NIST 800-53 REV 5 • AUDIT AND ACCOUNTABILITY

AU-13(1)Use of Automated Tools

Monitor open-source information and information sites using {{ insert: param, au-13.01_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Automated mechanisms include commercial services that provide notifications and alerts to organizations and automated scripts to monitor new posts on websites.

Practitioner Notes

Use automated tools to monitor for unauthorized information disclosure rather than relying on manual searches. Automation covers more ground more consistently.

Example 1: Deploy SpyCloud, Have I Been Pwned (API), or Recorded Future with automated alerting. Configure the tool to monitor for your email domain, executive names, and sensitive project keywords. Set up daily automated scans and instant alerts on new findings.

Example 2: Use GitHub's secret scanning feature (for your organization's repos) and configure custom patterns for your API keys, internal domains, and project names. For external monitoring, tools like Gitmon can continuously scan public GitHub for code containing your organization's identifiers.

More Audit and Accountability Controls

AU-1 Policy and Procedures AU-2 Event Logging AU-2(1) Compilation of Audit Records from Multiple Sources AU-2(2) Selection of Audit Events by Component