Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization implements incident handling capability for insider threats.
NIST 800-53 (r4) Supplemental Guidance:
While many organizations address insider threat incidents as an inherent part of their organizational incident response capability, this control enhancement provides additional emphasis on this type of threat and the need for specific incident handling capabilities (as defined within organizations) to provide appropriate and timely responses.
References: None.
NIST 800-53 (r5) Discussion:
Explicit focus on handling incidents involving insider threats provides additional emphasis on this type of threat and the need for specific incident handling capabilities to provide appropriate and timely responses.
38North Guidance:
Meets Minimum Requirement:
Establishes processes specifically for handling insider threats, such as identifying specific teams or roles that should respond to insider threat incidents or any special instructions for reporting indications of insider threat.
Identifies any tooling or processes in place to monitor for indications of insider threat.
Best Practice:
TBD
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Incident response procedures or section in the incident response plan that explicitly calls out how to address and respond to insider threat incidents.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse