3.1.22. Publicly Accessible Content || The most mis-understood Security Requirement (L02c)
3.1.22, Publicly Accessible Content, is one of the most misunderstood and overlooked requirements in NIST SP 800-171. Because the requirement applies to normally out-of-scope components, organizations and their Information Security & Technology teams struggle with first understanding it, let alone fulfilling it. This is why the requirement, albeit a DoDAM one-pointer, is not eligible for a POA&M under the proposed CMMC rule. This talk looks at the requirement; a simple procedure to fulfill it; and evidence an organization should have to demonstrate conformity.