AU-13

Audit and AccountabilityRev 5organization

Monitoring for Information Disclosure

Control Statement

a. Monitor [Assignment: open-source information and/or information sites] [Assignment: frequency] for evidence of unauthorized disclosure of organizational information; and b. If an information disclosure is discovered: 1. Notify [Assignment: personnel or roles] ; and 2. Take the following additional actions: [Assignment: additional actions].

Supplemental Guidance

Unauthorized disclosure of information is a form of data leakage. Open-source information includes social networking sites and code-sharing platforms and repositories. Examples of organizational information include personally identifiable information retained by the organization or proprietary information generated by the organization.

Related Controls (6)

AC-22 PE-3 PM-12 RA-5 SC-7 SI-20

CCI Identifiers (7)

CCI-001915Defines the open source information and/or information sites to be monitored for evidence of unauthorized exfiltration or disclosure of organizational information.CCI-003837If an information disclosure is discovered, notify organization-defined personnel or roles.CCI-003838Defines the personnel or roles to be notified if an information disclosure is discovered.CCI-003839If an information disclosure is discovered, take organization-defined additional actions.CCI-003840Defines the additional actions to be taken if an information disclosure is discovered.CCI-001460Monitor organization-defined open source information and/or information sites per organization-defined frequency for evidence of unauthorized disclosure of organizational information.CCI-001461Defines a frequency for monitoring open source information and/or information sites for evidence of unauthorized exfiltration or disclosure of organizational information.

Linked STIG Checks (0)

No STIG checks reference this control.