KSI-SVC-RUDImplementation guide coming soonRemoving Unwanted Data
SVC — Service Configuration
NIST 800-53: si-12.3, si-18.4
- Who this is for
- Cloud service providers
- Service class
- Varies: B, C
- Implementation guidance
- Official source only
- Evidence automation
- Not published
Reviewed implementation guidance for KSI-SVC-RUD is not published yet. The official source below remains complete and authoritative.
Official FedRAMP source
Verbatim from FedRAMP/rules
Class B
**Optional:** Unwanted federal customer data is removed promptly when requested by an agency in alignment with customer agreements, including from backups if appropriate; this typically applies when a customer spills information or when a customer seeks to remove information from a service due to a change in usage.
Class C
Unwanted federal customer data is removed promptly when requested by an agency in alignment with customer agreements, including from backups if appropriate; this typically applies when a customer spills information or when a customer seeks to remove information from a service due to a change in usage.
Content provenance
Official requirement text is sourced from FedRAMP/rules . Boundera implementation guidance has not been fully reviewed for this item.