SA-5: System Documentation
NIST Baseline: Low
DIR Required By: 07/20/2023
Review Date: 08/08/2024
- The information resource owner, or designee, is responsible for:
- Obtaining administrator documentation for the information resource, system component, or information system service that describes:
- Secure configuration, installation, and operation of the information resource, component, or service;
- Effective use and maintenance of security functions/mechanisms; and
- Known vulnerabilities regarding configuration and use of administrative (i.e., privileged) functions.
- Obtaining or developing user documentation for the information resource, system component, or information system service that describes:
- Operations of user-accessible security functions/mechanisms;
- Methods for user interaction, which enables individuals to use the information resource, component, or service in a more secure manner; and
- User responsibilities in maintaining the security of the information resource, component, or service.
- Documenting attempts to obtain information resource, system component, or information resource service documentation when such documentation is either unavailable or nonexistent.
- Protecting documentation as required, in accordance with the risk management strategy; and
- Distributing documentation to appropriate information resource custodians and users.
- Obtaining administrator documentation for the information resource, system component, or information system service that describes: