IBM Cloud Docs
AU-13 - Monitoring for Information Disclosure

AU-13 - Monitoring for Information Disclosure

Control requirements

AU-13 (a)

Monitor [Assignment: organization-defined open-source information and/or information sites] [IBM Assignment: weekly] for evidence of unauthorized disclosure of organizational information.

AU-13 (b)

If an information disclosure is discovered:

  1. Notify [Assignment: organization-defined personnel or roles]; and
  2. Take the following additional actions: [Assignment: organization-defined additional actions].

NIST supplemental guidance

Unauthorized disclosure of information is a form of data leakage. Open-source information includes social networking sites and code-sharing platforms and repositories. Examples of organizational information include personally identifiable information retained by the organization or proprietary information generated by the organization.