Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family AU

AU-13Monitoring for Information Disclosure

Monitor {{ insert: param, au-13_odp.01 }} {{ insert: param, au-13_odp.02 }} for evidence of unauthorized disclosure of organizational information; and If an information disclosure is discovered: Notify {{ insert: param, au-13_odp.03 }} ; and Take the following additional actions: {{ insert: param, au-13_odp.04 }}.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 3 mapping(s) from 1 framework(s): CSF 2.0 3 (mostly)

See the full cumulative-coverage rollup →

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (6)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-200Exposure of Sensitive Information to an Unauthorized Actor10,501Monitoring directly detects unauthorized disclosure of sensitive information, enabling response to exposures.
CWE-532Insertion of Sensitive Information into Log File1,427Identifies insertion of sensitive data into logs, allowing detection of unauthorized disclosure.
CWE-209Generation of Error Message Containing Sensitive Information666Detects error messages that leak sensitive information as evidence of disclosure.
CWE-538Insertion of Sensitive Information into Externally-Accessible File or Directory93Monitors for sensitive information placed in externally accessible files or directories.
CWE-548Exposure of Information Through Directory Listing57Detects information exposure through directory listings as unauthorized disclosure.
CWE-1230Exposure of Sensitive Information Through Metadata25Identifies sensitive information exposed via metadata during disclosure monitoring.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2024-43451 KEV10.06.50.8182good
CVE-2026-220385.58.10.0043good
CVE-2026-258135.57.50.0026good
CVE-2023-331453.56.50.0862good
CVE-2023-21237 KEV10.05.50.0026good
CVE-2019-0676 KEV10.06.50.0751good
CVE-2016-3298 KEV10.06.50.3279partial
CVE-2024-300438.06.50.5466good
CVE-2025-241467.09.80.0080good
CVE-2025-154807.09.10.0031good
CVE-2022-07357.010.00.1323good
CVE-2025-240716.06.50.2507good
CVE-2023-356366.06.50.1756good
CVE-2026-22625.57.50.0239partial
CVE-2025-260015.57.50.0035good
CVE-2024-348975.57.50.0037good
CVE-2026-279345.57.50.0025good
CVE-2026-50325.57.50.0096good
CVE-2026-215325.58.20.0084good
CVE-2026-276405.57.50.0030good
CVE-2026-206495.57.50.0023good
CVE-2025-49741 UPD5.57.40.0338good
CVE-2024-328255.57.50.0202good
CVE-2023-382723.55.90.0033good
CVE-2026-55713.55.30.0047good

Other controls in family AU

AU-1 AU-10 AU-11 AU-12 AU-14 AU-15 AU-16 AU-2 AU-3 AU-4 AU-5 AU-6 AU-7 AU-8 AU-9