AU-13: Monitoring For Information Disclosure

CSF v1.1 References:

PF v1.0 References:

Threats Addressed:

Baselines:

  • Low

    N/A

  • Moderate

    N/A

  • High

    N/A

Next Version:

Control Statement

The organization monitors [Assignment: organization-defined open source information and/or information sites] [Assignment: organization-defined frequency] for evidence of unauthorized disclosure of organizational information.

Supplemental Guidance

Open source information includes, for example, social networking sites.

Control Enhancements

AU-13(1): Use Of Automated Tools

Baseline(s):

(Not part of any baseline)

The organization employs automated mechanisms to determine if organizational information has been disclosed in an unauthorized manner.

AU-13(2): Review Of Monitored Sites

Baseline(s):

(Not part of any baseline)

The organization reviews the open source information sites being monitored [Assignment: organization-defined frequency].