MA-04 (02) Document Nonlocal Maintenance
Introduction
This document describes how Private Mendix Platform fulfills the MA-04 (02) control.
| Control ID | MA-04 (02) |
|---|---|
| Control category | MA - Maintenance |
| Requirement baseline | FEDRAMP MODERATE |
| Responsibility and ownership | Customer - Infra, Customer - Org |
Control
The organization documents in the security plan for the information system, the policies and procedures for the establishment and use of nonlocal maintenance and diagnostic connections.
Responsibility
Customer Responsibility
The documentation of the security plan for the Mendix solution, including considerations for local and non-local maintenance, is the responsibility of the customer (in collaboration with their Infra and App Implementers). The Infra and App Operators must maintain compliance with this customer-defined security plan, ensuring that the operational aspects meet the customer's specific security mandates.
Guidance
Customer Responsibility
This is not a Mendix responsibility. It is the responsibility of the customer to document the security plan for the Mendix solution in collaboration with the Infra Implementer and the App Implementer, including considering how to perform local and non-local maintenance.
It is the responsibility of the Infra Operator and App Operator to perform their tasks in compliance with the customer's security plan for the Mendix solution.