As the lead security engineer for a software development project, you are responsible for ensuring that all necessary security controls are implemented and documented. Which of the following does not need to be included in the control implementation documentation?