CCI-002478
CCI-002478 Definition
Remove organization-defined information from online storage.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents and implements a process to remove information at rest defined in SC-28 (2), CCI 2477 from online storage.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed removes information at rest defined in SC-28 (2), CCI 2477 from online storage. Additionally, the organization conducting the inspection/assessment examines the information system to ensure that information defined in SC-28 (2), CCI 2477 is not stored on the information system.
Compelling Evidence
1.) Signed and dated System Security Plan (SSP). 2.) Backup Procedures documentation (reference 'information at rest' section).