Office of the Chief Information Officer

United States Department of Agriculture

Information Systems Security Records

Systems and data security records.  These are records related to maintaining the security of information technology (IT) systems and data. Records outline official procedures for securing and maintaining IT infrastructure and relate to the specific systems for which they were written.  This series also includes analysis of security policies, processes, and guidelines, as well as system risk management and vulnerability analyses.

Retention

Destroy 1 year(s) after system is superseded by a new iteration or when no longer needed for agency/IT administrative purposes to ensure a continuity of security controls throughout the life of the system.

GRS or Approved Records Schedule

GRS 3.2, Item 010

Disposal Authority

DAA-GRS-2013-0006-0001

Record Type

Temporary

Related Forms

 

Date Updated

7/20/2017


Computer security incident handling, reporting and follow-up records.  A computer incident within the Federal Government as defined by NIST Special Publication 800-61, Computer Security Incident Handling Guide, Revision 2, (August 2012) is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. This item covers records relating to attempted or actual system security breaches, including break-ins ("hacks," including virus attacks), improper staff usage, failure of security provisions or procedures, and potentially compromised information assets. It also includes agency reporting of such incidents both internally and externally.

Retention

Destroy 3 year(s) after all necessary follow-up actions have been completed, but longer retention is authorized if required for business use.

GRS or Approved Records Schedule

GRS 3.2, Item 020

Disposal Authority

DAA-GRS-2013-0006-0002

Record Type

Temporary

Related Forms

 

Date Updated

7/20/2017

Back to top


IT Passwords Routine Systems - These records are created as part of the user identification and authorization process to gain access to systems. Records are used to monitor inappropriate systems access by users.

Retention

Delete when business use ceases.

GRS or Approved Records Schedule

GRS 3.2, Item 030

Disposal Authority

DAA-GRS-2013-0006-0003

Record Type

Temporary

Related Forms

 

Date Updated

7/20/2017


IT Passwords Special Accountability - Systems requiring special accountability for access.  These are user identification records associated with systems which are highly sensitive and potentially vulnerable.

Retention

Destroy 6 years after password is altered or user account is terminated, but longer retention is authorized if required for business use.

GRS or Approved Records Schedule

GRS 3.2, Item 031

Disposal Authority

DAA-GRS-2013-0006-0004

Record Type

Temporary

Related Forms

 

Date Updated

7/20/2017

Back to top


System Backup Tapes, Incremental – Maintained for potential system restoration in the event of a system failure or other unintentional loss of data.

Retention

Destroy when superseded by a full backup, or when no longer needed for system restoration, whichever is later.

GRS or Approved Records Schedule

GRS 3.2, Item 040

Disposal Authority

DAA-GRS-2013-0006-0005

Record Type

Temporary

Related Forms

 

Date Updated

7/20/2017


System Backup Tapes, Full - Maintained for potential system restoration in the event of a system failure or other unintentional loss of data.

Retention

Destroy when second subsequent backup is verified as successful or when no longer needed for system restoration, whichever is later.

GRS or Approved Records Schedule

GRS 3.2, Item 041

Disposal Authority

DAA-GRS-2013-0006-0006

Record Type

Temporary

Related Forms

 

Date Updated

7/20/2017

Back to top


Backups of Files for Permanent Records - Correspondence, reports, and backups.

Retention

Destroy immediately after the identical records have been captured in a subsequent backup file or at any time after the transfer request has been signed by the National Archives, but longer retention is authorized if required for business use.

GRS or Approved Records Schedule

GRS 3.2, Item 050

Disposal Authority

DAA-GRS-2013-0006-0007

Record Type

Temporary

Related Forms

 

Date Updated

7/20/2017


Backups of Files for Temporary Records - Correspondence, reports, and backups.

Retention

Destroy immediately after the identical records have been deleted or replaced by a subsequent backup file, but longer retention is authorized if required for business use.

GRS or Approved Records Schedule

GRS 3.2, Item 051

Disposal Authority

DAA-GRS-2013-0006-0008

Record Type

Temporary

Related Forms

 

Date Updated

7/20/2017

Back to top


PKI Administrative Records – FBCA CAs

Retention

Destroy/delete when 7 years 6 months, 10 years 6 months, or 20 years 6 months old, based on the maximum level of operation of the CA, or when no longer needed for business, whichever is later.

GRS or Approved Records Schedule

GRS 3.2, Item 060

Disposal Authority

N1/GRS/07/3/13A1

Record Type

Temporary

Related Forms

 

Date Updated

7/20/2017



PKI Administrative Records – Other (non-FBCA) CAs

Retention

Destroy/delete when 7 years 6 months to 20 years 6 months old, based on the maximum level of operation of the CA, or when no longer needed for business, whichever is later.

GRS or Approved Records Schedule

GRS 3.2, Item 061

Disposal Authority

N1/GRS/07/3/13A2

Record Type

Temporary

Related Forms

 

Date Updated

7/20/2017

Back to top


PKI Administrative Records – Specific records

Retention

Destroy/delete when 7 years 6 months to 20 years 6 months old, based on the maximum level of operation of the appropriate CA and after the information record the PKI is designed to protect and/or access is destroyed according to an authorized schedule, or in the case of permanent records, when the record is transferred to NARA legal custody. Longer retention is authorized if the agency determines that transaction-specific PKI records are needed for a longer period.

GRS or Approved Records Schedule

GRS 3.2, Item 062

Disposal Authority

N1/GRS/07/3/13B

Record Type

Temporary

Related Forms

 

Date Updated

7/20/2017