AU-13: MONITORING FOR INFORMATION DISCLOSURE
NOT SELECTED FOR INDUSTRIAL CONTROL SYSTEMS
The organization monitors [Assignment: organization-defined open source information and/or information sites] [Assignment: organization-defined frequency] for evidence of unauthorized disclosure of organizational information.
Open source information includes, for example, social networking sites.
RELATED CONTROLS: AU-13
AU-13 (1) MONITORING FOR INFORMATION DISCLOSURE | USE OF AUTOMATED TOOLS
The organization employs automated mechanisms to determine if organizational information has been disclosed in an unauthorized manner.
Automated mechanisms can include, for example, automated scripts to monitor new posts on selected websites, and commercial services providing notifications and alerts to organizations.
AU-13 (2) MONITORING FOR INFORMATION DISCLOSURE | REVIEW OF MONITORED SITES
The organization reviews the open source information sites being monitored [Assignment: organization-defined frequency].
Supplemental Guidance: NONE
- NIST Special Publication 800-82 | GUIDE TO INDUSTRIAL CONTROL SYSTEMS (ICS) SECURITY