CCI-001678

The organization retains information within the information system and information output from the system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and operational requirements.

Implementation Guidance

The organization being inspected/assessed identifies and documents federal laws, Executive Orders, directives, policies, regulations, standards, and operational requirements which apply to the information within the information system. The organization documents and implements a process to retain information IAW those documented federal laws, Executive Orders, directives, policies, regulations, standards, and operational requirements.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented list of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and operational requirements which apply to the information within the information system, as well as the documented process for information retention to ensure the organization being inspected/assessed retains information within the information system and information output from the system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and operational requirements.

Compelling Evidence

1.) Signed and dated System security plan. 2.) Documentation pertaining to list of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and operational requirements within the information system and documented processes. 3.) Process documentation for handling information within the information system and information output from the system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and operational requirements.

The controls below (if any) were marked by NIST as being related to CCI-001678.