Detections
Analytics

800-53|SI-12

Title

INFORMATION HANDLING AND RETENTION

Description

The organization handles and retains information within the information system and information output from the system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and operational requirements.

Supplemental

Information handling and retention requirements cover the full life cycle of information, in some cases extending beyond the disposal of information systems. The National Archives and Records Administration provides guidance on records retention.

Reference Item Details

Related: AC-16,AU-11,AU-5,MP-2,MP-4

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Priority: P2

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.15.3.1 (L1) Ensure 'Block new requests asking to access location' is set to 'Enabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
2.4 Set 'Keep deleted mailboxes for the specified number of days' to '30'WindowsCIS Microsoft Exchange Server 2016 Mailbox v1.0.0
2.4 Set 'Keep deleted mailboxes for the specified number of days' to '30'WindowsCIS Microsoft Exchange Server 2013 Mailbox v1.1.0
3.1.21 Establish retention set size for backupsUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 2
3.1.21 Establish retention set size for backupsUnixCIS IBM DB2 v10 v1.1.0 Linux OS Level 1
3.2.1 Ensure DLP policies are enabledmicrosoft_azureCIS Microsoft 365 Foundations E3 L1 v3.1.0
3.2.11 Establish retention set size for backups - 'num_db_backups <= 100'UnixCIS IBM DB2 OS L2 v1.2.0
4.4.15 Ensure Web Server Document Root does not contain information that should be privateUnixCIS IBM WebSphere Liberty v1.0.0 L1
8.6.1 (L2) Ensure nonpersistent disks are limitedVMwareCIS VMware ESXi 7.0 v1.4.0 L2
8.6.1 Ensure nonpersistent disks are limitedVMwareCIS VMware ESXi 6.7 v1.3.0 Level 2