RA-5(4)

  • Requirement

    Determine information about the system that is discoverable and take [Assignment: organization-defined corrective actions].

  • Discussion

    Discoverable information includes information that adversaries could obtain without compromising or breaching the system, such as by collecting information that the system is exposing or by conducting extensive web searches. Corrective actions include notifying appropriate organizational personnel, removing designated information, or changing the system to make the designated information less relevant or attractive to adversaries. This enhancement excludes intentionally discoverable information that may be part of a decoy capability (e.g., honeypots, honeynets, or deception nets) deployed by the organization.

More Info

  • Title

    Vulnerability Monitoring and Scanning | Discoverable Information
  • Family

    Risk Assessment
  • NIST 800-53B Baseline(s)

    • High
  • Related NIST 800-53 ID

    AU-13;SC-26

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!