Back

Post all required information on organizational websites and ensure all hyperlinks are working.


CONTROL ID
04579
CONTROL TYPE
Data and Information Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Include website continuity procedures in the continuity plan., CC ID: 01380

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make its full name and legal status available to consumers on the website where the goods or services are offered. (§ 35(1)(a), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make its physical address and telephone number available to consumers on the website where the goods or services are offered. (§ 35(1)(b), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make its website address and e-mail address available to consumers on the website where the goods or services are offered. (§ 35(1)(c), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make any self-regulatory memberships or accreditation body memberships and their contact information available to consumers on the website where the goods or services are offered. (§ 35(1)(d), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make any Code of Conduct the suppliers follows and how to electronically access the code available to consumers on the website where the goods or services are offered. (§ 35(1)(e), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make, in the case of a legal person, the registration number, the office bearer names, and the place of registration available to consumers on the website where the goods or services are offered. (§ 35(1)(f), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make the physical address where the supplier receives legal service of documents available to consumers on the website where the goods or services are offered. (§ 35(1)(g), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make a description of the main characteristics of the goods or services available to consumers on the website where the goods or services are offered. (§ 35(1)(h), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make the full price of the goods or services, including shipping costs, taxes, and any other costs or fees available to consumers on the website where the goods or services are offered. (§ 35(1)(i), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make the method of payment available to consumers on the website where the goods or services are offered. (§ 35(1)(j), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make any terms of agreement, including guarantees, and how to access, store, and reproduce them electronically available to consumers on the website where the goods or services are offered. (§ 35(1)(k), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make the time the goods will be shipped or delivered or the services will be completed available to consumers on the website where the goods or services are offered. (§ 35(1)(l), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make the way and the time period the consumer can access and maintain a full record of the transaction available to consumers on the website where the goods or services are offered. (§ 35(1)(m), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make the return, refund, and exchange policy available to consumers on the website where the goods or services are offered. (§ 35(1)(n), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make any Alternative Dispute Resolution procedures and how to access them electronically available to consumers on the website where the goods or services are offered. (§ 35(1)(o), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make its security procedures and privacy policy with respect to personal information, payment information, and payments available to consumers on the website where the goods or services are offered. (§ 35(1)(p), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make the minimum time of the agreement for the supply of products or services on an ongoing basis available to consumers on the website where the goods or services are offered. (§ 35(1)(q), The Electronic Communications and Transactions Act, 2002)
  • A supplier who offers goods or services for hire, sale, or exchange via electronic transactions shall make the consumer's rights available to them on the website where the goods or services are offered. (§ 35(1)(r), The Electronic Communications and Transactions Act, 2002)
  • posting prominent notices on the relevant part(s) of the websites for the attention of the customers who use the channel if the channel is not for urgent submission of information (e.g. reporting of fraud or suspicious transactions). (§ 6.2.1(iv), Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, v.2)
  • In addition, organisations must make their privacy policies reflecting the Principles public (or, in the case of human resources data, make them readily available to the concerned individuals) and provide links to the DoC's website (with further details on certification, the rights of data subjects … (2.2.4 (28), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • Website content (e.g., web pages, articles, images) should be protected against corruption or unauthorized disclosure by restricting updates to authorized individuals. (CF.04.02.03c-1, The Standard of Good Practice for Information Security)
  • Website content (e.g., web pages, articles, images) should be protected against corruption or unauthorized disclosure by reviewing content to ensure that hyperlinks are valid and functional. (CF.04.02.03d-2, The Standard of Good Practice for Information Security)
  • Website content (e.g., web pages, articles, images) should be protected against corruption or unauthorized disclosure by performing regular checks to ensure that website content is not offensive. (CF.04.02.03e-2, The Standard of Good Practice for Information Security)
  • Website content (e.g., web pages, articles, images) should be protected against corruption or unauthorized disclosure by performing regular checks to ensure that website content is not in breach of legal and regulatory requirements. (CF.04.02.03e-3, The Standard of Good Practice for Information Security)
  • Website content (e.g., web pages, articles, images) should be protected against corruption or unauthorized disclosure by restricting updates to authorized individuals. (CF.04.02.03c-1, The Standard of Good Practice for Information Security, 2013)
  • Website content (e.g., web pages, articles, images) should be protected against corruption or unauthorized disclosure by reviewing content to ensure that hyperlinks are valid and functional. (CF.04.02.03d-2, The Standard of Good Practice for Information Security, 2013)
  • Website content (e.g., web pages, articles, images) should be protected against corruption or unauthorized disclosure by performing regular checks to ensure that website content is not offensive. (CF.04.02.03e-2, The Standard of Good Practice for Information Security, 2013)
  • Website content (e.g., web pages, articles, images) should be protected against corruption or unauthorized disclosure by performing regular checks to ensure that website content is not in breach of legal and regulatory requirements. (CF.04.02.03e-3, The Standard of Good Practice for Information Security, 2013)
  • Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and (AC-22c., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and (AC-22c., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • For an electronic commerce system, the website provides additional descriptive information about the nature of the goods or services that will be furnished, including the condition of the goods (new, used, or reconditioned). (Processing Integrity Prin. and Criteria Table § 2.1 a.i, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • For an electronic commerce system, the website provides additional descriptive information about the nature of the goods or services that will be furnished, including a description of the services or service contract. (Processing Integrity Prin. and Criteria Table § 2.1 a.ii, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • For electronic commerce systems, the website provides additional descriptive information about the nature of the goods or services that will be furnished, including where the information was obtained and how it was compiled. (Processing Integrity Prin. and Criteria Table § 2.1 a.iii, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • The webmaster should develop procedures for submitting information to be displayed on the organization's website. Web sites that have links for limited audiences should have access controls implemented. (App D-5, Army Regulation 380-19: Information Systems Security, February 27, 1998)
  • Testing of web-based business to validate site's content. (App A Tier 1 Objectives and Procedures Objective 6:9 Bullet 2, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)
  • Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and (AC-22c. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and (AC-22c. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and (AC-22c. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and (AC-22c., FedRAMP Security Controls High Baseline, Version 5)
  • Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and (AC-22c., FedRAMP Security Controls Low Baseline, Version 5)
  • Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and (AC-22c., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Does the Credit Union have monitoring policies and procedures that address web linking relationships? (IT - General Q 42, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Does the Credit Union display the National Credit Union Administration insurance sign on the home page and any page where it accepts deposits or opens accounts? (IT - Compliance Q 11, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Is the "equal housing lender" logo located on each Internet page where real estate-related loans are advertised? (IT - Compliance Q 12, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Does the Credit Union post its share and/or loan rates on the website? (IT - Compliance Q 14, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Is the "annual percentage yield" for shares disclosed using this term? (IT - Compliance Q 14a, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Is an effective date or expiration date disclosed on the advertised annual percentage yield? (IT - Compliance Q 14b, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Is the "annual percentage rate" or "apr" for loans disclosed using one or both of these terms? (IT - Compliance Q 14c, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Is the annual percentage rate on credit cards disclosed in at least 18-point font? (IT - Compliance Q 14d, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Are clear and conspicuous webpage disclosures furnished to explain the Credit Union's limited role and responsibility with respect to products and services offered by linked third party websites? (IT - Compliance Q 17, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Does the written website operating policy include a statement on the type of information allowed on the site? (IT - Web Site Review Q 1b, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Does the written website operating policy include a list of the approved Internet links for the website? (IT - Web Site Review Q 1c, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Does the Credit Union have the ability to make design and content changes to the website? (IT - Web Site Review Q 7, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and (AC-22c., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and (AC-22c., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and (AC-22c., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Ensures that the public has access to information about organizational privacy activities and can communicate with its senior agency official for privacy; (PM-20a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Employs publicly facing email addresses and/or phone lines to enable the public to provide feedback and/or direct questions to privacy offices regarding privacy practices. (PM-20c., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and (AC-22c., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Ensures that the public has access to information about organizational privacy activities and can communicate with its senior agency official for privacy; (PM-20a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
  • Employs publicly facing email addresses and/or phone lines to enable the public to provide feedback and/or direct questions to privacy offices regarding privacy practices. (PM-20c., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
  • Ensures that the public has access to information about organizational privacy activities and can communicate with its senior agency official for privacy; (PM-20a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Employs publicly facing email addresses and/or phone lines to enable the public to provide feedback and/or direct questions to privacy offices regarding privacy practices. (PM-20c., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and (AC-22c., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and (AC-22c., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and (AC-22c. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and (AC-22c. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and (AC-22c. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization must designate the individuals who are authorized to post information onto the publicly accessible organizational Information System. (SG.AC-20 Requirement 1, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization must review the content of the publicly accessible information to check for nonpublic information before posting onto the Information System. (SG.AC-20 Requirement 3, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization must review the publicly accessible content for nonpublic information on a defined frequency. (SG.AC-20 Requirement 4, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization must remove any nonpublic information it discovers on the publicly accessible system. (SG.AC-20 Requirement 5, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization must review proposed content of publicly accessible information for nonpublic information prior to posting. (App F § AC-22.c, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization must review the content of the publicly accessible systems for nonpublic information on a predetermined frequency. (App F § AC-22.d, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization must remove any nonpublic information from publicly accessible systems when it is located. (App F § AC-22.e, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included. (AC-22c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization reviews the content on the publicly accessible information system for nonpublic information {organizationally documented frequency} and removes such information, if discovered. (AC-22d., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included. (AC-22c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization reviews the content on the publicly accessible information system for nonpublic information {organizationally documented frequency} and removes such information, if discovered. (AC-22d., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included. (AC-22c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization reviews the content on the publicly accessible information system for nonpublic information {organizationally documented frequency} and removes such information, if discovered. (AC-22d., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included. (AC-22c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization reviews the content on the publicly accessible information system for nonpublic information {organizationally documented frequency} and removes such information, if discovered. (AC-22d., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and (AC-22c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and (AC-22c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and (AC-22c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and (AC-22c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Ensures that the public has access to information about organizational privacy activities and can communicate with its senior agency official for privacy; (PM-20a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Employs publicly facing email addresses and/or phone lines to enable the public to provide feedback and/or direct questions to privacy offices regarding privacy practices. (PM-20c., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and (AC-22c., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Ensures that the public has access to information about organizational privacy activities and can communicate with its senior agency official for privacy; (PM-20a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Employs publicly facing email addresses and/or phone lines to enable the public to provide feedback and/or direct questions to privacy offices regarding privacy practices. (PM-20c., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Review the proposed content of information prior to posting onto the publicly accessible system to ensure that nonpublic information is not included; and (AC-22c., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and (AC-22c., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • A business that, acting as a third party, controls the collection of personal information about a consumer may satisfy its obligation under subdivision (a) by providing the required information prominently and conspicuously on the homepage of its internet website. In addition, if a business acting a… (§ 1798.100 (b), California Civil Code Division 3 Part 4 Title 1.81.5 California Consumer Privacy Act of 2018, Amended November 3, 2020)
  • The link to the web page does not degrade the consumer's experience on the web page the consumer intends to visit and has a similar look, feel, and size relative to other links on the same web page. (§ 1798.135 (b)(2)(B), California Civil Code Division 3 Part 4 Title 1.81.5 California Consumer Privacy Act of 2018, Amended November 3, 2020)
  • For a covered entity that is the judicial branch, the Executive Office of the Governor, the Department of Financial Services, or the Department of Agriculture and Consumer Services, in lieu of providing the written notice to the department, the covered entity may post the information described in su… (¶ 501.171(3)(e), Florida Statutes, Title XXXII, Chapter 501, Section 501.171, Security of confidential personal information)
  • A controller that operates a search engine shall make available, in an easily accessible location on the webpage which does not require a consumer to log in or register to read, an up-to-date plain language description of the main parameters that are individually or collectively the most significant… (§ 501.71(4), Florida Statutes, Title XXXIII, Chapter 501, Sections 701-721, Florida Digital Bill of Rights)
  • A controller that operates a search engine shall make available, in an easily accessible location on the webpage which does not require a consumer to log in or register to read, an up-to-date plain language description of the main parameters that are individually or collectively the most significant… (§ 501.71(4), Florida Statutes, Title XXXIII, Chapter 501, Sections 701-721, Florida Digital Bill of Rights)
  • Each state agency that maintains a state agency website shall adopt an internet privacy policy which shall, at a minimum, include the information required by the model internet privacy policy. Each state agency shall post its internet privacy policy on its website. Such posting shall include a consp… (§ 203.2, New York State Technology Law, Article 2 Internet Security and Privacy Act)
  • Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and (AC-22c., TX-RAMP Security Controls Baseline Level 1)
  • Reviews the proposed content of information prior to posting onto the publicly accessible information system to ensure that nonpublic information is not included; and (AC-22c., TX-RAMP Security Controls Baseline Level 2)