The sensitivity level of all data for publication on a production web site is known and documented.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-23835 | WEBPL025 | SV-28771r1_rule | ECML-1 | Medium |
| Description |
|---|
| It is important to be aware of the data sensitivity level and security category of information being published on a web site so that appropriate safeguards may be applied. Such safeguards may include the physical separation of information published on servers located within the DoD DMZ as referenced by the DoD Internet-NIPRNet DMZ STIG. It is important for the IAO to have access to this documentation regarding the data sensitivity level and security category level of hosted information to help ensure that appropriate safeguards have been applied. Initiatives are currently in progress within the NIPRNet DMZ that may require this awareness. |
| STIG | Date |
|---|---|
| Web Policy STIG | 2011-10-03 |
Details
| Check Text ( C-29196r1_chk ) |
|---|
| It is not the responsibility of the hosting agency to document the data sensitivity level and security category of the hosted information. It is the responsibility of the information owner to provide this documentation to the IAO of the hosting agency. If this documentation is not in the possession of the IAO, this is a finding. |
| Fix Text (F-26215r1_fix) |
|---|
| Acquire the data sensitivity level and security category of information published on a production web site. |