← Controls / SC

SC-04 Information Remnance

System and Communications Protection

Low Moderate High

Description

The information system prevents unauthorized and unintended information transfer via shared system resources.

Supplemental Guidance

Control of information system remnance, sometimes referred to as object reuse, or data remnance, prevents information, including encrypted representations of information, produced by the actions of a prior user/role (or the actions of a process acting on behalf of a prior user/role) from being available to any current user/role (or current process) that obtains access to a shared system resource (e.g., registers, main memory, secondary storage) after that resource has been released back to the information system.

Enhancements

(0) None.

MITRE ATT&CK Techniques (29)

ATT&CK v16.1

Techniques mitigated by this control, mapped via CTID.

Reconnaissance 1 Defense Evasion 5 Credential Access 12 Discovery 1 Lateral Movement 1 Collection 7 Exfiltration 1 Impact 4

Compliance Mappings

NIST CSF 2.0

PR.DS-10

ANSSI

Hygiene.19SecNumCloud.9.3

FINMA Circular 2023/1

IV.D(78)IV.E(83)

OSFI B-13

B-13.3.2

EU GDPR

Art.32(1)(a)Art.5(1)(f)

EU DORA

Art.9(4)(b)

RBI CSF

Annex1.4

FISC Security Guidelines

FISC.T5

MLPS 2.0

8.1.4.108.2

UAE IA

T7

Qatar NIA

AMCS

BoG CISD

CISD-VI

IOSCO Cyber Resilience

PROT-3

BCBS 239

Principle 2

CPMI-IOSCO PFMI

CG.PR

FFIEC IS

II.C.18

HIPAA Security Rule

§164.308(a)(4)(i)

ECB CROE

CROE.2.3.5

BOT Cyber Resilience

Ch2.4

CMMC 2.0

SC

Common Criteria

CC Part 2 — FDPCC Part 2 — FPT

FDA Cybersecurity Guidance

SA-4

OWASP MASVS v2.1

MASVS-STORAGE-2MASVS-PLATFORM-3

Basel SCO60

SCO60.64

SEC Custody (Digital Assets)

SEC-CD-04

ISO 17799 (legacy)

10.8.1

COBIT 4.1 (legacy)

None.