SI-12(3)
-
Requirement
Use the following techniques to dispose of, destroy, or erase information following the retention period: [Assignment: organization-defined techniques].
-
Discussion
Organizations can minimize both security and privacy risks by disposing of information when it is no longer needed. The disposal or destruction of information applies to originals as well as copies and archived records, including system logs that may contain personally identifiable information.
NIST 800-53A Assessment Guidance
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!