Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

R061. Document security chapter

This document contains the details of the security requirements related to the definition and management of logical architecture in the organization. This requirement establishes the importance of documenting a security chapter, establishing the procedures to follow in case of a security breach.


The documentation that supports an information system must contain a security chapter.


The system documentation must sustain the design and usage of the defined security features.


  1. The security of the information is a non-functional feature of the systems, the documentation thereof must support the previously established definitions in order to protect the information handled by the system.

  2. The design documentation should include the designed abuse cases, the necessary security requirements to protect the information and the design of established controls. This documentation helps in the validation of security implementation.

  3. In the user documentation, the configuration and use of controls that each user profile can apply should be detailed step by step.


  1. The design documents did not establish the abuse-cases and security requirements that the application needs and therefore the necessary controls for information protections were not implemented.

  2. The security configuration parameters were not documented, users do not use the defined security controls.


  • Layer: Business Layer.

  • Asset: Security Architecture

  • Scope: Maintainability.

  • Phase: Operation.

  • Type of Control: Recommendation.


  1. BSSIM9 SM2.1: Publish data about software security internally.

  2. HIPAA Security Rules 164.312(a)(2)(ii): Emergency Access Procedure: Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency.

Service status - Terms of Use