SA-02 Allocation Of Resources
Control: The organization determines, documents, and allocates as part of its capital planning and investment control process, the resources required to adequately protect the information system.
Supplemental Guidance: The organization includes the determination of security requirements for the information system in mission/business case planning and establishes a discrete line item for information system security in the organization’s programming and budgeting documentation. NIST Special Publication 800-65 provides guidance on integrating security into the capital planning and investment control process.
Control Enhancements: (0) None.
Baseline: LOW SA-2 MOD SA-2 HIGH SA-2
Family: System And Services Acquisition
Class: Management
ISO 17799 mapping: 10.3.1
COBIT 4.1 mapping: PO1.1, PO5.2
PCI-DSS v2 mapping: None.