Organizational Control: Allocation Of Resources

Control ID: SA-2 Allocation Of Resources Family: System and Services Acquisition Source: NIST 800-53r4
Control: The organization:
  1. Determines information security requirements for the information system or information system service in mission/business process planning;
  2. Determines, documents, and allocates the resources required to protect the information system or information system service as part of its capital planning and investment control process; and
  3. Establishes a discrete line item for information security in organizational programming and budgeting documentation.
Supplemental Guidance:
Resource allocation for information security includes funding for the initial information system or information system service acquisition and funding for the sustainment of the system/service.

Related Controls: N/A
Control Enhancements: N/A
References: NIST Special Publication 800-65.
Mechanisms:
Protocol Implementation Conformance Statements: N/A