SI-21: Information Refresh

SI-21 · Information Refresh

Control Description

Refresh {{ insert: param, si-21_odp.01 }} at {{ insert: param, si-21_odp.02 }} or generate the information on demand and delete the information when no longer needed.

Impact Baselines

Security baselines where this control applies

Not in any baseline

Control Properties

SP800-53

organization

Assurance

Control Statement

The control requirements

Refresh {{ insert: param, si-21_odp.01 }} at {{ insert: param, si-21_odp.02 }} or generate the information on demand and delete the information when no longer needed.

Supplemental Guidance

Retaining information for longer than it is needed makes it an increasingly valuable and enticing target for adversaries. Keeping information available for the minimum period of time needed to support organizational missions or business functions reduces the opportunity for adversaries to compromise, capture, and exfiltrate that information.

Related NIST Controls

Other NIST 800-53 controls related to this one

SI-14

References

Office of Management and Budget Memorandum Circular A-130, *Managing Information as a Strategic Resource* , July 2016.

Ross RS, Pillitteri VY, Graubart R, Bodeau D, McQuaid R (2019) Developing Cyber Resilient Systems: A Systems Security Engineering Approach. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-160, Vol. 2.