SA-2: Allocation of Resources

Control Family:

System and Services Acquisition

CSF v1.1 References:

ID.GV-4

PF v1.0 References:

GV.PO-P2

Baselines:

Low
- SA-2
Moderate
- SA-2
High
- SA-2
Privacy
- SA-2

Previous Version:

NIST Special Publication 800-53 Revision 4:
SA-2: Allocation Of Resources

Control Statement

Determine the high-level information security and privacy requirements for the system or system service in mission and business process planning;
Determine, document, and allocate the resources required to protect the system or system service as part of the organizational capital planning and investment control process; and
Establish a discrete line item for information security and privacy in organizational programming and budgeting documentation.

Supplemental Guidance

Resource allocation for information security and privacy includes funding for system and services acquisition, sustainment, and supply chain-related risks throughout the system development life cycle.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5

Cloud Controls Matrix v3.0.1