STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 23 hours ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

SA-2

System and Services AcquisitionRev 5organization

Allocation of Resources

Baselines:LowModerateHighPrivacy

Control Statement

a. Determine the high-level information security and privacy requirements for the system or system service in mission and business process planning; b. Determine, document, and allocate the resources required to protect the system or system service as part of the organizational capital planning and investment control process; and c. Establish a discrete line item for information security and privacy in organizational programming and budgeting documentation.

Supplemental Guidance

Resource allocation for information security and privacy includes funding for system and services acquisition, sustainment, and supply chain-related risks throughout the system development life cycle.

Related Controls (6)

PL-7PM-3PM-11SA-9SR-3SR-5

CCI Identifiers (11)

CCI-004666Determine the high-level information privacy requirements for the system or system service in mission and business process planning.CCI-004667Establish a discrete line item for information privacy in organizational programming documentation.CCI-004668Establish a discrete line item for information privacy in organizational budgeting documentation.CCI-003091Determine the high-level information security requirements for the system or system service in mission and business process planning.CCI-000608The organization includes a determination of information security requirements for the information system in mission process planning.CCI-000609The organization includes a determination of information security requirements for the information system in business process planning.CCI-000610Determine the resources required to protect the system or system service as part of the organizational capital planning and investment control process.CCI-000611Document the resources required to protect the system or system service as part of the organizational capital planning and investment control process.

Linked STIG Checks (0)

No STIG checks reference this control.

CCI-000612Allocate the resources required to protect the system or system service as part of the organizational capital planning and investment control process.
CCI-000613Establish a discrete line item for information security in organizational programming documentation.
CCI-000614Establish a discrete line item for information security in organizational budgeting documentation.