2.5 KiB
| implementation-status | control-origination | |||||
|---|---|---|---|---|---|---|
|
|
sa-2 - [catalog] Allocation of Resources
Control Statement
-
[a] Determine the high-level information security and privacy requirements for the system or system service in mission and business process planning;
-
[b] Determine, document, and allocate the resources required to protect the system or system service as part of the organizational capital planning and investment control process; and
-
[c] Establish a discrete line item for information security and privacy in organizational programming and budgeting documentation.
Control guidance
Resource allocation for information security and privacy includes funding for system and services acquisition, sustainment, and supply chain-related risks throughout the system development life cycle.
Control assessment-objective
the high-level information security requirements for the system or system service are determined in mission and business process planning; the high-level privacy requirements for the system or system service are determined in mission and business process planning; the resources required to protect the system or system service are determined and documented as part of the organizational capital planning and investment control process; the resources required to protect the system or system service are allocated as part of the organizational capital planning and investment control process; a discrete line item for information security is established in organizational programming and budgeting documentation; a discrete line item for privacy is established in organizational programming and budgeting documentation.
What is the solution and how is it implemented?
Implementation a.
Add control implementation description here for item sa-2_smt.a
Implementation b.
Add control implementation description here for item sa-2_smt.b
Implementation c.
Add control implementation description here for item sa-2_smt.c