← Back to catalog
RA-5(4)

Discoverable Information

Risk Assessment (RA)
Baselines
Low · Not includedModerate · Not includedHigh · Included
Description

Determine information about the system that is discoverable and take [assignment].

Discussion

Discoverable information includes information that adversaries could obtain without compromising or breaching the system, such as by collecting information that the system is exposing or by conducting extensive web searches. Corrective actions include notifying appropriate organizational personnel, removing designated information, or changing the system to make the designated information less relevant or attractive to adversaries. This enhancement excludes intentionally discoverable information that may be part of a decoy capability (e.g., honeypots, honeynets, or deception nets) deployed by the organization.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.