CMMC Practice SC.3.193

Implement a policy restricting the publication of CUI on externally-owned, publicly accessible websites (e.g., forums, LinkedIn, Facebook, Twitter).


CMMC Version 1.02, pg. 266

Bold Coast Security Guidance

Staff should regularly be reminded not to post CUI to social media outlets or other public facing web services. For Level 3 compliance your policy and plans must be in place to manage CUI to include prohibited storage and use means. A data handling guide as a desktop reference works great to reinforce the requirements for where and how data can be stored, processed, and/or transmitted.

Discussion From Source

CMMC Define and enforce a policy that restricts employees from publishing or posting CUI on public websites such as forums and social media outlets.


  • CMMC