← Controls / SI

SI-12 Information Output Handling And Retention

System and Information Integrity

Low Moderate High Privacy

Description

The organization handles and retains output from the information system in accordance with applicable laws, Executive Orders, directives, policies, regulations, standards, and operational requirements.\n

Supplemental Guidance

None.\n

Changes from Rev 4

Title changed from 'Information Handling and Retention' Control text changes 'information handling' to 'information management' and changes the wording of the list of 'in accordance with' specifics Discussion adds recommendation to coordinate with records management personnel and references numerous other controls Incorporates data retention elements of withdrawn App J control DM-2

Enhancements

(0) None.\n

Compliance Mappings

ISO 27002:2022

5.338.10

COBIT 2019

APO14.09

CIS Controls v8

3.13.43.5

NIST CSF 2.0

ID.AM-07

SOC 2 TSC

C1.1-POF3C1.2C1.2-POF1C1.2-POF2CC6.5CC6.5-POF2P4.0P4.2P4.2-POF1P4.3P4.3-POF2P4.3-POF3PI1.5

ISO 17799 (legacy)

10.7.312.2.4

COBIT 4.1 (legacy)

DS11.1DS11.6AC5