding.

Fix text

Acquire review assurance and local posting policies for publicly published information.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer