Description
Refresh [Assignment: organization-defined parameters] at [Assignment: organization-defined parameters] or generate the information on demand and delete the information when no longer needed.
Supplemental Guidance
Retaining information for longer than it is needed makes it an increasingly valuable and enticing target for adversaries. Keeping information available for the minimum period of time needed to support organizational missions or business functions reduces the opportunity for adversaries to compromise, capture, and exfiltrate that information.
Changes from Rev 4
New control in Rev 5.
Compliance Mappings
BSI IT-Grundschutz
APP.3.1
FINMA Circular 2023/1
IV.E(84)
EU DORA
Art.13(1)
RBI CSF
Annex1.15
IOSCO Cyber Resilience
LE-3SA-1