Navigate

RA-5 (4)

RA-5 (4): Discoverable Information

The organization determines what information about the information system is discoverable by adversaries and subsequently takes [Assignment: organization-defined corrective actions].

Supplemental

Discoverable information includes information that adversaries could obtain without directly compromising or breaching the information system, for example, by collecting information the system is exposing or by conducting extensive searches of the web. Corrective actions can include, for example, notifying appropriate organizational personnel, removing designated information, or changing the information system to make designated information less relevant or attractive to adversaries.

CIA Levels
Confidentiality	low
Integrity	low
Availability	low

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to RA-5 (4).

Control	Description
AU-13	The organization monitors [Assignment: organization-defined open source information and/or information sites] [Assignment: organization-defined frequency] for evidence of unauthorized disclosure of organizational information.

Enhancements

The controls below (if any) add on to the requirements of RA-5 (4).

Control	Description
No controls

Related CCIs

The CCIs below are tied to RA-5 (4).

CCI	Definition
CCI-001066	The organization determines what information about the information system is discoverable by adversaries.
CCI-002374	The organization defines the corrective actions when information about the information system is discoverable by adversaries.
CCI-002375	The organization takes organization-defined corrective actions when information about the information system is discoverable by adversaries.