AU — AUDIT AND ACCOUNTABILITY
AU-13: MONITORING FOR INFORMATION DISCLOSURE
The organization monitors [Assignment: organization-defined open source information and/or information sites] [Assignment: organization-defined frequency] for evidence of unauthorized disclosure of organizational information.
SUPPLEMENTAL GUIDANCE
Open source information includes, for example, social networking sites.
RELATED CONTROLS: AU-13
CONTROL ENHANCEMENTS
AU-13 (1) MONITORING FOR INFORMATION DISCLOSURE | USE OF AUTOMATED TOOLS
The organization employs automated mechanisms to determine if organizational information has been disclosed in an unauthorized manner.
Supplemental Guidance:
Automated mechanisms can include, for example, automated scripts to monitor new posts on selected websites, and commercial services providing notifications and alerts to organizations.
AU-13 (2) MONITORING FOR INFORMATION DISCLOSURE | REVIEW OF MONITORED SITES
The organization reviews the open source information sites being monitored [Assignment: organization-defined frequency].
Supplemental Guidance: NONE
REFERENCES:
- NO REFERENCES