| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
IR-4(6) |
FedRAMP_High_R4_IR-4(6) |
FedRAMP High IR-4 (6) |
Incident Response |
Insider Threats - Specific Capabilities |
Shared |
n/a |
The organization implements incident handling capability for insider threats.
Supplemental Guidance: While many organizations address insider threat incidents as an inherent part of their organizational incident response capability, this control enhancement provides additional emphasis on this type of threat and the need for specific incident handling capabilities (as defined within organizations) to provide appropriate and timely responses. |
link |
1 |
| hipaa |
1503.02f2Organizational.12-02.f |
hipaa-1503.02f2Organizational.12-02.f |
1503.02f2Organizational.12-02.f |
15 Incident Management |
1503.02f2Organizational.12-02.f 02.03 During Employment |
Shared |
n/a |
A contact in HR is appointed to handle employee security incidents and notify the CISO or a designated representative of the application of a formal employee sanctions process, identifying the individual and the reason for the sanction. |
|
11 |
| hipaa |
1507.11a1Organizational.4-11.a |
hipaa-1507.11a1Organizational.4-11.a |
1507.11a1Organizational.4-11.a |
15 Incident Management |
1507.11a1Organizational.4-11.a 11.01 Reporting Information Security Incidents and Weaknesses |
Shared |
n/a |
The organization has implemented an insider threat program that includes a cross-discipline insider threat incident handling team. |
|
3 |
| hipaa |
1521.11c2Organizational.56-11.c |
hipaa-1521.11c2Organizational.56-11.c |
1521.11c2Organizational.56-11.c |
15 Incident Management |
1521.11c2Organizational.56-11.c 11.02 Management of Information Security Incidents and Improvements |
Shared |
n/a |
Testing exercises are planned, coordinated, executed, and documented periodically, at least annually, using reviews, analyses, and simulations to determine incident response effectiveness. Testing includes personnel associated with the incident handling team to ensure that they understand current threats and risks, as well as their responsibilities in supporting the incident handling team. |
|
16 |
| hipaa |
1525.11a1Organizational.6-11.a |
hipaa-1525.11a1Organizational.6-11.a |
1525.11a1Organizational.6-11.a |
15 Incident Management |
1525.11a1Organizational.6-11.a 11.01 Reporting Information Security Incidents and Weaknesses |
Shared |
n/a |
The organization takes disciplinary action against workforce members that fail to cooperate with federal and state investigations. |
|
6 |
| NIST_SP_800-53_R4 |
IR-4(6) |
NIST_SP_800-53_R4_IR-4(6) |
NIST SP 800-53 Rev. 4 IR-4 (6) |
Incident Response |
Insider Threats - Specific Capabilities |
Shared |
n/a |
The organization implements incident handling capability for insider threats.
Supplemental Guidance: While many organizations address insider threat incidents as an inherent part of their organizational incident response capability, this control enhancement provides additional emphasis on this type of threat and the need for specific incident handling capabilities (as defined within organizations) to provide appropriate and timely responses. |
link |
1 |
| NIST_SP_800-53_R5 |
IR-4(6) |
NIST_SP_800-53_R5_IR-4(6) |
NIST SP 800-53 Rev. 5 IR-4 (6) |
Incident Response |
Insider Threats |
Shared |
n/a |
Implement an incident handling capability for incidents involving insider threats. |
link |
1 |