💼 SA-5 System Documentation (L)(M)(H)

• Contextual name: 💼 SA-5 System Documentation (L)(M)(H)
• ID: /frameworks/fedramp-high-security-controls/sa/05
• Located in: 💼 System and Services Acquisition

Description

a. Obtain or develop administrator documentation for the system, system component, or system service that describes:

1. Secure configuration, installation, and operation of the system, component, or service;

2. Effective use and maintenance of security and privacy functions and mechanisms; and

3. Known vulnerabilities regarding configuration and use of administrative or privileged functions;

b. Obtain or develop user documentation for the system, system component, or system service that describes:

1. User-accessible security and privacy functions and mechanisms and how to effectively use those functions and mechanisms;

2. Methods for user interaction, which enables individuals to use the system, component, or service in a more secure manner and protect individual privacy; and

3. User responsibilities in maintaining the security of the system, component, or service and privacy of individuals;

c. Document attempts to obtain system, system component, or system service documentation when such documentation is either unavailable or nonexistent and take [Assignment: organization-defined actions] in response; and

d. Distribute documentation to [FedRAMP Assignment: at a minimum, the ISSO (or similar role within the organization)].

Similar

• Sections
  • /frameworks/nist-sp-800-53-r5/sa/05
• Internal
  • ID: dec-c-de10555b

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST SP 800-53 Revision 5 → 💼 SA-5 System Documentation	5

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 FedRAMP Low Security Controls → 💼 SA-5 System Documentation (L)(M)(H)
💼 FedRAMP Moderate Security Controls → 💼 SA-5 System Documentation (L)(M)(H)

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags