National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NIST Special Publication 800-53 (Rev. 4)

Security Controls and Assessment Procedures for Federal Information Systems and Organizations

SA-2 ALLOCATION OF RESOURCES

Family:
SA - SYSTEM AND SERVICES ACQUISITION
Class:
Priority:
P1 - Implement P1 security controls first.
Baseline Allocation:
Low Moderate High
SA-2 SA-2 SA-2

Control Description

The organization:

a. Determines information security requirements for the information system or information system service in mission/business process planning;

b. Determines, documents, and allocates the resources required to protect the information system or information system service as part of its capital planning and investment control process; and

c. Establishes a discrete line item for information security in organizational programming and budgeting documentation.

Supplemental Guidance

Resource allocation for information security includes funding for the initial information system or information system service acquisition and funding for the sustainment of the system/service.

Related to: PM-3PM-11

Control Enhancements

None.

References

NIST Special Publication 800-65 https://csrc.nist.gov/publications/search?keywords-lg=800-65