Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

au-13

monitoring for information disclosure  

assessment objective:

Determine if the organization:

au-13[1]  

defines open source information and/or information sites to be monitored for evidence of unauthorized disclosure of organizational information;

au-13[2]

defines a frequency to monitor organization-defined open source information and/or information sites for evidence of unauthorized disclosure of organizational information; and

au-13[3]

monitors organization-defined open source information and/or information sites for evidence of unauthorized disclosure of organizational information with the organization-defined frequency.

potential assessment methods and objects:

Examine: [select from: Audit and accountability policy; procedures addressing information disclosure monitoring; information system design documentation; information system configuration settings and associated documentation; monitoring records; information system audit records; other relevant documents or records].

Interview: [select from: Organizational personnel with responsibilities for monitoring open source information and/or information sites; organizational personnel with information security responsibilities].

Test: [SELECT FROM: Automated mechanisms implementing monitoring for information disclosure].