CMMC Practice Requirement:

Implement a policy restricting the publication of “Controlled Unclassified Information” (CUI) on externally-owned publicly accessible websites (e.g., Forums, LinkedIn, Facebook, Twitter, etc.).

CMMC Requirement Explanation:

“Controlled Unclassified Information” (CUI) must only be accessible to authorized persons, by posting “Controlled Unclassified Information” (CUI) publicly it is accessible to everyone.

Example CMMC Implementation:

Create a policy restricting employees from posting “Controlled Unclassified Information” (CUI) onto public websites. Examples include social media, blogs, and forums. This includes discussing “Controlled Unclassified Information” (CUI) in private messages on those sites.


- Scenario 1:

You have a security policy document that all employees must sign off on. One of the policies states that employees are prohibited from posting “Controlled Unclassified Information” (CUI) onto public websites.

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance