Navigate

CCI-002478

CCI-002478 Definition

The organization removes organization-defined information at rest from online storage.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to remove information at rest defined in SC-28 (2), CCI 2477 from online storage.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed removes information at rest defined in SC-28 (2), CCI 2477 from online storage. Additionally, the organization conducting the inspection/assessment examines the information system to ensure that information defined in SC-28 (2), CCI 2477 is not stored on the information system.

Compelling Evidence

1.) Signed and dated System Security Plan (SSP). 2.) Backup Procedures documentation (reference 'information at rest' section).

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002478.

Control	Description
SC-28 (2)	The organization removes from online storage and stores off-line in a secure location [Assignment: organization-defined information].