|
controlSI-12
Information Management and Retention (SI-12)
Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and operational requirements.
Security Baselines
LOWMODERATEHIGH
integritymalwareflaw-remediationmonitoring
Why These Connect
Baselined In3
This control is included in the linked security baseline (LOW, MODERATE, or HIGH).
Supports107
These related controls work together — a change to one may affect the others.
Enhances3
These enhancements add specific capabilities or refinements to the base control.
Related Controls(55)
AC-1Policy and Procedures (AC-1)
LMH
AC-16Security and Privacy Attributes (AC-16)AT-1Policy and Procedures (AT-1)LMH
AT-4Training Records (AT-4)LMH
AU-1Policy and Procedures (AU-1)LMH
AU-5Response to Audit Logging Process Failures (AU-5)LMH
AU-11Audit Record Retention (AU-11)LMH
CA-1Policy and Procedures (CA-1)LMH
CA-2Control Assessments (CA-2)LMH
CA-3Information Exchange (CA-3)LMH
CA-5Plan of Action and Milestones (CA-5)LMH
CA-6Authorization (CA-6)LMH
CA-7Continuous Monitoring (CA-7)LMH
CA-9Internal System Connections (CA-9)LMH
CM-1Policy and Procedures (CM-1)LMH
CM-9Configuration Management Plan (CM-9)MH
CP-1Policy and Procedures (CP-1)LMH
CP-2Contingency Plan (CP-2)LMH
IA-1Policy and Procedures (IA-1)LMH
IR-1Policy and Procedures (IR-1)LMH
IR-8Incident Response Plan (IR-8)LMH
MA-1Policy and Procedures (MA-1)LMH
MP-1Policy and Procedures (MP-1)LMH
MP-2Media Access (MP-2)LMH
MP-3Media Marking (MP-3)MH
MP-4Media Storage (MP-4)MH
MP-6Media Sanitization (MP-6)LMH
PE-1Policy and Procedures (PE-1)LMH
PL-1Policy and Procedures (PL-1)LMH
PL-2System Security and Privacy Plans (PL-2)LMH
PL-4Rules of Behavior (PL-4)LMH
PL-7Concept of Operations (PL-7)PM-1Information Security Program Plan (PM-1)PM-4Plan of Action and Milestones Process (PM-4)PM-8Critical Infrastructure Plan (PM-8)PM-9Risk Management Strategy (PM-9)PM-25Minimization of Personally Identifiable Information Used in Testing, Training, and Research (PM-25)PM-31Continuous Monitoring Strategy (PM-31)PS-1Policy and Procedures (PS-1)LMH
PS-2Position Risk Designation (PS-2)LMH
PS-6Access Agreements (PS-6)LMH
PT-2Authority to Process Personally Identifiable Information (PT-2)PT-3Personally Identifiable Information Processing Purposes (PT-3)RA-1Policy and Procedures (RA-1)LMH
RA-2Security Categorization (RA-2)LMH
RA-3Risk Assessment (RA-3)LMH
SA-1Policy and Procedures (SA-1)LMH
SA-5System Documentation (SA-5)LMH
SC-1Policy and Procedures (SC-1)LMH
SI-1Policy and Procedures (SI-1)LMH
CM-5Access Restrictions for Change (CM-5)LMH
SA-8Security and Privacy Engineering Principles (SA-8)LMH
SR-2Supply Chain Risk Management Plan (SR-2)LMH
SI-19De-identification (SI-19)SR-1Policy and Procedures (SR-1)LMH