This objective requires your organization’s access control policies and procedures to define how access to publicly accessible systems is controlled, particularly for those that may interface with Controlled Unclassified Information (CUI) or provide access to sensitive functions.