RA-5 (4)

RA-5 (4) H

The organization determines what information about the information system is discoverable by adversaries and subsequently takes [Assignment: organization-defined corrective actions].

  • H RA-5 (4) [notify appropriate service provider personnel and follow procedures for organization and service provider-defined corrective actions]
Supplemental Guidance

Discoverable information includes information that adversaries could obtain without directly compromising or breaching the information system, for example, by collecting information the system is exposing or by conducting extensive searches of the web. Corrective actions can include, for example, notifying appropriate organizational personnel, removing designated information, or changing the information system to make designated information less relevant or attractive to adversaries.

Related Controls