CM-04 (01) Security Impact Analysis - Separate Test Environments
Documents the Private Mendix Platform's compliance with the CM-04 (01) control of the NIST 800-53 framework.
NIST 800-53 Configuration Management Compliance for Private Mendix Platform
Last modified: May 22, 2026
Introduction
Documents in this section provide more information about Private Mendix Platform's compliance with the Configuration Management (CM) category of the NIST 800-53 security framework. For each applicable control, we have listed which party (Mendix or the customer) is responsible for which component or aspect.
In general, Mendix is responsible for the Private Mendix Platform, Mendix Operator, Mendix Studio Pro, Mendix Runtime, and so on. Customer responsibilities are related to infra and organization processes. For more information, refer to detailed documentation below.
CM-06(01) - Configuration Settings (Automated Central Management, Application, Verification)
Documents the Private Mendix Platform's compliance with the CM-06 (01) control of the NIST 800-53 framework.
CM-07 - Least Functionality
Documents the Private Mendix Platform's compliance with the CM-07 control of the NIST 800-53 framework.
CM-07 (01) - Least Functionality (Periodic Review)
Documents the Private Mendix Platform's compliance with the CM-0 (01) control of the NIST 800-53 framework.
CM-07 (02) - Least Functionality (Prevent Program Execution)
Documents the Private Mendix Platform's compliance with the CM-07 (02) control of the NIST 800-53 framework.
CM-08 (03) - Information System Component Inventory(Automated Unauthorized Component Detection
Documents the Private Mendix Platform's compliance with the CM-08 (03) control of the NIST 800-53 framework.
CM-10 (01) - Software Usage Restrictions (Open Source Software)
Documents the Private Mendix Platform's compliance with the CM-10 (01) control of the NIST 800-53 framework.