NIST 800-171 R-3.1.22
Control CUI on Publicly Accessible Systems
Official citation: 3.1.22
Class: core · Severity: medium
Statement of the obligation — verify against source
3.1.22
What it means
The public should never reach nonpublic information such as CUI, Privacy Act data, or proprietary information. For organization-controlled systems that the public can access (typically without logging in), designate who is authorized to post content and review all content before it's posted to ensure no nonpublic information is included.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.