NCSA Communications staff are authorized to post content on the NCSA website and social media about the existence and operation of Nightingale and its hardware components. IT admins are authorized to update the Status Page on the NCSA wiki about Nightingale service issues and planned maintenance windows, but not about any security concerns or attack vectors.
All articles or information about the Nightingale system or projects working on Nightingale will be vetted by the NCSA Lead of Trust, Compliance and Risk Management prior to release to verify that CUI data is not mentioned, and nothing is provided to make Nightingale a target of directed attack.
If CUI is discovered on publicly accessible systems, the Lead of Trust, Compliance and Risk Management will contact Communications to have it removed. Owners of the CUI data that was posted will be notified of any breach, with information about the data and its access logs.