πΌ SA-5 System Documentation
- Contextual name: πΌ SA-5 System Documentation
- ID:
/frameworks/nist-sp-800-53-r5/sa/05 - Located in: πΌ SA System And Services Acquisition
Descriptionβ
a. Obtain or develop administrator documentation for the system, system component, or system service that describes:
- Secure configuration, installation, and operation of the system, component, or service;
- Effective use and maintenance of security and privacy functions and mechanisms; and
- Known vulnerabilities regarding configuration and use of administrative or privileged functions; b. Obtain or develop user documentation for the system, system component, or system service that describes:
- User-accessible security and privacy functions and mechanisms and how to effectively use those functions and mechanisms;
- Methods for user interaction, which enables individuals to use the system, component, or service in a more secure manner and protect individual privacy; and
- User responsibilities in maintaining the security of the system, component, or service and privacy of individuals; c. Document attempts to obtain system, system component, or system service documentation when such documentation is either unavailable or nonexistent and take [Assignment: organization-defined actions] in response; and d. Distribute documentation to [Assignment: organization-defined personnel or roles].
Similarβ
- Internal
- ID:
dec-c-ad59b8db
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP High Security Controls β πΌ SA-5 System Documentation (L)(M)(H) | ||||
| πΌ FedRAMP Low Security Controls β πΌ SA-5 System Documentation (L)(M)(H) | ||||
| πΌ NIST CSF v2.0 β πΌ ID.AM-02: Inventories of software, services, and systems managed by the organization are maintained | 7 | |||
| πΌ NIST CSF v2.0 β πΌ ID.RA-09: The authenticity and integrity of hardware and software are assessed prior to acquisition and use |