SI-14(2)

  • Requirement

    1. [Selection: Refresh [Assignment: organization-defined information][Assignment: organization-defined frequency]; Generate [Assignment: organization-defined information] on demand]; and
    2. Delete information when no longer needed.
  • Discussion

    Retaining information longer than is needed makes the information a potential target for advanced adversaries searching for high value assets to compromise through unauthorized disclosure, unauthorized modification, or exfiltration. For system-related information, unnecessary retention provides advanced adversaries information that can assist in their reconnaissance and lateral movement through the system.

More Info

  • Title

    Non-persistence | Non-persistent Information
  • Family

    System and Information Integrity
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!