Navigate

CCI-003129

CCI-003129 Definition

Obtain or develop user documentation for the system, system component, or system service that describes user-accessible security functions and mechanisms and how to effectively use those functions and mechanisms.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003129.

Control	Description
SA-5	The organization: a: Obtains administrator documentation for the information system, system component, or information system service that describes: 1: Secure configuration, installation, and operation of the system, component, or service; 2: Effective use and maintenance of security functions/mechanisms; and 3: Known vulnerabilities regarding configuration and use of administrative (i.e., privileged) functions; b: Obtains user documentation for the information system, system component, or information system service that describes: 1: User-accessible security functions/mechanisms and how to effectively use those security functions/mechanisms; 2: Methods for user interaction, which enables individuals to use the system, component, or service in a more secure manner; and 3: User responsibilities in maintaining the security of the system, component, or service; c: Documents attempts to obtain information system, system component, or information system service documentation when such documentation is either unavailable or nonexistent and takes [one of ] in response; d: Protects documentation as required, in accordance with the risk management strategy; and e: Distributes documentation to [one of ].

Control

Description

SA-5

The organization:

a: Obtains administrator documentation for the information system, system component, or information system service that describes:
- 1: Secure configuration, installation, and operation of the system, component, or service;
- 2: Effective use and maintenance of security functions/mechanisms; and
- 3: Known vulnerabilities regarding configuration and use of administrative (i.e., privileged) functions;

b: Obtains user documentation for the information system, system component, or information system service that describes:
- 1: User-accessible security functions/mechanisms and how to effectively use those security functions/mechanisms;
- 2: Methods for user interaction, which enables individuals to use the system, component, or service in a more secure manner; and
- 3: User responsibilities in maintaining the security of the system, component, or service;

c: Documents attempts to obtain information system, system component, or information system service documentation when such documentation is either unavailable or nonexistent and takes [one of ] in response;

d: Protects documentation as required, in accordance with the risk management strategy; and

e: Distributes documentation to [one of ].