NIST 800-53 REV 5 • AUDIT AND ACCOUNTABILITY

AU-13(2)Review of Monitored Sites

Review the list of open-source information sites being monitored {{ insert: param, au-13.02_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Reviewing the current list of open-source information sites being monitored on a regular basis helps to ensure that the selected sites remain relevant. The review also provides the opportunity to add new open-source information sites with the potential to provide evidence of unauthorized disclosure of organizational information. The list of sites monitored can be guided and informed by threat intelligence of other credible sources of information.

Practitioner Notes

Regularly review the sites and sources you are monitoring to ensure your coverage is current. New disclosure channels emerge regularly.

Example 1: Quarterly, review your dark web monitoring service's coverage list. Are they monitoring the latest criminal forums? Are new paste sites or leak sites included? If not, request coverage updates or supplement with additional monitoring sources.

Example 2: Maintain a watch list of sites where your data might appear. Include dark web forums, paste sites (Pastebin, Ghostbin), code repositories (GitHub, GitLab), social media, and file sharing services. Review this list semi-annually and add new sources as the threat landscape evolves.

More Audit and Accountability Controls

AU-1 Policy and Procedures AU-2 Event Logging AU-2(1) Compilation of Audit Records from Multiple Sources AU-2(2) Selection of Audit Events by Component