Description
Monitor [Assignment: organization-defined open-source information and/or information sites] [Assignment: organization-defined frequency] for evidence of unauthorized disclosure of organizational information.
Supplemental Guidance
Unauthorized disclosure of information is a form of data leakage. Open-source information includes social networking sites, news outlets, and publicly accessible web pages. Examples of organizational information include information in press releases or information disclosed during interviews.
Changes from Rev 4
No significant changes from Rev 4.
Compliance Mappings
ISO 27001:2022
7.5
RBI CSF
Annex1.16
MLPS 2.0
8.1.5.2
NCA ECC
2-12
Qatar NIA
OS
CBE CSF
CD-1
CBN CSF
Part9
BoM CTRM
4.2
IOSCO Cyber Resilience
DET-1
CPMI-IOSCO PFMI
CG.DECG.SA
FFIEC IS
II.DIII.B
NYDFS 500
500.14
HIPAA Security Rule
§164.308(a)(1)(ii)(D)
ECB CROE
CROE.2.4CROE.2.7.1
EBA ICT Guidelines
3.4.5
SEBI CSCRF
DE.CM
BOT Cyber Resilience
Ch3.1
CMMC 2.0
AU
CBEST
CBEST.5
Common Criteria
CC Part 2 — FAU
Lloyd's Minimum Standards
MS8.12