STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

PM-3

Program ManagementRev 5organization

Information Security and Privacy Resources

Baselines:Privacy

Control Statement

a. Include the resources needed to implement the information security and privacy programs in capital planning and investment requests and document all exceptions to this requirement; b. Prepare documentation required for addressing information security and privacy programs in capital planning and investment requests in accordance with applicable laws, executive orders, directives, policies, regulations, standards; and c. Make available for expenditure, the planned information security and privacy resources.

Supplemental Guidance

Organizations consider establishing champions for information security and privacy and, as part of including the necessary resources, assign specialized expertise and resources as needed. Organizations may designate and empower an Investment Review Board or similar group to manage and provide oversight for the information security and privacy aspects of the capital planning and investment control process.

Related Controls (2)

PM-4SA-2

CCI Identifiers (8)

CCI-000080Include the resources needed to implement the information security programs in capital planning and investment requests and document all exceptions to this requirement.CCI-000081The organization employs a business case/Exhibit 300/Exhibit 53 to record the resources required.CCI-000141Make available for expenditure, the planned information security resources.CCI-004314Include the resources needed to implement the information security programs in capital planning and investment requests.CCI-004315Include the resources needed to implement the information privacy programs in capital planning and investment requests.CCI-004316Prepare documentation required for addressing information security programs in capital planning and investment requests in accordance with applicable laws, Executive Orders, directives, policies, regulations, and standards.CCI-004317Prepare documentation required for addressing information privacy programs in capital planning and investment requests in accordance with applicable laws, Executive Orders, directives, policies, regulations, and standards.CCI-004318Make available for expenditure, the planned information privacy resources.

Linked STIG Checks (0)

No STIG checks reference this control.