Do you mean VIE tool?

System lockdown and Virtual Image Exception (VIE) don't have much in common. System lockdown uses a whitelist (fingerprint list) to allow only clean applications to run on the clients, while the vietool marks clean files so that they don't need to be scanned by SEP.

Both techniques are applied to clean images. System lockdown uses the checksum.exe tool to get the fingerprint list, while VIE uses vietool.exe to mark the clean files. 

If you install a new application on a client running System Lockdown, it's impossible to start the application (because it's not in the whitelist). If you do the same with a client that was prepared with VIE, the application will run -- and will be scanned by Auto-Protect or by scheduled scans because it's not marked.

Is there documentation on completing a fingerprint list and configuring a system lockdown using base image?

Yes, see Implementation Guide for SEP 12.1, chapter 20, starting with page 452. VIE and vietool are explained in a separate PDF file in the folder Mithun mentioned.

If you want to use VIE ans System Lockdown at the same time, I would keep the following order:

1. Run a full scan on the base image, check for malware.
2. Empty quarantine (if needed)
3. Run checksum.exe for creation of fingerprint list
4. Run vietool (that should always be the last step!)

BTW, System Lockdown is difficult to maintain because you have to add every new application (e.g., patches of Windows, Office, browsers etc.) to a special approval list. If you make a mistake (i.e., your fingerprint list does not cover all necessary applications), your client may freeze.