NIST 800-53 REV 5 • AUDIT AND ACCOUNTABILITY

AU-13(3)Unauthorized Replication of Information

Employ discovery techniques, processes, and tools to determine if external entities are replicating organizational information in an unauthorized manner.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

The unauthorized use or replication of organizational information by external entities can cause adverse impacts on organizational operations and assets, including damage to reputation. Such activity can include the replication of an organizational website by an adversary or hostile threat actor who attempts to impersonate the web-hosting organization. Discovery tools, techniques, and processes used to determine if external entities are replicating organizational information in an unauthorized manner include scanning external websites, monitoring social media, and training staff to recognize the unauthorized use of organizational information.

Practitioner Notes

Detect unauthorized replication of your organization's information — when someone copies or mirrors your data without authorization.

Example 1: Use DLP policies to detect large-scale data copying. In Microsoft Purview, create a DLP rule that alerts when a user downloads or copies more than 100 files from SharePoint in a single day. This pattern often indicates data harvesting.

Example 2: Monitor your website for unauthorized scraping or mirroring. Configure your web server's rate limiting to block IPs that send more than 100 requests per minute. Review web server access logs for crawler user agents and add persistent scrapers to your WAF block list.

More Audit and Accountability Controls

AU-1 Policy and Procedures AU-2 Event Logging AU-2(1) Compilation of Audit Records from Multiple Sources AU-2(2) Selection of Audit Events by Component