G.3.3 Information disclosure

Control Details

Objective

Contract language requires that a vendor monitors for information disclosure and notifies the enterprise of information disclosure.

Definition

Unauthorized disclosure of information is a form of data leakage. Monitoring should be in place for contractor systems to detect the unauthorized disclosure of any data, and contract language should include a requirement that vendors notify of unauthorized disclosure of information.

Assessment Questions

1. What kind of contract language is in place to stipulate that contractor systems conduct monitoring to detect unauthorized disclosure of any data?
2. What kind of contract language is in place to require that vendors notify of unauthorized disclosure?

Reference sources

1. 800-161 AU-13