National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NIST Special Publication 800-53 (Rev. 4)

Security Controls and Assessment Procedures for Federal Information Systems and Organizations

AU-13 MONITORING FOR INFORMATION DISCLOSURE

Family:
AU - AUDIT AND ACCOUNTABILITY
Class:
Priority:
P0 - Unspecified priority.
Baseline Allocation:
Low Moderate High
N/A N/A N/A

Control Description

The organization monitors [Assignment: organization-defined open source information and/or information sites] [Assignment: organization-defined frequency] for evidence of unauthorized disclosure of organizational information.

Supplemental Guidance

Open source information includes, for example, social networking sites.

Related to: PE-3SC-7

Control Enhancements

AU-13(1) MONITORING FOR INFORMATION DISCLOSURE | USE OF AUTOMATED TOOLS
The organization employs automated mechanisms to determine if organizational information has been disclosed in an unauthorized manner.
Supplemental Guidance: Automated mechanisms can include, for example, automated scripts to monitor new posts on selected websites, and commercial services providing notifications and alerts to organizations.
AU-13(2) MONITORING FOR INFORMATION DISCLOSURE | REVIEW OF MONITORED SITES
The organization reviews the open source information sites being monitored [Assignment: organization-defined frequency].

References

None.