myctrl.tools
Compare

AU-13(3)Unauthorized Replication Of Information

>Control Description

Employ discovery techniques, processes, and tools to determine if external entities are replicating organizational information in an unauthorized manner.

>Supplemental Guidance

The unauthorized use or replication of organizational information by external entities can cause adverse impacts on organizational operations and assets, including damage to reputation. Such activity can include the replication of an organizational website by an adversary or hostile threat actor who attempts to impersonate the web-hosting organization. Discovery tools, techniques, and processes used to determine if external entities are replicating organizational information in an unauthorized manner include scanning external websites, monitoring social media, and training staff to recognize the unauthorized use of organizational information.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of AU-13(3) (Unauthorized Replication Of Information)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring AU-13(3)?
  • How frequently is the AU-13(3) policy reviewed and updated, and what triggers policy changes?
  • What training or awareness programs ensure personnel understand their responsibilities related to AU-13(3)?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce AU-13(3) requirements.
  • What automated tools, systems, or technologies are deployed to implement AU-13(3)?
  • How is AU-13(3) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce AU-13(3) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of AU-13(3)?
  • What audit logs, records, reports, or monitoring data validate AU-13(3) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of AU-13(3) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate AU-13(3) compliance?

Ask AI

Configure your API key to use AI features.