CCI-001460

Monitor organization-defined open source information and/or information sites per organization-defined frequency for evidence of unauthorized disclosure of organizational information.

Implementation Guidance

Determine if [AU-13_ODP[01]; open-source information and/or information sites to be monitored for evidence of unauthorized disclosure of Organizational information is/are defined] is/are monitored [AU-13_ODP[02]; the frequency with which open-source information and/or information sites are monitored for evidence of unauthorized disclosure of Organizational information is defined] for evidence of unauthorized disclosure of Organizational information.

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; system security plan; privacy plan; procedures addressing information disclosure monitoring; system design documentation; system configuration settings and associated documentation; monitoring records; system audit records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for monitoring open-source information and/or information sites; organizational personnel with security and privacy responsibilities]. Test: [SELECT FROM: Mechanisms implementing monitoring for information disclosure].

The controls below (if any) were marked by NIST as being related to CCI-001460.