NIST 800-53 r5 · Controls catalogue · Family SI
SI-12Information Management and Retention
Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and operational requirements.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (34)
- T1003 OS Credential Dumping Credential Access
- T1003.003 NTDS Credential Access
- T1020.001 Traffic Duplication Exfiltration
- T1040 Network Sniffing Credential Access, Discovery
- T1070 Indicator Removal Stealth
- T1070.008 Clear Mailbox Data Stealth
- T1114 Email Collection Collection
- T1114.001 Local Email Collection Collection
- T1114.002 Remote Email Collection Collection
- T1114.003 Email Forwarding Rule Collection
- T1119 Automated Collection Collection
- T1213.004 Customer Relationship Management Software Collection
- T1530 Data from Cloud Storage Collection
- T1548 Abuse Elevation Control Mechanism Privilege Escalation
- T1548.004 Elevated Execution with Prompt Privilege Escalation
- T1550.001 Application Access Token Lateral Movement
- T1552 Unsecured Credentials Credential Access
- T1552.004 Private Keys Credential Access
- T1557 Adversary-in-the-Middle Credential Access, Collection
- T1557.002 ARP Cache Poisoning Credential Access, Collection
- T1557.004 Evil Twin Credential Access, Collection
- T1558 Steal or Forge Kerberos Tickets Credential Access
- T1558.002 Silver Ticket Credential Access
- T1558.003 Kerberoasting Credential Access
- T1558.004 AS-REP Roasting Credential Access
- T1558.005 Ccache Files Credential Access
- T1565 Data Manipulation Impact
- T1565.001 Stored Data Manipulation Impact
- T1565.002 Transmitted Data Manipulation Impact
- T1602 Data from Configuration Repository Collection
- T1602.001 SNMP (MIB Dump) Collection
- T1602.002 Network Device Configuration Dump Collection
- T1685.005 Clear Windows Event Logs Defense Impairment
- T1685.006 Clear Linux or Mac System Logs Defense Impairment
Weaknesses this control addresses (4)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-459 | Incomplete Cleanup | 215 | Operational retention schedules mandate complete cleanup of temporary or residual sensitive data after use. |
CWE-212 | Improper Removal of Sensitive Information Before Storage or Transfer | 126 | Retention policies enforce removal or sanitization of sensitive data before storage or transfer per regulatory requirements. |
CWE-226 | Sensitive Information in Resource Not Removed Before Reuse | 30 | Explicit retention limits and destruction rules reduce the persistence of sensitive information in reusable resources. |
CWE-244 | Improper Clearing of Heap Memory Before Release ('Heap Inspection') | 19 | Information management requirements drive clearing of sensitive contents from memory prior to release or reuse. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||