SA-2
-
Requirement
- Determine the high-level information security and privacy requirements for the system or system service in mission and business process planning;
- Determine, document, and allocate the resources required to protect the system or system service as part of the organizational capital planning and investment control process; and
- Establish a discrete line item for information security and privacy in organizational programming and budgeting documentation.
-
Discussion
Resource allocation for information security and privacy includes funding for system and services acquisition, sustainment, and supply chain-related risks throughout the system development life cycle.
NIST 800-53A Assessment Guidance
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!