AU-13 - Monitoring for Information Disclosure
Control requirements
AU-13 (a)
Monitor [Assignment: organization-defined open-source information and/or information sites] [IBM Assignment: weekly] for evidence of unauthorized disclosure of organizational information.
AU-13 (b)
If an information disclosure is discovered:
- Notify [Assignment: organization-defined personnel or roles]; and
- Take the following additional actions: [Assignment: organization-defined additional actions].
NIST supplemental guidance
Unauthorized disclosure of information is a form of data leakage. Open-source information includes social networking sites and code-sharing platforms and repositories. Examples of organizational information include personally identifiable information retained by the organization or proprietary information generated by the organization.