STIGhub
STIGs
RMF Controls
Compare
← All Controls
SA-5
System and Services Acquisition
Rev 3
System Documentation
CCI Identifiers (24)
CCI-000636
The organization obtains administrator documentation for the information system that describes secure configuration, installation, and operation of the information system; effective use and maintenance of the security features/functions; and known vulnerabilities regarding configuration and use of administrative (i.e., privileged) functions.
CCI-000637
The organization protects, as required, administrator documentation for the information system that describes secure configuration, installation, and operation of the information system; effective use and maintenance of the security features/functions; and known vulnerabilities regarding configuration and use of administrative (i.e., privileged) functions.
CCI-000638
The organization makes available to authorized personnel administrator documentation for the information system that describes secure configuration, installation, and operation of the information system; effective use and maintenance of the security features/functions; and known vulnerabilities regarding configuration and use of administrative (i.e., privileged) functions.
CCI-000639
The organization obtains user documentation for the information system that describes user-accessible security features/functions and how to effectively use those security features/functions; methods for user interaction with the information system, which enables individuals to use the system in a more secure manner; and user responsibilities in maintaining the security of the information and information system.
CCI-000640
The organization protects, as required, user documentation for the information system that describes user-accessible security features/functions and how to effectively use those security features/functions; methods for user interaction with the information system, which enables individuals to use the system in a more secure manner; and user responsibilities in maintaining the security of the information and information system.
CCI-000641
The organization makes available to authorized personnel user documentation for the information system that describes user-accessible security features/functions and how to effectively use those security features/functions; methods for user interaction with the information system, which enables individuals to use the system in a more secure manner; and user responsibilities in maintaining the security of the information and information system.
CCI-000642
Document attempts to obtain system, system component, or system service documentation when such documentation is either unavailable or nonexistent.
CCI-003124
Obtain or develop administrator documentation for the system, system component, or system service that describes secure configuration of the system, component, or service.
CCI-003125
Obtain or develop administrator documentation for the system, system component, or system service that describes secure installation of the system, component, or service.
CCI-003126
Obtain or develop administrator documentation for the system, system component, or system service that describes secure operation of the system, component, or service.
CCI-003127
Obtain or develop administrator documentation for the system, system component, or system services that describes effective use and maintenance of security functions and mechanisms.
CCI-003128
Obtain or develop administrator documentation for the system, system component, or system service that describes known vulnerabilities regarding configuration and use of administrative or privileged functions.
CCI-003129
Obtain or develop user documentation for the system, system component, or system service that describes user-accessible security functions and mechanisms and how to effectively use those functions and mechanisms.
CCI-003130
Obtain or develop user documentation for the system, system component, or system service that describes methods for user interaction which enables individuals to use the system, component, or service in a more secure manner.
CCI-003131
Obtain or develop user documentation for the system, system component, or system service that describes user responsibilities in maintaining the security of the system, component, or service.
CCI-003132
Take organization-defined actions in response to attempts to obtain either unavailable or nonexistent documentation for the system, system component, or system service.
CCI-003133
Defines actions to be taken in response to attempts to obtain either unavailable or nonexistent documentation for the system, system component, or system service.
CCI-003134
The organization protects information system, system component, or information system service documentation as required, in accordance with the risk management strategy.
CCI-003135
Distribute system, system component, or system service documentation to organization-defined personnel or roles.
CCI-003136
Defines the personnel or roles to whom system, system component, or system service documentation is to be distributed.
CCI-004708
Obtain or develop administrator documentation for the system, system component, or system services that describes effective use and maintenance of privacy functions and mechanisms.
CCI-004709
Obtain or develop user documentation for the system, system component, or system service that describes user-accessible privacy functions and mechanisms and how to effectively use those functions and mechanisms.
CCI-004710
Obtain or develop user documentation for the system, system component, or system service that describes methods for user interaction which enables individuals to protect individual privacy.
CCI-004711
Obtain or develop user documentation for the system, system component, or system service that describes user responsibilities in maintaining the privacy of individuals.
Linked STIG Checks (2)
Across 1 STIGs. Click to expand.
▶
Application Security and Development Security Technical Implementation Guide
2 checks