Obtain user documentation before acquiring products and services.
CONTROL ID 14283
CONTROL TYPE Acquisition/Sale of Assets or Services
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Include security requirements in system acquisition contracts., CC ID: 01124
This Control has the following implementation support Control(s):
Include instructions on how to use the security functions in the user documentation., CC ID: 14314
Include security functions in the user documentation., CC ID: 14313
Include user responsibilities for maintaining system security in the user documentation., CC ID: 14312
Include a description of user interactions in the user documentation., CC ID: 14311
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
The required information is available to the user of the good or product. (PI1.1 ¶ 3 Bullet 1.1 Defines Information Necessary to Support the Use of a Good or Product, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus â 2022))
The required information is clearly identifiable. (PI1.1 ¶ 3 Bullet 1.2 Defines Information Necessary to Support the Use of a Good or Product, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus â 2022))
The required information is validated for completeness and accuracy. (PI1.1 ¶ 3 Bullet 1.3 Defines Information Necessary to Support the Use of a Good or Product, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus â 2022))
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
The required information is available to the user of the good or product. (PI1.1 ¶ 3 Bullet 1.1 Defines Information Necessary to Support the Use of a Good or Product, Trust Services Criteria, (includes March 2020 updates))
The required information is clearly identifiable. (PI1.1 ¶ 3 Bullet 1.2 Defines Information Necessary to Support the Use of a Good or Product, Trust Services Criteria, (includes March 2020 updates))
The required information is validated for completeness and accuracy. (PI1.1 ¶ 3 Bullet 1.3 Defines Information Necessary to Support the Use of a Good or Product, Trust Services Criteria, (includes March 2020 updates))
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Obtain or develop user documentation for the system, system component, or system service that describes: (SA-5b., FedRAMP Security Controls High Baseline, Version 5)
Obtain or develop user documentation for the system, system component, or system service that describes: (SA-5b., FedRAMP Security Controls Low Baseline, Version 5)
Obtain or develop user documentation for the system, system component, or system service that describes: (SA-5b., FedRAMP Security Controls Moderate Baseline, Version 5)
Obtain or develop user documentation for the system, system component, or system service that describes: (SA-5b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
Obtain or develop user documentation for the system, system component, or system service that describes: (SA-5b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
Obtain or develop user documentation for the system, system component, or system service that describes: (SA-5b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
Obtain or develop user documentation for the system, system component, or system service that describes: (SA-5b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
Obtain or develop user documentation for the system, system component, or system service that describes: (SA-5b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
Obtain or develop user documentation for the system, system component, or system service that describes: (SA-5b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Obtain or develop user documentation for the system, system component, or system service that describes: (SA-5b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b., TX-RAMP Security Controls Baseline Level 1)
Obtains user documentation for the information system, system component, or information system service that describes: (SA-5b., TX-RAMP Security Controls Baseline Level 2)