Navigate

IR-4 (7)

IR-4 (7): Insider Threats - Intra-Organization Coordination

The organization coordinates incident handling capability for insider threats across [Assignment: organization-defined components or elements of the organization].

Supplemental

Incident handling for insider threat incidents (including preparation, detection and analysis, containment, eradication, and recovery) requires close coordination among a variety of organizational components or elements to be effective. These components or elements include, for example, mission/business owners, information system owners, human resources offices, procurement offices, personnel/physical security offices, operations personnel, and risk executive (function). In addition, organizations may require external support from federal, state, and local law enforcement agencies.

CIA Levels
Confidentiality	low
Integrity	low
Availability	low

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to IR-4 (7).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of IR-4 (7).

Control	Description
No controls

Related CCIs

The CCIs below are tied to IR-4 (7).

CCI	Definition
CCI-002783	The organization coordinates an incident handling capability for insider threats across organization-defined components or elements of the organization.
CCI-002784	The organization defines components or elements of the organization across which an incident handling capability for insider threats will be coordinated.