Navigate

SI-12(3)

SI-12(3): Information Disposal

Use the following techniques to dispose of, destroy, or erase information following the retention period: [one of ].

Supplemental

Organizations can minimize both security and privacy risks by disposing of information when it is no longer needed. The disposal or destruction of information applies to originals as well as copies and archived records, including system logs that may contain personally identifiable information.

CIA Levels
Confidentiality	low
Integrity	low
Availability	unknown

Overlays
Privacy (accountability), Privacy (high), Privacy (low), Privacy (moderate)

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-12(3).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SI-12(3).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-12(3).

CCI	Definition
CCI-005008	Use organization-defined techniques to dispose of, destroy, or erase information following the retention period.