IR-04 (01) Automated Incident Handling Processes
Introduction
This document describes how Private Mendix Platform fulfills the IR-04 (01) control.
| Control ID | IR-04 (01) |
|---|---|
| Control category | IR - Incident Response |
| Requirement baseline | FEDRAMP MODERATE |
| Responsibility and ownership | Mendix - Operator, Customer - Infra |
Control
The organization employs automated mechanisms to support the incident handling process.
Supplemental Guidance
Automated mechanisms supporting incident handling processes include, for example, online incident management systems.
Responsibility
Customer Responsibility
The customer is responsible for selecting the automated mechanisms and tools for handling security incidents and directing their integration. They ensure that these tools are properly implemented and continuously integrated into both the infrastructure and the application throughout the system lifecycle.
Guidance
Customer Responsibility
It is the responsibility of the Customer to determine what automated mechanisms and tools should be used to handle security incidents.
It is the responsibility of the Infra Implementer to integrate these tools into the infrastructure as directed by the Customer.
It is the responsibility of the App Implementer to integrate these tools into the Mendix App as directed by the Customer.
It is the responsibility of the Infra Operator and App Operator to ensure proper ongoing integration of automated incident response mechanisms with the infrastructure and Mendix App throughout the lifecycle of the system.