SI-12(3)

  • Requirement

    Use the following techniques to dispose of, destroy, or erase information following the retention period: [Assignment: organization-defined techniques].

  • Discussion

    Organizations can minimize both security and privacy risks by disposing of information when it is no longer needed. The disposal or destruction of information applies to originals as well as copies and archived records, including system logs that may contain personally identifiable information.

More Info

  • Title

    Information Management and Retention | Information Disposal
  • Family

    System and Information Integrity
  • Related NIST 800-53 ID

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!