AU 13 MONITORING FOR INFORMATION DISCLOSURE - NIST-SP-800-53-R5/NIST-SP-800-53-R5.github.io GitHub Wiki

AU-13 MONITORING FOR INFORMATION DISCLOSURE

Control:

  • a. Monitor [ Assignment: organization-defined open-source information and/or information sites ] [ Assignment: organization-defined frequency ] for evidence of unauthorized disclosure of organizational information; and
  • b. If an information disclosure is discovered:
    • 1 . Notify [ Assignment: organization-defined personnel or roles ]; and
    • 2 . Take the following additional actions: [ Assignment: organization-defined additional actions ].

Discussion: Unauthorized disclosure of information is a form of data leakage. Open-source information includes social networking sites and code-sharing platforms and repositories. Examples of organizational information include personally identifiable information retained by the organization or proprietary information generated by the organization.

Related Controls: AC-22, PE-3, PM-12, RA-5, SC-7, SI-20.

Control Enhancements:

  • (1) MONITORING FOR INFORMATION DISCLOSURE | USE OF AUTOMATED TOOLS
    Monitor open-source information and information sites using [ Assignment: organization-defined automated mechanisms ].

    Discussion: Automated mechanisms include commercial services that provide notifications and alerts to organizations and automated scripts to monitor new posts on websites.

    Related Controls: None.

  • (2) MONITORING FOR INFORMATION DISCLOSURE | REVIEW OF MONITORED SITES
    Review the list of open-source information sites being monitored [ Assignment: organization-defined frequency ].

    Discussion: Reviewing the current list of open-source information sites being monitored on a regular basis helps to ensure that the selected sites remain relevant. The review also provides the opportunity to add new open-source information sites with the potential to provide evidence of unauthorized disclosure of organizational information. The list of sites monitored can be guided and informed by threat intelligence of other credible sources of information.

    Related Controls: None.

  • (3) MONITORING FOR INFORMATION DISCLOSURE | UNAUTHORIZED REPLICATION OF INFORMATION
    Employ discovery techniques, processes, and tools to determine if external entities are replicating organizational information in an unauthorized manner.

    Discussion: The unauthorized use or replication of organizational information by external entities can cause adverse impacts on organizational operations and assets, including damage to reputation. Such activity can include the replication of an organizational website by an adversary or hostile threat actor who attempts to impersonate the web-hosting organization. Discovery tools, techniques, and processes used to determine if external entities are replicating organizational information in an unauthorized manner include scanning external websites, monitoring social media, and training staff to recognize the unauthorized use of organizational information.

    Related Controls: None.

References: None.

⚠️ **GitHub.com Fallback** ⚠️