diff --git a/content/en/docs/private-platform/nist-controls/sc/pmp-nist-sc39.md b/content/en/docs/private-platform/nist-controls/sc/pmp-nist-sc39.md index 9d6660f502a..ca315b64357 100644 --- a/content/en/docs/private-platform/nist-controls/sc/pmp-nist-sc39.md +++ b/content/en/docs/private-platform/nist-controls/sc/pmp-nist-sc39.md @@ -89,4 +89,36 @@ You must ensure that each namespace is exclusively managed by a single Operator. For more information, see the following topics: * [Custom JVM Heap Memory](/developerportal/deploy/private-cloud-deploy/#custom-jvm-heap-memory) -* [Out of Memory Killed Error](/developerportal/deploy/private-cloud-deploy/#out-of-memory-killed-error) \ No newline at end of file +* [Out of Memory Killed Error](/developerportal/deploy/private-cloud-deploy/#out-of-memory-killed-error) + +### DtapMode Production Enforcement + +For more information, see the following topics: + +* [Security](/developerportal/deploy/private-cloud-deploy/#security) +* [App Security and Production](/developerportal/deploy/private-cloud-deploy/#app-security-and-production) + +### Mendix SOC 3 Compliance Report + +A report detailing infrastructure architecture with a different setup for Demilitarized Zone (DMZ), containment, and isolation and routing and network encryption (TLS) is available in [Conveyor (page 38-39)](https://app.conveyor.com/profile/mendix/d/mendix-isae-3000-soc-3/H68STe). + +### Global STRICT MTLS Policy + +The cluster-wide `PeerAuthentication` manifest (called `default` in the `istio-system` namespace) enforces a Global STRICT mTLS policy. This ensures that all internal communications across all namespaces are encrypted and authenticated, effectively preventing unauthorized or unencrypted information transfer at the internal system boundaries. + +{{< figure src="/attachments/private-platform/nist-sc/nist-sc-2801-2.png" class="no-border" >}} + +### Workload Isolation + +Use Kubernetes **Namespaces** and **Network Policies** to delineate logical boundaries between different environment tiers (for example, *Testing*, *Staging*, *Production*) and to isolate Private Mendix Platform management traffic from other cluster workloads. For more information, see [Network Policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/). + +### Traffic Isolation + +You can configure Private Mendix Platform to offload administrative functions (ports *8800/8900*) to dedicated sidecars, ensuring the management plane is logically separated from the application data plane (port *8080*). + +For more information about port 8900 of the Mendix App Sidecar, see the following topics: + +* [Enable Metrics Scraping](/developerportal/deploy/private-cloud-monitor/#enable-metrics-scraping ) +* [Customize Liveness Probe to Resolve Crash Loopback Scenarios](/developerportal/deploy/private-cloud-cluster/#customize-liveness) + +For more information about port 8080 of the Mendix App Runtime container, see [Firewall Settings](/refguide/system-requirements/#firewall-settings). \ No newline at end of file diff --git a/content/en/docs/private-platform/nist-controls/si/pmp-nist-si04.md b/content/en/docs/private-platform/nist-controls/si/pmp-nist-si04.md new file mode 100644 index 00000000000..8b9e03d4a7d --- /dev/null +++ b/content/en/docs/private-platform/nist-controls/si/pmp-nist-si04.md @@ -0,0 +1,61 @@ +--- +title: "SI-04 Information System Monitoring" +linktitle: "SI-04" +url: /private-mendix-platform/nist-controls/si-04/ +description: "Documents the Private Mendix Platform's compliance with the SI-04 control of the NIST 800-53 framework." +weight: 20 +--- + +## Introduction + +This document describes how Private Mendix Platform fulfills the SI-04 control. + +| Control ID | SI-04 | +| --- | --- | +| Control category | SI - System and Information Integrity | +| Requirement baseline | FEDRAMP MODERATE | +| Responsibility and ownership | Customer - Infra, Customer - Org | + +## Control + +The organization: + +* Monitors the information system to detect: + + * Attacks and indicators of potential attacks in accordance with organization-defined monitoring objectives + * Unauthorized local, network, and remote connections. + +* Identifies unauthorized use of the information system through organization-defined techniques and methods. +* Deploys monitoring devices: + + * Strategically within the information system to collect organization-determined essential information + * At ad hoc locations within the system to track specific types of transactions. + +* Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion. +* Heightens the level of information system monitoring activity whenever there is an indication of increased risk;. +* Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws. +* Provides organization-defined information system monitoring information to organization-defined personnel or roles. + +### Supplemental Guidance + +Information system monitoring includes external and internal monitoring. External monitoring includes the observation of events occurring at the information system boundary. Internal monitoring includes the observation of events occurring within the information system. Organizations can monitor information systems by deploying monitoring devices and agents at selected locations and employing technologies such as intrusion detection systems, intrusion prevention systems, malicious code protection software, scanning tools, audit record monitoring software, network monitoring software, and network forensics tools. + +## Responsibility + +### Customer Responsibility + +This is not a Mendix responsibility. It is the customer's responsibility to decide on appropriate monitoring of the Mendix solution. + +## Guidance + +### Customer Responsibility + +The customer is responsible for establishing and maintaining information system monitoring for the Mendix solution. This includes defining monitoring objectives, selecting and deploying appropriate monitoring tools, positioning monitoring capabilities within the infrastructure, collecting logs and metrics from the Private Mendix Platform, Kubernetes, applications, and infrastructure, protecting monitoring data from unauthorized access or modification, increasing monitoring during periods of elevated risk, and distributing monitoring information to designated personnel. + +#### Infrastructure and Application Implementers + +Infrastructure and Application Implementers integrate infrastructure components, the Private Mendix Platform, and Mendix applications with the customer's monitoring solution, including the export of logs and metrics as required. + +#### Infrastructure and Application Operators + +Infrastructure and Application Operators ensure the continued, effective integration and operation of monitoring capabilities to support ongoing visibility, analysis, and response to security‑relevant events. diff --git a/content/en/docs/private-platform/nist-controls/si/pmp-nist-si0412.md b/content/en/docs/private-platform/nist-controls/si/pmp-nist-si0412.md new file mode 100644 index 00000000000..4be7590d0a4 --- /dev/null +++ b/content/en/docs/private-platform/nist-controls/si/pmp-nist-si0412.md @@ -0,0 +1,45 @@ +--- +title: "SI-04 (12) Information System Monitoring - Automated Alerts" +linktitle: "SI-04 (12)" +url: /private-mendix-platform/nist-controls/si-0412/ +description: "Documents the Private Mendix Platform's compliance with the SI-04 (12) control of the NIST 800-53 framework." +weight: 20 +--- + +## Introduction + +This document describes how Private Mendix Platform fulfills the SI-04 (12) control. + +| Control ID | SI-04 (12) | +| --- | --- | +| Control category | SI - System and Information Integrity | +| Requirement baseline | DOD IMPACT LEVEL 4 | +| Responsibility and ownership | Customer - Infra, Customer - Org | + +## Control + +The organization employs automated mechanisms to alert security personnel of the following inappropriate or unusual activities with security implications (organization-defined activities that trigger alerts). + +### Supplemental Guidance + +This control enhancement focuses on the security alerts generated by organizations and transmitted using automated means. The types of activities that may warrant security alerts include unauthorized remote connections, unauthorized wireless connections, unauthorized use of prohibited mobile functions, unusual or unauthorized activities on internal networks, unusual login attempts, and threats identified by other organizations and passed on through information sharing activities. + +## Responsibility + +### Customer Responsibility + +This is not a Mendix responsibility. + +## Guidance + +### Customer Responsibility + +The customer is responsible for defining activities with security implications that require alerting and for implementing automated alerting mechanisms, such as SIEM or monitoring platforms. This includes configuring alert thresholds, notification rules, and ensuring alerts are distributed to designated security personnel for timely review and response. + +#### Infrastructure and Application Implementers + +Infrastructure and Application Implementers implement alert triggers in accordance with customer‑defined requirements at the infrastructure and application layers, respectively. + +#### Infrastructure and Application Operators + +Infrastructure and Application Operators ensure that alerting mechanisms continue to function as expected and that security alerts generated by infrastructure components and Mendix applications are reliably delivered and actionable. \ No newline at end of file diff --git a/content/en/docs/private-platform/nist-controls/si/pmp-nist-si0416.md b/content/en/docs/private-platform/nist-controls/si/pmp-nist-si0416.md new file mode 100644 index 00000000000..877930a7295 --- /dev/null +++ b/content/en/docs/private-platform/nist-controls/si/pmp-nist-si0416.md @@ -0,0 +1,39 @@ +--- +title: "SI-04 (16) Information System Monitoring - Correlating Monitoring Information" +linktitle: "SI-04 (16)" +url: /private-mendix-platform/nist-controls/si-0416/ +description: "Documents the Private Mendix Platform's compliance with the SI-04 (16) control of the NIST 800-53 framework." +weight: 20 +--- + +## Introduction + +This document describes how Private Mendix Platform fulfills the SI-04 (16) control. + +| Control ID | SI-04 (16) | +| --- | --- | +| Control category | SI - System and Information Integrity | +| Requirement baseline | FEDRAMP MODERATE | +| Responsibility and ownership | Customer - Org | + +## Control + +The organization correlates information from monitoring tools employed throughout the information system. + +### Supplemental Guidance + +Correlating information from different monitoring tools can provide a more comprehensive view of information system activity. Correlating monitoring information is especially important during the transition from older to newer technologies (for example, during the transition from IPv4 to IPv6 network protocols). Correlation of monitoring information can assist in uncovering attack strategies that might not be apparent when only single monitoring tools are utilized. + +## Responsibility + +### Customer Responsibility + +This is not a Mendix responsibility. It is the customer's responsibility to ensure monitoring tool data is correlated throughout the system. + +## Guidance + +### Customer Responsibility + +The customer is responsible for correlating monitoring information across multiple sources to enable effective detection and analysis of security‑relevant events. This includes logs and metrics from Mendix Operator components, the Private Mendix Platform, Mendix Runtime applications, Kubernetes cluster monitoring (such as pod metrics, events, and resource utilization), infrastructure monitoring systems, and security monitoring tools including IDS/IPS, firewall logs, and endpoint detection solutions. + +Correlation of monitoring data is implemented through centralized logging and analysis capabilities, such as SIEM solutions or log aggregation platforms, to aggregate and analyze data from disparate sources. Correlation rules and dashboards are configured to identify attack patterns and provide consolidated visibility across monitoring domains, supporting timely detection, investigation, and response to potential security incidents. \ No newline at end of file diff --git a/content/en/docs/private-platform/nist-controls/si/pmp-nist-si0419.md b/content/en/docs/private-platform/nist-controls/si/pmp-nist-si0419.md new file mode 100644 index 00000000000..1787c9aa077 --- /dev/null +++ b/content/en/docs/private-platform/nist-controls/si/pmp-nist-si0419.md @@ -0,0 +1,45 @@ +--- +title: "SI-04 (19) Information System Monitoring - Individuals Posing Greater Risk" +linktitle: "SI-04 (19)" +url: /private-mendix-platform/nist-controls/si-0419/ +description: "Documents the Private Mendix Platform's compliance with the SI-04 (19) control of the NIST 800-53 framework." +weight: 20 +--- + +## Introduction + +This document describes how Private Mendix Platform fulfills the SI-04 (19) control. + +| Control ID | SI-04 (19) | +| --- | --- | +| Control category | SI - System and Information Integrity | +| Requirement baseline | DOD IMPACT LEVEL 4 | +| Responsibility and ownership | Customer - Infra, Customer - Org | + +## Control + +The organization implements organization-defined additional monitoring of individuals who have been identified by organization-defined sources as posing an increased level of risk. + +### Supplemental Guidance + +Indications of increased risk from individuals can be obtained from a variety of sources including human resource records, intelligence agencies, law enforcement organizations, and other credible sources. The monitoring of individuals is closely coordinated with management, legal, security, and human resources officials within organizations conducting such monitoring and complies with federal legislation, Executive Orders, policies, directives, regulations, and standards. + +## Responsibility + +### Customer Responsibility + +This is not a Mendix responsibility. + +## Guidance + +### Customer Responsibility + +The customer is responsible for identifying individuals requiring additional monitoring based on defined risk indicators and for specifying the scope and type of enhanced monitoring to be applied, such as detailed logging or session recording. The customer also defines sources of risk indicators, coordinates monitoring activities with management, legal, security, and human resources functions, and ensures that all monitoring activities comply with applicable laws, regulations, and organizational policies. + +#### Infrastructure and Application Implementers + +Infrastructure and Application Implementers ensure that additional monitoring capabilities can be enabled at the infrastructure and application layers in accordance with customer requirements. + +#### Infrastructure and Application Operators + +Infrastructure and Application Operators apply additional monitoring to identified individuals as directed by the customer. Centralized logging of Mendix component activities is used to support monitoring, review, and analysis of elevated‑risk user behavior. \ No newline at end of file diff --git a/content/en/docs/private-platform/nist-controls/si/pmp-nist-si0420.md b/content/en/docs/private-platform/nist-controls/si/pmp-nist-si0420.md new file mode 100644 index 00000000000..b5d4afd1e8b --- /dev/null +++ b/content/en/docs/private-platform/nist-controls/si/pmp-nist-si0420.md @@ -0,0 +1,41 @@ +--- +title: "SI-04 (20) Information System Monitoring - Privileged Users" +linktitle: "SI-04 (20)" +url: /private-mendix-platform/nist-controls/si-0420/ +description: "Documents the Private Mendix Platform's compliance with the SI-04 (20) control of the NIST 800-53 framework." +weight: 20 +--- + +## Introduction + +This document describes how Private Mendix Platform fulfills the SI-04 (20) control. + +| Control ID | SI-04 (20) | +| --- | --- | +| Control category | SI - System and Information Integrity | +| Requirement baseline | DOD IMPACT LEVEL 4 | +| Responsibility and ownership | Customer - Infra, Customer - Org | + +## Control + +The organization implements organization-defined additional monitoring of privileged users. + +### Supplemental Guidance + +Privileged users (that is, users with elevated privileges) have the potential to inflict greater harm on organizational information systems. Additional monitoring of privileged user activities can help organizations detect and respond to insider threats and compromised accounts more quickly. + +## Responsibility + +### Customer Responsibility + +This is not a Mendix responsibility. + +## Guidance + +### Customer Responsibility + +The customer is responsible for defining additional monitoring requirements for privileged users, including identifying which roles qualify as privileged (for example, cluster administrators, database administrators, and Private Mendix Platform administrators). The customer establishes enhanced logging and monitoring requirements for privileged user activities and ensures that privileged actions are reviewed on a regular basis. + +#### Infrastructure and Application Implementers + +Infrastructure and Application Implementers implement Customer‑defined privileged user monitoring controls at their respective layers, including infrastructure‑level logging for administrative actions and application‑level monitoring within Mendix applications. Mendix does not provide a dedicated audit logging system. Organizations rely on Kubernetes‑provided logging capabilities and integrations with external logging and monitoring solutions to support privileged user activity monitoring. \ No newline at end of file diff --git a/content/en/docs/private-platform/nist-controls/si/pmp-nist-si0422.md b/content/en/docs/private-platform/nist-controls/si/pmp-nist-si0422.md new file mode 100644 index 00000000000..a7e9b17ab0a --- /dev/null +++ b/content/en/docs/private-platform/nist-controls/si/pmp-nist-si0422.md @@ -0,0 +1,52 @@ +--- +title: "SI-04 (22) Information System Monitoring - Unauthorized Network Services" +linktitle: "SI-04 (22)" +url: /private-mendix-platform/nist-controls/si-0422/ +description: "Documents the Private Mendix Platform's compliance with the SI-04 (22) control of the NIST 800-53 framework." +weight: 20 +--- + +## Introduction + +This document describes how Private Mendix Platform fulfills the SI-04 (22) control. + +| Control ID | SI-04 (22) | +| --- | --- | +| Control category | SI - System and Information Integrity | +| Requirement baseline | DOD IMPACT LEVEL 4 | +| Responsibility and ownership | Customer - Infra, Customer - Org | + +## Control + +The information system detects network services that have not been authorized or approved by organization-defined authorization or approval processes and one or more of the following: + +* Audits +* Alerts for organization-defined personnel or roles. + +### Supplemental Guidance + +Unauthorized or unapproved network services include, for example, services in service-oriented architectures that lack organizational verification or validation and therefore may be unreliable or serve as malicious rogues for valid services. + +## Responsibility + +### Customer Responsibility + +This is not a Mendix responsibility. + +## Guidance + +Organizations implement controls to detect unauthorized network services in alignment with defined security requirements, network architecture, and business objectives. + +### Customer Responsibility + +The customer establishes network service authorization and approval processes and selects and configures mechanisms to identify unapproved or unauthorized services, including defining whether detection results are audited, alerted on, or both, and ensuring notifications are routed to designated personnel for timely response. + +Unauthorized network service detection is supported through mechanisms such as network scanning tools, Kubernetes admission controllers, service mesh policies controlling service‑to‑service communications, SIEM integrations for centralized monitoring and alerting, and periodic audits of deployed services against an approved service catalog. + +#### Infrastructure and Application Implementers + +Infrastructure and Application Implementers implement detection and authorization controls in accordance with Customer‑defined requirements. + +#### Infrastructure and Application Operators + +Infrastructure and Application Operators maintain ongoing compliance and respond to identified unauthorized network services in accordance with established procedures. Detection tools, authorization policies, and monitoring configurations are periodically reviewed and updated to ensure continued effectiveness. diff --git a/content/en/docs/private-platform/nist-controls/si/pmp-nist-si06.md b/content/en/docs/private-platform/nist-controls/si/pmp-nist-si06.md new file mode 100644 index 00000000000..c8c458d0fb1 --- /dev/null +++ b/content/en/docs/private-platform/nist-controls/si/pmp-nist-si06.md @@ -0,0 +1,58 @@ +--- +title: "SI-06 Security Function Verification" +linktitle: "SI-06" +url: /private-mendix-platform/nist-controls/si-06/ +description: "Documents the Private Mendix Platform's compliance with the SI-06 control of the NIST 800-53 framework." +weight: 20 +--- + +## Introduction + +This document describes how Private Mendix Platform fulfills the SI-06 control. + +| Control ID | SI-06 | +| --- | --- | +| Control category | SI - System and Information Integrity | +| Requirement baseline | FEDRAMP MODERATE | +| Responsibility and ownership | Customer - Infra, Customer - Org | + +## Control + +The information system: + +* Verifies the correct operation of organization-defined security functions. +* Performs this verification through one or more of the following: + + * Through organization-defined system transitional states + * Upon command by user with appropriate privilege + * At anrganization-defined frequency. + +* Notifies organization-defined personnel or roles about failed security verification tests. +* Performs one or more of the following actions when anomalies are discovered: + + * Shuts the information system down + * Restarts the information system + * Organization-defined alternative actions . + +### Supplemental Guidance + +Security function verification includes the integrity of security mechanisms, the mechanisms providing access restriction and intrusion detection and prevention. Transitional states include system startup, restart, shutdown, and abort. + +The following controls are related to this control: + +* CA-7 +* SI-7. + +## Responsibility + +### Customer Responsibility + +This is not a Mendix responsibility. It is the responsibility of the customer to indicate what constitutes correct operation of the Mendix solution's security functions. + +## Guidance + +### Customer Responsibility + +The customer is responsible for defining and maintaining procedures to verify the integrity and correct operation of security functions within the Mendix solution, ensuring that verification is performed at system startup, during security‑relevant events, and at defined periodic intervals in accordance with SI‑07 and SI‑07 (01). These procedures establish which security functions (such as authentication, authorization, encryption, logging, and intrusion detection) are subject to verification, who is authorized to perform verification activities, and how verification results are monitored. + +The customer also defines notification and response actions for failed integrity or security function checks, including alerting, restart, or shutdown as appropriate, while Infrastructure and Application Implementers and Operators enable, execute, and respond to verification activities within their respective infrastructure and application responsibilities. \ No newline at end of file