137 - System documentation
Ensure that roles, functionalities and interactions of the entire system are well documented to the greatest detail possible.
Documentation describes what (and how) the implementation of different components of the system does to achieve the specification goals.
Without documentation, a system implementation cannot be evaluated against the specification for correctness and one will have to rely on analyzing the implementation itself.
- Implementation -> Documentation
- What & How
- Implement <-> Document
- Assets/Actors/Actions/Trust/Thread Model
- Specify -> Implement -> Document -> Evaluate