Back

Include user responsibilities for maintaining system security in the user documentation.


CONTROL ID
14312
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Obtain user documentation before acquiring products and services., CC ID: 14283

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • In addition to the CUECs, the subservice organization may also identify user entity responsibilities that should be considered by the service organization to effectively use the subservice organization's system but that do not affect the subservice organization's ability to achieve its commitments t… (¶ 2.31, SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • User responsibilities in maintaining the security of the system, component, or service and privacy of individuals; (SA-5b.3., FedRAMP Security Controls High Baseline, Version 5)
  • User responsibilities in maintaining the security of the system, component, or service and privacy of individuals; (SA-5b.3., FedRAMP Security Controls Low Baseline, Version 5)
  • User responsibilities in maintaining the security of the system, component, or service and privacy of individuals; (SA-5b.3., FedRAMP Security Controls Moderate Baseline, Version 5)
  • User responsibilities in maintaining the security of the system, component, or service and privacy of individuals; (SA-5b.3., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • User responsibilities in maintaining the security of the system, component, or service and privacy of individuals; (SA-5b.3., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • User responsibilities in maintaining the security of the system, component, or service and privacy of individuals; (SA-5b.3., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • User responsibilities in maintaining the security of the system, component, or service and privacy of individuals; (SA-5b.3., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • User responsibilities in maintaining the security of the system, component, or service and privacy of individuals; (SA-5b.3., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • User responsibilities in maintaining the security of the system, component, or service and privacy of individuals; (SA-5b.3., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • User responsibilities in maintaining the security of the system, component, or service and privacy of individuals; (SA-5b.3., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3., TX-RAMP Security Controls Baseline Level 1)
  • User responsibilities in maintaining the security of the system, component, or service; (SA-5b.3., TX-RAMP Security Controls Baseline Level 2)