Documentation which details the description and function of each system, the zone the system resides in, the SA of the system, applications, OS, and hardware of the system is incomplete or missing.

From Enclave - Zone B Checklist

Part of Documentation does not exist for T&D enclaves.

Associated with IA controls: DCPR-1

SV-14921r1_rule Documentation which details the description and function of each system, the zone the system resides in, the SA of the system, applications, OS, and hardware of the system is incomplete or missing.

Vulnerability discussion

Configuration management to include hardware and software inventory control is a key security requirement. There are many reasons to document and baseline the systems/applications within the infrastructure to include: bugs which were fixed find their way back into the system, changes were made that were never documented nor audited so it was overwritten, code fixes being made to an incorrect version of software, etc.

Check content

Review the documentation for systems residing in a T&D environment. The documentation should include at a minimum: - Description and function of the system - the Zone the system resides in - SA of the system - Applications and OS of the system - Hardware components - Baseline or image detail of the system

Fix text

The IAO will ensure each system residing within a T&D environment has the appropriate documentation to describe the function of the system, the “Zone” the system is located in, and the security baseline established for the system for Certification and Accreditation decisions.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer