πΌ SA-5 INFORMATION SYSTEM DOCUMENTATION
Descriptionβ
The organization: SA-5a. Obtains administrator documentation for the information system, system component, or information system service that describes: SA-5a.1. Secure configuration, installation, and operation of the system, component, or service; SA-5a.2. Effective use and maintenance of security functions/mechanisms; and SA-5a.3. Known vulnerabilities regarding configuration and use of administrative (i.e., privileged) functions; SA-5b. Obtains user documentation for the information system, system component, or information system service that describes: SA-5b.1. User-accessible security functions/mechanisms and how to effectively use those security functions/mechanisms; SA-5b.2. Methods for user interaction, which enables individuals to use the system, component, or service in a more secure manner; and SA-5b.3. User responsibilities in maintaining the security of the system, component, or service; SA-5c. Documents attempts to obtain information system, system component, or information system service documentation when such documentation is either unavailable or nonexistent and takes [Assignment: organization-defined actions] in response; SA-5d. Protects documentation as required, in accordance with the risk management strategy; and SA-5e. Distributes documentation to [Assignment: organization-defined personnel or roles].
Similarβ
Similar Sections (Give Policies To)β
Sub Sectionsβ