a. Determine the high-level information security and privacy requirements for the system or system service in mission and business process planning; b. Determine, document, and allocate the resources required to protect the system or system service as part of the organizational capital planning and investment control process; and c. Establish a discrete line item for information security and privacy in organizational programming and budgeting documentation.
Resource allocation for information security and privacy includes funding for system and services acquisition, sustainment, and supply chain-related risks throughout the system development life cycle.
PL-7, PM-3, PM-11, SA-9, SR-3, SR-5.
No implementation description provided.
Generating enhanced implementation description...
This control has not been verified by an assessor.
No evidence files have been uploaded.