CCI-003843

Employ discovery techniques, processes, and tools to determine if external entities are replicating organizational information in an unauthorized manner.

Implementation Guidance

Determine if discovery techniques, processes, and tools are employed to determine if external entities are replicating Organizational information in an unauthorized manner.

Validation Procedures

Examine: [SELECT FROM: Audit and accountability policy; system security plan; privacy plan; procedures addressing information disclosure monitoring; procedures addressing information replication; system design documentation; system configuration settings and associated documentation; system audit records; training resources for staff to recognize the unauthorized use of organizational information; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for monitoring unauthorized replication of information; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Discovery tools for identifying unauthorized information replication].

The controls below (if any) were marked by NIST as being related to CCI-003843.