IR-4(7): Insider Threats – Intra-Organization Coordination

Control Family:

Incident Response

Parent Control:

IR-4: Incident Handling

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
IR-4(7): Insider Threats – Intra-organization Coordination

Control Statement

The organization coordinates incident handling capability for insider threats across [Assignment: organization-defined components or elements of the organization].

Supplemental Guidance

Incident handling for insider threat incidents (including preparation, detection and analysis, containment, eradication, and recovery) requires close coordination among a variety of organizational components or elements to be effective. These components or elements include, for example, mission/business owners, information system owners, human resources offices, procurement offices, personnel/physical security offices, operations personnel, and risk executive (function). In addition, organizations may require external support from federal, state, and local law enforcement agencies.