>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

KSI-SVC-RUDRemoving Unwanted Data

MODERATE

Formerly KSI-SVC-10

>Control Description

Remove unwanted federal customer data promptly when requested by an agency in alignment with customer agreements, including from backups if appropriate; this typically applies when a customer spills information or when a customer seeks to remove information from a service due to a change in usage.
Defined terms:
Agency
Federal Customer Data
Promptly

>NIST 800-53 Controls

si-12.3
si-18.4

>Trust Center Components
4

Ways to express your implementation of this indicator — approaches vary by organization size, complexity, and data sensitivity.

From the field: Mature implementations express endpoint security through compliance dashboards — EDR deployment coverage and device compliance rates tracked as live metrics, with non-compliant devices automatically quarantined or restricted. Every device accessing the environment demonstrably meets security baselines.

Endpoint Compliance Dashboard

Dashboards

Dashboard expressing endpoint security posture — compliance rates, EDR deployment coverage, patch status, and threat detections

Endpoint Protection Architecture

Architecture & Diagrams

Architecture expressing endpoint protection stack — EDR, MDM, and hardening layers

Device Compliance Enforcement

Product Security Features

Automated enforcement of device compliance — non-compliant devices restricted or quarantined automatically

Automated: MDM/EDR APIs verify device compliance status and enforcement actions

Device Compliance Policy

Policies

Human-readable device compliance requirements for corporate and BYOD devices — documents intent behind automated enforcement

>Programmatic Queries

Beta
Cloud

CLI Commands

List bucket lifecycle policies
aws s3api get-bucket-lifecycle-configuration --bucket <bucket-name> --query "Rules[].{Id:ID,Status:Status,Expiration:Expiration,Transitions:Transitions}" --output json
Find buckets without lifecycle rules
for bucket in $(aws s3api list-buckets --query "Buckets[].Name" --output text); do aws s3api get-bucket-lifecycle-configuration --bucket "$bucket" 2>&1 | grep -q NoSuchLifecycleConfiguration && echo "No lifecycle: $bucket"; done
AWS S3 Documentation

>20x Assessment Focus Areas

Aligned with FedRAMP 20x Phase Two assessment methodology

Completeness & Coverage:

  • Does your data removal process cover all locations where federal customer data may reside — production databases, caches, search indexes, logs, backups, archives, CDN caches, and analytics pipelines?
  • How do you handle data removal from backups — is the data selectively removed, or are affected backup sets marked for expiration?
  • Are data removal procedures defined for both data spill scenarios and customer departure scenarios, with appropriate differences in scope and urgency?
  • How do you ensure data removal extends to third-party sub-processors or integrated services that may have received copies of the data?

Automation & Validation:

  • What automated processes execute data removal across all identified storage locations, and how quickly can production data be removed after request approval?
  • How do you validate that data removal is complete — do you run post-deletion searches across all storage tiers to confirm no remnants exist?
  • What happens if data removal from a specific location fails (e.g., backup system is unavailable, archive storage has retention locks) — how is the failure tracked and retried?
  • How do you ensure deleted data cannot be recovered from any storage medium after removal?

Inventory & Integration:

  • What data mapping or data flow documentation identifies all locations where a specific customer's data is stored, processed, or cached?
  • How does the data removal process integrate with your ticketing system to track requests from receipt through completion with full audit trail?
  • What tools support data removal across different storage technologies (relational databases, object storage, data lakes, search indexes)?
  • How does your data removal capability integrate with customer agreements to ensure alignment on definitions of 'promptly' and scope of removal?

Continuous Evidence & Schedules:

  • What is your defined SLA for data removal after an agency request, and what evidence demonstrates you have met that SLA for all past requests?
  • Is data removal request tracking (request date, completion date, locations cleared, validation results) available in structured format for assessor review?
  • How do you demonstrate that the data removal process has been tested — including removal from backups — even if no actual requests have been received?
  • What evidence shows data removal validation (post-deletion search results) is performed for every removal request?

Update History

2026-02-04Removed italics and changed the ID as part of new standardization in v0.9.0-beta; no material changes.

Ask AI

Configure your API key to use AI features.