Build direct within the application the ability to deploy a privacy and security banner to external users of the ProjectWise suite of applications & services. This should include all aspects of the ProjectWise environment: ProjectWise Explorer, Bentley CONNECT services, ProjectWise 365 services, Infrastructure Cloud services, any other cloud services which integrate within the ProjectWise suite, and lastly, both on-premises and Bentley hosted deployments.

This change request is in direct reference to the National Institute of Standards and Technology (NIST) Special Publication 800-171 (“NIST 800-171” or “NIST”) revision 2 security framework and NIST 800-171A Assessment Guide. A security audit against this publication may result in a finding against requirement 3.1.9 which requires privacy and security notices be displayed before individuals log in to organizational systems. While internal employees from an organization may receive a security and privacy notices upon authentication into their organizations network which then enables access to ProjectWise, authorized subconsultants and clients who access the ProjectWise application directly via a publicly available interface do not receive privacy and security notices when accessing the system.

Lack of privacy and security banners displayed before external users log into systems, could lead to difficulties defending against legal hearings related to security or privacy breaches as well as non-compliance with NIST800-171.