Navigate

AU-13

AU-13: Monitoring for Information Disclosure

The organization monitors [organization-defined open source information and/or information sites] [organization-defined frequency] for evidence of unauthorized disclosure of organizational information.

Supplemental

Open source information includes, for example, social networking sites.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
NC3

CSF Categories
DE.CM-3, PR.PT-1

Related Controls

The controls below (if any) were marked by NIST as being related to AU-13.

Control	Description
PE-3	The organization: a: Enforces physical access authorizations at [organization-defined entry/exit points to the facility where the information system resides] by; 1: Verifying individual access authorizations before granting access to the facility; and 2: Controlling ingress/egress to the facility using [one or more of {{ insert: param, pe-3_prm_3 }} /guards]; b: Maintains physical access audit logs for [organization-defined entry/exit points]; c: Provides [organization-defined security safeguards] to control access to areas within the facility officially designated as publicly accessible; d: Escorts visitors and monitors visitor activity [organization-defined circumstances requiring visitor escorts and monitoring]; e: Secures keys, combinations, and other physical access devices; f: Inventories [organization-defined physical access devices] every [organization-defined frequency]; and g: Changes combinations and keys [organization-defined frequency] and/or when keys are lost, combinations are compromised, or individuals are transferred or terminated.
SC-7	The information system: a: Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system; b: Implements subnetworks for publicly accessible system components that are [] separated from internal organizational networks; and c: Connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.

Control

Description

PE-3

The organization:

a: Enforces physical access authorizations at [organization-defined entry/exit points to the facility where the information system resides] by;
- 1: Verifying individual access authorizations before granting access to the facility; and
- 2: Controlling ingress/egress to the facility using [one or more of {{ insert: param, pe-3_prm_3 }} /guards];

b: Maintains physical access audit logs for [organization-defined entry/exit points];

c: Provides [organization-defined security safeguards] to control access to areas within the facility officially designated as publicly accessible;

d: Escorts visitors and monitors visitor activity [organization-defined circumstances requiring visitor escorts and monitoring];

e: Secures keys, combinations, and other physical access devices;

f: Inventories [organization-defined physical access devices] every [organization-defined frequency]; and

g: Changes combinations and keys [organization-defined frequency] and/or when keys are lost, combinations are compromised, or individuals are transferred or terminated.

SC-7

The information system:

a: Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system;

b: Implements subnetworks for publicly accessible system components that are [] separated from internal organizational networks; and

c: Connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.

Enhancements

The controls below (if any) add on to the requirements of AU-13.

Control	Description
AU-13(1)	The organization employs automated mechanisms to determine if organizational information has been disclosed in an unauthorized manner.
AU-13(2)	The organization reviews the open source information sites being monitored [organization-defined frequency].

Related CCIs

The CCIs below are tied to AU-13.

CCI	Definition
CCI-001460	Monitor organization-defined open source information and/or information sites per organization-defined frequency for evidence of unauthorized disclosure of organizational information.
CCI-001461	Defines a frequency for monitoring open source information and/or information sites for evidence of unauthorized exfiltration or disclosure of organizational information.
CCI-001915	Defines the open source information and/or information sites to be monitored for evidence of unauthorized exfiltration or disclosure of organizational information.