Manual Examination SA_05_2_1

This NIST 800-53 report is posted on the Internet to promote Version 3.0 of LJK/Security . The corresponding vulnerability report for your own system should be guarded more carefully, such as by being reviewed only from local HTML disk files rather than via a web server.
Return to Main Page
Manual Examination SA_05_2_1_1

FIPS 199 High Impact (for ICS)

Findings Color Code
Satisfied
Other Than Satisfied - not assessed
Other Than Satisfied - failed

NIST SP 800-53A SA-05(02) .01

Question: Do the system and services acquisition policy and the procedures addressing information system documentation specify that the organization obtain, protect as required, and make available to authorized personnel, documentation: if available from the vendor/manufacturer, describing the functional properties of the security controls employed within the information system - with sufficient detail to permit analysis and testing of the controls (including functional interfaces among control components) ?

Answered by: BOSTON::JOHNSON

As part of Manual Examination group: POLICY_SA

Answer: YES

This NIST 800-53 report is posted on the Internet to promote Version 3.0 of LJK/Security . The corresponding vulnerability report for your own system should be guarded more carefully, such as by being reviewed only from local HTML disk files rather than via a web server.