SI-14(2): Non-persistent Information

Parent Control:

SI-14: Non-persistence


(Not part of any baseline)

Info icon.

Control is new to this version of the control set.

Control Statement

  1. [Assignment: Refresh [Assignment: organization-defined information] [Assignment: organization-defined frequency] , Generate [Assignment: organization-defined information] on demand]; and
  2. Delete information when no longer needed.

Supplemental Guidance

Retaining information longer than is needed makes the information a potential target for advanced adversaries searching for high value assets to compromise through unauthorized disclosure, unauthorized modification, or exfiltration. For system-related information, unnecessary retention provides advanced adversaries information that can assist in their reconnaissance and lateral movement through the system.