Establish, implement, and maintain user documentation.
CONTROL ID 12250
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish and maintain end user support communications., CC ID: 06615
This Control has the following implementation support Control(s):
Include documentation for all systems in the user documentation., CC ID: 12285
Include loss or theft instructions in the user documentation, as necessary., CC ID: 12270
Include disposition instructions in the user documentation, as necessary., CC ID: 12269
Include maintenance instructions in the user documentation, as necessary., CC ID: 12268
Include instructions on recording the location of the system in the user documentation, as necessary., CC ID: 12267
Include personalization instructions within the user documentation, as necessary., CC ID: 12266
Include life cycle management instructions for all components within the user documentation., CC ID: 12265
Include instructions on validating the integrity of various modules within the user documentation., CC ID: 12259
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
The manufacturer should provide users with guidance on how to securely set up their device. (Provision 5.12-2, CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements, ETSI EN 303 645, V2.1.1)
Requirements for the documentation of changes to the system, operating and user documentation (Section 5.11 BEI-03 Basic requirement ¶ 1 Bullet 4, Cloud Computing Compliance Controls Catalogue (C5))
establishing specific requirements for contingency actions, when relevant. (8.2.1 ¶ 1(e), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
The documentation used to meet paragraph (g)(9)(ii)(A) of this section must be available via a publicly accessible hyperlink. (§ 170.315 (g) (9) (ii) (B), 45 CFR Part 170 Health Information Technology Standards, Implementation Specifications, and Certification Criteria and Certification Programs for Health Information Technology, current as of January 2024)
The documentation used to meet paragraph (g)(9)(ii)(A) of this section must be available via a publicly accessible hyperlink. (§ 170.315 (g) (9) (ii) (B), 45 CFR Part 170, Health Information Technology: Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology, current as of July 14, 2020)
Determine whether the financial institution provides the merchant/consumer customers with a procedural or instructional document and a user guide for the application/scanner. (App A Tier 2 Objectives and Procedures N.10 Bullet 3, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)