CCI-003840

Implementation Guidance

Determine if [AU-13_ODP[04]; additional actions to be taken if an information disclosure is discovered are defined] are taken if an information disclosure is discovered.

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; system security plan; privacy plan; procedures addressing information disclosure monitoring; system design documentation; system configuration settings and associated documentation; monitoring records; system audit records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for monitoring open-source information and/or information sites; organizational personnel with security and privacy responsibilities]. Test: [SELECT FROM: Mechanisms implementing monitoring for information disclosure].