UCF STIG Viewer Logo

AC-23 DATA MINING PROTECTION


Overview

Number Title Impact Priority Subject Area
AC-23 Data Mining Protection P0 Access Control

Instructions
The organization employs Assignment: organization-defined data mining prevention and detection techniques for Assignment: organization-defined data storage objects to adequately detect and protect against data mining.
Guidance
Data storage objects include, for example, databases, database records, and database fields. Data mining prevention and detection techniques include, for example: (i) limiting the types of responses provided to database queries; (ii) limiting the number/frequency of database queries to increase the work factor needed to determine the contents of such databases; and (iii) notifying organizational personnel when atypical database queries or accesses occur. This control focuses on the protection of organizational information from data mining while such information resides in organizational data stores. In contrast, AU-13 focuses on monitoring for organizational information that may have been mined or otherwise obtained from data stores and is now available as open source information residing on external sites, for example, through social networking or social media websites.

Enhancements