SCF - TDA-04 - Documentation Requirements
Mechanisms exist to obtain, protect and distribute administrator documentation for systems that describe:
- Secure configuration, installation and operation of the system;
- Effective use and maintenance of security features/functions; and
- Known vulnerabilities regarding configuration and use of administrative (e.g., privileged) functions.
Mapped framework controls
NIST 800-53
- SA-5
Control questions
Does the organization obtain, protect and distribute administrator documentation for systems that describe:
- Secure configuration, installation and operation of the system;
- Effective use and maintenance of security features/functions; and
- Known vulnerabilities regarding configuration and use of administrative (e?g?, privileged) functions?