Evaluation of Information before Publication on Department of Commerce Web Sites

Policy:

Before publishing information on Web sites, Department of Commerce organizations must ensure that the content is appropriate for dissemination and that the proposed level of access is appropriate to the content.

Scope:

All Department of Commerce Web pages.

Purpose:

To ensure that information published to Department of Commerce Web sites does not compromise the safety and security of Department of Commerce persons, programs, or assets.

Exceptions:

None.

Deadline for Implementation:

Immediate.

Discussion:

This policy requires DOC organizations to make a two-step evaluation before publishing any information to the Web:

    1. Evaluate the information for content appropriateness;
    2. Evaluate the information to determine the appropriate level of access (for example, Internet, Intranet)

These steps entail a balancing of the mission-related value of dissemination against the potential risk of publishing the information at a particular level of access.  

Chief Information Officers and program managers are required to ensure that information provided through the Web but intended for internal use only is sufficiently protected to prevent public or other unauthorized access.  

Content Appropriateness: No information should be published to the Web at all unless there is a mission-related business purpose for doing so.  This is a requirement of the Web Content Management Policy.  Where a mission-related business purpose does exist, that purpose should be balanced against any risk posed by publication.  Information about Department of Commerce people, infrastructure, plans, procedures, or programs should not be published if publication will compromise the safety and security of Commerce people, programs, or assets. Classified National Security Information (NSI) is prohibited from being placed on Department of Commerce Web sites. 

Generally, information that is personal, proprietary, confidential, sensitive, Sensitive But Unclassified, For Official Use Only, For Internal Use Only, business-identifiable, or copyrighted should not be placed on Department of Commerce Web sites without careful prior scrutiny.

Beyond those categories, an evaluation and balancing of the particular information against the particular mission-related purpose of publication should be made before publication.

Review the examples for more specific guidance on determining if particular content is appropriate for publication on the Web in a particular instance.

Level of Access: In the context of this policy, "level of access" means the scope of audience and level of security appropriate for publication.  “Scope of audience” refers to the range of permissible recipients of the information, while “level of security” refers to degree of access limitation, if any.  Some examples of scope of audience/level of security would be:  1) the general public (anyone with access to the Internet), 2) persons accessing a site from a certain range of IP (Internet Protocol) addresses, 3) persons with a password; and 4) persons in a specific physical location using particular computers.

Sometimes information that is not appropriate for a public Web site might be appropriate for a restricted intranet site.  Examples of this might be meeting minutes and office news, or plans such as IT architectures.  Consider removing individual names contained in documents before posting to a publicly available site or a loosely secured one (e.g., controlled by IP address).  This does not preclude the discretionary posting of names of individuals who, by the nature of their position and duties, frequently interact with the public or Commerce employees, such as senior management officials, public affairs officers, or heads of program offices.

For posting contact information for the public, give preference to the use of organizational designation or title and generic position e-mail addresses (e.g., office@organization.gov) over the use of personal names.

 

Revision History: 
1/22/2009: Approved.

Department of Commerce Web Advisory Council (WAC)
U.S. Department of Commerce

Send questions and comments about this page to WAC@doc.gov
Page last updated November 2, 2010