Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Additional metadata
Name/Id: CMA_C1367 / CMA_C1367 Category: Operational Title: Implement Incident handling capability Ownership: Customer Description: The customer is responsible for implementing an incident handling capability for insider threats. Requirements: The customer is responsible for implementing this recommendation.
The following 8 compliance controls are associated with this Policy definition 'Implement Incident handling capability' (98e33927-8d7f-6d5f-44f5-2469b40b7215)
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators: <, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx: Learn more
The organization implements incident handling capability for insider threats.
Supplemental Guidance: While many organizations address insider threat incidents as an inherent part of their organizational incident response capability, this control enhancement provides additional emphasis on this type of threat and the need for specific incident handling capabilities (as defined within organizations) to provide appropriate and timely responses.
1503.02f2Organizational.12-02.f 02.03 During Employment
Shared
n/a
A contact in HR is appointed to handle employee security incidents and notify the CISO or a designated representative of the application of a formal employee sanctions process, identifying the individual and the reason for the sanction.
1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements
Shared
n/a
Testing exercises are planned, coordinated, executed, and documented periodically, at least annually, using reviews, analyses, and simulations to determine incident response effectiveness. Testing includes personnel associated with the incident handling team to ensure that they understand current threats and risks, as well as their responsibilities in supporting the incident handling team.
The organization implements incident handling capability for insider threats.
Supplemental Guidance: While many organizations address insider threat incidents as an inherent part of their organizational incident response capability, this control enhancement provides additional emphasis on this type of threat and the need for specific incident handling capabilities (as defined within organizations) to provide appropriate and timely responses.
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators: <, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx: Learn more