NIST 800-53 System and Communications Protection Compliance for Private Mendix Platform
Last modified: June 2, 2026
Introduction
Documents in this section provide more information about Private Mendix Platform's compliance with the System and Communications Protection (SC) category of the NIST 800-53 security framework. For each applicable control, we have listed which party (Mendix or the customer) is responsible for which component or aspect.
In general, Mendix is responsible for the Private Mendix Platform, Mendix Operator, Mendix Studio Pro, Mendix Runtime, and so on. Customer responsibilities are related to infra and organization processes. For more information, refer to detailed documentation below.
- SC-02 System and Communications Protection - Application Partitioning
- SC-04 System and Communications Protection - Information in Shared Resources
- SC-07 System and Communications Protection - Boundary Protection
- SC-07 (10) System and Communications Protection - Boundary Protection Prevent Unauthorized Exfiltration
- SC-07 (11) System and Communications Protection - Boundary Protection - Restrict Incoming Communications Traffic
- SC-07 (12) System and Communications Protection - Boundary Protection - Host-Based Protection
- SC-07 (14) System and Communications Protection - Boundary Protection - Protects Against Unauthorized Physical Connections
- SC-08 System and Communications Protection - Transmission Confidentiality and Integrity
- SC-08 (01) System and Communications Protection - Transmission Confidentiality and Integrity- Cryptographic or Alternate Physical Protection
- SC-08 (02) System and Communications Protection - Transmission Confidentiality and Integrity- Pre/Post Transmission Handling
- SC-10 System and Communications Protection - Network Disconnect
- SC-12 System and Communications Protection - Cryptographic Key Establishment and Management
- SC-13 System and Communications Protection - Cryptographic Protection
- SC-17 System and Communications Protection - Public Key Infrastructure Certificates
- SC-18 System and Communications Protection - Mobile Code
- SC-20 System and Communications Protection - Secure Name and Address Resolution Service (Authoritative Source)
- SC-21 System and Communications Protection - Secure Name and Address Resolution Service (Recursive or Caching Resolver)
- SC-23 System and Communications Protection - Session Authenticity
- SC-23 (01) System and Communications Protection - Session Authenticity - Invalidate Session Identifiers at Logout
- SC-23 (03) System and Communications Protection - Session Authenticity - Unique Session Identifiers with Randomness
- SC-23 (05) System and Communications Protection - Session Authenticity - Allowed Certificate Authorities
- SC-28 System and Communications Protection - Protection of Information at Rest
- SC-28 (01) System and Communications Protection - Protection of Information at Rest - Cryptographic Protection
- SC-39 System and Communications Protection - Process Isolation