NIST 800-53 REV 5 • AUDIT AND ACCOUNTABILITY

AU-13Monitoring for Information Disclosure

Monitor {{ insert: param, au-13_odp.01 }} {{ insert: param, au-13_odp.02 }} for evidence of unauthorized disclosure of organizational information; and If an information disclosure is discovered: Notify {{ insert: param, au-13_odp.03 }} ; and Take the following additional actions: {{ insert: param, au-13_odp.04 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Unauthorized disclosure of information is a form of data leakage. Open-source information includes social networking sites and code-sharing platforms and repositories. Examples of organizational information include personally identifiable information retained by the organization or proprietary information generated by the organization.

Practitioner Notes

Monitor for your organization's information appearing in places it should not — the dark web, paste sites, public repositories, social media. If your data is being disclosed outside your control, you need to know.

Example 1: Subscribe to a dark web monitoring service (Recorded Future, Flashpoint, SpyCloud). These services monitor dark web forums, paste sites, and criminal marketplaces for your company name, domain names, email addresses, and data patterns. Alert your security team immediately on any match.

Example 2: Set up Google Alerts for your company name, key executive names, and project names. Monitor GitHub for any code repositories that might contain your source code or credentials. Use tools like TruffleHog or GitLeaks to scan public repositories for your organization's secrets.

More Audit and Accountability Controls

AU-1 Policy and Procedures AU-2 Event Logging AU-2(1) Compilation of Audit Records from Multiple Sources AU-2(2) Selection of Audit Events by Component