a. Determine the high-level information security and privacy requirements for the system or system service in mission and business process planning;
b. Determine, document, and allocate the resources required to protect the system or system service as part of the organizational capital planning and investment control process; and
c. Establish a discrete line item for information security and privacy in organizational programming and budgeting documentation.
|
|
| Control Identifier | SA-2 |
| Latest Sync Date | 19/12/24 09:18:14 |
| Discussion | Resource allocation for information security and privacy includes funding for system and services acquisition, sustainment, and supply chain-related risks throughout the system development life cycle. |
| Related Controls | PL-7, PM-3, PM-11, SA-9, SR-3, SR-5. |