CCI-005044

Defines the information to be refreshed at organization-defined frequencies or generate the information on demand and delete the information when no longer needed.

Implementation Guidance

Determine if the [SI-21_ODP[01]; the information to be refreshed is defined] is refreshed [SI-21_ODP[02]; the frequencies at which to refresh information are defined] or is generated on demand and deleted when no longer needed.

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; personally identifiable information processing policy; procedures addressing software and information integrity; system design documentation; system configuration settings and associated documentation; information refresh procedures; list of information to be refreshed; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel responsible for refreshing information; organizational personnel with information security and privacy responsibilities; organizational personnel with systems security engineering responsibilities; system developers]. Test: [SELECT FROM: Mechanisms for information refresh; organizational processes for information refresh].

The controls below (if any) were marked by NIST as being related to CCI-005044.