An error occurred:

CCI-003128

CCI-003128 Definition

The organization obtains administrator documentation for the information system, system component, or information system service that describes known vulnerabilities regarding configuration and use of administrative (i.e., privileged) functions.
Status
Type CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents within contracts/agreements, requirements that the developer provide administrator documentation for the information system, system component or information system service that describe known vulnerabilities regarding configuration and use of administrative (i.e. privileged) functions.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the contracts/agreements to ensure the organization being inspected/assessed requires that the developer provide administrator documentation for the information system, system component or information system service that describe known vulnerabilities regarding configuration and use of administrative (i.e. privileged) functions.

Compelling Evidence

1.) System security plan (SSP) must contain administrator documentation that describes known vulnerabilities regarding configuration and used of administrative(privileged) functions.