Inclusion of framework content/documentation

[brian-ruf]

Author Use Case: As a product vendor, service provider or 3rd party, I want to provide product/service consumers with information about the product/services that enables the consumer to more quickly prepare security documentation.

Consumer Use Case: As a security practitioner that needs to complete security documentation about a system in satisfaction of a specific framework, I want to consume pre-written descriptions for each component in my system as to how that component satisfies the framework.

Example: Whether I am leveraging a database product from a vendor or a database service from a cloud service provider, certain frameworks require me to provide security documentation about the database capability that might include information such as its access control mechanisms, cryptographic algorithms, and existence of administrative procedures.

My security documentation can be created far more quickly and accurately if I can import pre-written content that targets for the product/service that targets my framework.