a. Monitor [Assignment: organization-defined open-source information and/or information sites] [Assignment: organization-defined frequency] for evidence of unauthorized disclosure of organizational information; and
b. If an information disclosure is discovered:
1. Notify [Assignment: organization-defined personnel or roles]; and
2. Take the following additional actions: [Assignment: organization-defined additional actions].
|
|
| Control Identifier | AU-13 |
| Latest Sync Date | 19/12/24 09:18:14 |
| Discussion | Unauthorized disclosure of information is a form of data leakage. Open-source information includes social networking sites and code-sharing platforms and repositories. Examples of organizational information include personally identifiable information retained by the organization or proprietary information generated by the organization. |
| Related Controls | AC-22, PE-3, PM-12, RA-5, SC-7, SI-20. |