CMMC Practice SC.3.193
Implement a policy restricting the publication of CUI on externally-owned, publicly accessible websites (e.g., forums, LinkedIn, Facebook, Twitter).
Bold Coast Security Guidance
Staff should regularly be reminded not to post CUI to social media outlets or other public facing web services. For Level 3 compliance your policy and plans must be in place to manage CUI to include prohibited storage and use means. A data handling guide as a desktop reference works great to reinforce the requirements for where and how data can be stored, processed, and/or transmitted.
Define and enforce a policy that restricts employees from publishing or posting CUI on public websites such as forums and social media outlets.