NIST 800-53 SI-12 Mappings

Information management and retention requirements cover the full life cycle of information, in some cases extending beyond system disposal. Information to be retained may also include policies, procedures, plans, reports, data output from control implementation, and other types of administrative information. The National Archives and Records Administration (NARA) provides federal policy and guidance on records retention and schedules. If organizations have a records management office, consider coordinating with records management personnel. Records produced from the output of implemented controls that may require management and retention include, but are not limited to: All XX-1, AC-06(09), AT-04, AU-12, CA-02, CA-03, CA-05, CA-06, CA-07, CA-08, CA-09, CM-02, CM-03, CM-04, CM-06, CM-08, CM-09, CM-12, CM-13, CP-02, IR-06, IR-08, MA-02, MA-04, PE-02, PE-08, PE-16, PE-17, PL-02, PL-04, PL-07, PL-08, PM-05, PM-08, PM-09, PM-18, PM-21, PM-27, PM-28, PM-30, PM-31, PS-02, PS-06, PS-07, PT-02, PT-03, PT-07, RA-02, RA-03, RA-05, RA-08, SA-04, SA-05, SA-08, SA-10, SI-04, SR-02, SR-04, SR-08.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SI-12 Information Management and Retention Protects T1003 OS Credential Dumping
SI-12 Information Management and Retention Protects T1003.003 NTDS
SI-12 Information Management and Retention Protects T1020.001 Traffic Duplication
SI-12 Information Management and Retention Protects T1040 Network Sniffing
SI-12 Information Management and Retention Protects T1070 Indicator Removal on Host
SI-12 Information Management and Retention Protects T1070.001 Clear Windows Event Logs
SI-12 Information Management and Retention Protects T1070.002 Clear Linux or Mac System Logs
SI-12 Information Management and Retention Protects T1114 Email Collection
SI-12 Information Management and Retention Protects T1114.001 Local Email Collection
SI-12 Information Management and Retention Protects T1114.002 Remote Email Collection
SI-12 Information Management and Retention Protects T1114.003 Email Forwarding Rule
SI-12 Information Management and Retention Protects T1119 Automated Collection
SI-12 Information Management and Retention Protects T1530 Data from Cloud Storage Object
SI-12 Information Management and Retention Protects T1548 Abuse Elevation Control Mechanism
SI-12 Information Management and Retention Protects T1548.004 Elevated Execution with Prompt
SI-12 Information Management and Retention Protects T1550.001 Application Access Token
SI-12 Information Management and Retention Protects T1552 Unsecured Credentials
SI-12 Information Management and Retention Protects T1552.004 Private Keys
SI-12 Information Management and Retention Protects T1557 Adversary-in-the-Middle
SI-12 Information Management and Retention Protects T1557.002 ARP Cache Poisoning
SI-12 Information Management and Retention Protects T1558 Steal or Forge Kerberos Tickets
SI-12 Information Management and Retention Protects T1558.002 Silver Ticket
SI-12 Information Management and Retention Protects T1558.003 Kerberoasting
SI-12 Information Management and Retention Protects T1558.004 AS-REP Roasting
SI-12 Information Management and Retention Protects T1565 Data Manipulation
SI-12 Information Management and Retention Protects T1565.001 Stored Data Manipulation
SI-12 Information Management and Retention Protects T1565.002 Transmitted Data Manipulation
SI-12 Information Management and Retention Protects T1602 Data from Configuration Repository
SI-12 Information Management and Retention Protects T1602.001 SNMP (MIB Dump)
SI-12 Information Management and Retention Protects T1602.002 Network Device Configuration Dump