Back

Establish, implement, and maintain user documentation.


CONTROL ID
12250
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish and maintain end user support communications., CC ID: 06615

This Control has the following implementation support Control(s):
  • Include documentation for all systems in the user documentation., CC ID: 12285
  • Include loss or theft instructions in the user documentation, as necessary., CC ID: 12270
  • Include disposition instructions in the user documentation, as necessary., CC ID: 12269
  • Include maintenance instructions in the user documentation, as necessary., CC ID: 12268
  • Include instructions on recording the location of the system in the user documentation, as necessary., CC ID: 12267
  • Include personalization instructions within the user documentation, as necessary., CC ID: 12266
  • Include life cycle management instructions for all components within the user documentation., CC ID: 12265
  • Include instructions on validating the integrity of various modules within the user documentation., CC ID: 12259


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The manufacturer should provide users with guidance on how to securely set up their device. (Provision 5.12-2, CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements, ETSI EN 303 645, V2.1.1)
  • Requirements for the documentation of changes to the system, operating and user documentation (Section 5.11 BEI-03 Basic requirement ¶ 1 Bullet 4, Cloud Computing Compliance Controls Catalogue (C5))
  • establishing specific requirements for contingency actions, when relevant. (8.2.1 ¶ 1(e), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • The documentation used to meet paragraph (g)(9)(ii)(A) of this section must be available via a publicly accessible hyperlink. (§ 170.315 (g) (9) (ii) (B), 45 CFR Part 170 Health Information Technology Standards, Implementation Specifications, and Certification Criteria and Certification Programs for Health Information Technology, current as of January 2024)
  • The documentation used to meet paragraph (g)(9)(ii)(A) of this section must be available via a publicly accessible hyperlink. (§ 170.315 (g) (9) (ii) (B), 45 CFR Part 170, Health Information Technology: Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology, current as of July 14, 2020)
  • Determine whether the financial institution provides the merchant/consumer customers with a procedural or instructional document and a user guide for the application/scanner. (App A Tier 2 Objectives and Procedures N.10 Bullet 3, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)