home || catalog: SP800-53rev3 / class: Management / family: (SA) System and Services Acquisition ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
RA
SA

SA-01
SA-02 *
SA-03
SA-04
SA-05
SA-06
SA-07
SA-08
SA-09
SA-10
SA-11
SA-12
SA-13
SA-14

SC
SI
MMMMM

  SA-02: Allocation of Resources  

base control objective:
The organization:
a. Includes a determination of information security requirements for the information system in mission/business process planning;
b. Determines, documents, and allocates the resources required to protect the information system as part of its capital planning and investment control process; and
c. Establishes a discrete line item for information security in organizational programming and budgeting documentation.

supplemental objective information:
None.

enhancements to the base objective:

(1) None.

mapping to FIPS199 baseline:

  LOW: base     MOD: base     HIGH: base  

related (regimented) controls:

PM-03   Information Security Resources
PM-11   Mission / Business Process Definition

documents referenced in SP800-53rev3 for SA-02:

Document Date Status Title
FIPS 199 February, 2004 current   Standards for Security Categorization of Federal Information and Information Systems
NIST SP800-35 October, 2003 current   Guide to Information Technology Security Services
NIST SP800-64 October, 2008 current   Security Considerations in the Information System Development Life Cycle
NIST SP800-65 January, 2005 current   Integrating IT Security into the Capital Planning and Investment Control Process

Search SP800-53rev3 catalog: