AU-13(2)

Requirement

Review the list of open-source information sites being monitored [Assignment: organization-defined frequency].

Discussion

Reviewing the current list of open-source information sites being monitored on a regular basis helps to ensure that the selected sites remain relevant. The review also provides the opportunity to add new open-source information sites with the potential to provide evidence of unauthorized disclosure of organizational information. The list of sites monitored can be guided and informed by threat intelligence of other credible sources of information.

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: Audit and accountability policy; system security plan; privacy plan; procedures addressing information disclosure monitoring; system design documentation; system configuration settings and associated documentation; reviews for open-source information sites being monitored; system audit records; other relevant documents or records].

Interview

[SELECT FROM: Organizational personnel with responsibilities for monitoring open-source information sites; organizational personnel with information security and privacy responsibilities].

Test

[SELECT FROM: Mechanisms implementing monitoring for information disclosure].

ID	Assessment Objectives
AU-13(02)	the list of open-source information sites being monitored is reviewed <AU-13(02)_ODP frequency>.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!