CCI-001461

The organization defines a frequency for monitoring open source information and/or information sites for evidence of unauthorized exfiltration or disclosure of organizational information.

Implementation Guidance

The organization being inspected/assessed defines and documents the frequency for monitoring open source information and/or information sites for evidence of unauthorized exfiltration or disclosure of organizational information. DoD has determined that the frequency should be defined at the Component level, not appropriate to define at the Enterprise level. Note: The value in this control may not be used to deny reciprocal acceptance of a C&A (A&A) package.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented frequency to ensure the organization being inspected/assessed defines the frequency for monitoring open source information and/or information sites for evidence of unauthorized exfiltration or disclosure of organizational information. DoD has determined that the frequency should be defined at the Component level, not appropriate to define at the Enterprise level. Note: The value in this control may not be used to deny reciprocal acceptance of a C&A (A&A) package.

Compelling Evidence

1.) Signed and dated audit and accountability policy 2.) Applicable STIG/SRG checks

The controls below (if any) were marked by NIST as being related to CCI-001461.