Skip to main content

πŸ’Ό SI-12 Information Management and Retention

Description​

Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and operational requirements.

Similar​

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/backup/01
    • /frameworks/aws-fsbp-v1.0.0/documentdb/02
    • /frameworks/aws-fsbp-v1.0.0/dynamodb/02
    • /frameworks/aws-fsbp-v1.0.0/efs/02
    • /frameworks/aws-fsbp-v1.0.0/elasticache/01
    • /frameworks/aws-fsbp-v1.0.0/emr/03
    • /frameworks/aws-fsbp-v1.0.0/neptune/05
    • /frameworks/aws-fsbp-v1.0.0/rds/11
  • Internal
    • ID: dec-c-5b37d6f4

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Backup.1] AWS Backup recovery points should be encrypted at rest
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [DocumentDB.2] Amazon DocumentDB clusters should have an adequate backup retention period
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [DynamoDB.2] DynamoDB tables should have point-in-time recovery enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EFS.2] Amazon EFS volumes should be in backup plans
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [ElastiCache.1] ElastiCache (Redis OSS) clusters should have automatic backups enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [EMR.3] Amazon EMR security configurations should be encrypted at rest
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [Neptune.5] Neptune DB clusters should have automated backups enabled
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [RDS.11] RDS instances should have automatic backups enabled

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SI-12 Information Management and Retention (L)(M)(H)
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό SI-12 Information Management and Retention (L)(M)(H)
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-07: Inventories of data and corresponding metadata for designated data types are maintained
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-08: Systems, hardware, software, services, and data are managed throughout their life cycles3

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό SI-12(1) Information Management and Retention _ Limit Personally Identifiable Information Elements
πŸ’Ό SI-12(2) Information Management and Retention _ Minimize Personally Identifiable Information in Testing, Training, and Research
πŸ’Ό SI-12(3) Information Management and Retention _ Information Disposal