UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The sensitivity level of all data for publication on a production web site is known and documented.


Overview

Finding ID Version Rule ID IA Controls Severity
V-23835 WEBPL025 SV-28771r1_rule ECML-1 Medium
Description
It is important to be aware of the data sensitivity level and security category of information being published on a web site so that appropriate safeguards may be applied. Such safeguards may include the physical separation of information published on servers located within the DoD DMZ as referenced by the DoD Internet-NIPRNet DMZ STIG. It is important for the IAO to have access to this documentation regarding the data sensitivity level and security category level of hosted information to help ensure that appropriate safeguards have been applied. Initiatives are currently in progress within the NIPRNet DMZ that may require this awareness.
STIG Date
Web Policy STIG 2011-10-03

Details

Check Text ( C-29196r1_chk )
It is not the responsibility of the hosting agency to document the data sensitivity level and security category of the hosted information. It is the responsibility of the information owner to provide this documentation to the IAO of the hosting agency.

If this documentation is not in the possession of the IAO, this is a finding.
Fix Text (F-26215r1_fix)
Acquire the data sensitivity level and security category of information published on a production web site.