SA-2

  • Requirement

    1. Determine the high-level information security and privacy requirements for the system or system service in mission and business process planning;
    2. Determine, document, and allocate the resources required to protect the system or system service as part of the organizational capital planning and investment control process; and
    3. Establish a discrete line item for information security and privacy in organizational programming and budgeting documentation.
  • Discussion

    Resource allocation for information security and privacy includes funding for system and services acquisition, sustainment, and supply chain-related risks throughout the system development life cycle.

More Info

  • Title

    Allocation of Resources
  • Family

    System and Services Acquisition
  • NIST 800-53B Baseline(s)

    • Low
    • Moderate
    • High
    • Privacy
  • Related NIST 800-53 ID

    PL-7;PM-3;PM-11;SA-9;SR-3;SR-5

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!