IR-04 (06) Insider Threats - Specific Capabilities
Introduction
This document describes how Private Mendix Platform fulfills the IR-04 (06) control.
| Control ID | IR-04 (06) |
|---|---|
| Control category | IR - Incident Response |
| Requirement baseline | FEDRAMP MODERATE |
| Responsibility and ownership | Mendix - Operator, Customer - Infra |
Control
The organization implements incident handling capability for insider threats.
Supplemental Guidance
While many organizations address insider threat incidents as an inherent part of their organizational incident response capability, this control enhancement provides additional emphasis on this type of threat and the need for specific incident handling capabilities (as defined within organizations) to provide appropriate and timely responses.
Responsibility
Customer Responsibility
The customer is responsible for defining incident handling capabilities for insider threats and directing how these capabilities should be implemented. They ensure that the infrastructure, application, and components are aligned to support these requirements.
Guidance
Customer Responsibility
It is the responsibility of the customer to dictate incident handling capabilities for insider threats.
It is the responsibility of the Infra Implementer, and App Implementer to ensure the Mendix App, infrastructure, and components support the insider threat incident handling capabilities as dictated by the customer.