SA-2

System and Services AcquisitionRev 5organization

Allocation of Resources

Baselines:LowModerateHighPrivacy

Control Statement

a. Determine the high-level information security and privacy requirements for the system or system service in mission and business process planning; b. Determine, document, and allocate the resources required to protect the system or system service as part of the organizational capital planning and investment control process; and c. Establish a discrete line item for information security and privacy in organizational programming and budgeting documentation.

Supplemental Guidance

Resource allocation for information security and privacy includes funding for system and services acquisition, sustainment, and supply chain-related risks throughout the system development life cycle.

Related Controls (6)

PL-7 PM-3 PM-11 SA-9 SR-3 SR-5

CCI Identifiers (11)

CCI-000608The organization includes a determination of information security requirements for the information system in mission process planning.CCI-004668Establish a discrete line item for information privacy in organizational budgeting documentation.CCI-000609The organization includes a determination of information security requirements for the information system in business process planning.CCI-000610Determine the resources required to protect the system or system service as part of the organizational capital planning and investment control process.CCI-000611Document the resources required to protect the system or system service as part of the organizational capital planning and investment control process.CCI-000612Allocate the resources required to protect the system or system service as part of the organizational capital planning and investment control process.CCI-000613Establish a discrete line item for information security in organizational programming documentation.CCI-000614

Linked STIG Checks (0)

No STIG checks reference this control.