CCI-001915

The organization defines the open source information and/or information sites to be monitored for evidence of unauthorized exfiltration or disclosure of organizational information.

Implementation Guidance

The organization being inspected/assessed defines and documents the open source information and/or information sites to be monitored for evidence of unauthorized exfiltration or disclosure of organizational information. DoD has determined that open source information and/or information sites should be defined at the Component level, not appropriate to define at the Enterprise level. Note: The value in this control may not be used to deny reciprocal acceptance of a C&A (A&A) package.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented open source information and/or information sites to ensure the organization being inspected/assessed defines the open source information and/or information sites to be monitored for evidence of unauthorized exfiltration or disclosure of organizational information. DoD has determined that open source information and/or information sites should be defined at the Component level, not appropriate to define at the Enterprise level. Note: The value in this control may not be used to deny reciprocal acceptance of a C&A (A&A) package.

Compelling Evidence

1.) Signed and dated audit and accountability policy 2.) Applicable STIG/SRG checks

The controls below (if any) were marked by NIST as being related to CCI-001915.