compliance controls are associated with this Policy definition 'Allocate resources in determining information system requirements' (90a156a6-49ed-18d1-1052-69aac27c05cd)
Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
FedRAMP_High_R4 |
SA-2 |
FedRAMP_High_R4_SA-2 |
FedRAMP High SA-2 |
System And Services Acquisition |
Allocation Of Resources |
Shared |
n/a |
The organization:
a. Determines information security requirements for the information system or information system service in mission/business process planning;
b. Determines, documents, and allocates the resources required to protect the information system or information system service as part of its capital planning and investment control process; and
c. Establishes a discrete line item for information security in organizational programming and budgeting documentation.
Supplemental Guidance: Resource allocation for information security includes funding for the initial information system or information system service acquisition and funding for the sustainment of the system/service. Related controls: PM-3, PM-11.
Control Enhancements: None.
References: NIST Special Publication 800-65. |
link |
6 |
FedRAMP_Moderate_R4 |
SA-2 |
FedRAMP_Moderate_R4_SA-2 |
FedRAMP Moderate SA-2 |
System And Services Acquisition |
Allocation Of Resources |
Shared |
n/a |
The organization:
a. Determines information security requirements for the information system or information system service in mission/business process planning;
b. Determines, documents, and allocates the resources required to protect the information system or information system service as part of its capital planning and investment control process; and
c. Establishes a discrete line item for information security in organizational programming and budgeting documentation.
Supplemental Guidance: Resource allocation for information security includes funding for the initial information system or information system service acquisition and funding for the sustainment of the system/service. Related controls: PM-3, PM-11.
Control Enhancements: None.
References: NIST Special Publication 800-65. |
link |
6 |
hipaa |
0120.05a1Organizational.4-05.a |
hipaa-0120.05a1Organizational.4-05.a |
0120.05a1Organizational.4-05.a |
01 Information Protection Program |
0120.05a1Organizational.4-05.a 05.01 Internal Organization |
Shared |
n/a |
Capital planning and investment requests include the resources needed to implement the security program, employ a business case (or Exhibit 300 and/or 53 for federal government); and the organization ensures the resources are available for expenditure as planned. |
|
8 |
ISO27001-2013 |
A.6.1.5 |
ISO27001-2013_A.6.1.5 |
ISO 27001:2013 A.6.1.5 |
Organization of Information Security |
Information security in project management |
Shared |
n/a |
Information security shall be addressed in project management, regardless of the type of the project. |
link |
25 |
ISO27001-2013 |
C.5.1.c |
ISO27001-2013_C.5.1.c |
ISO 27001:2013 C.5.1.c |
Leadership |
Leadership and commitment |
Shared |
n/a |
Top management shall demonstrate leadership and commitment with respect to the information
security management system by:
c) ensuring that the resources needed for the information security management system are available. |
link |
10 |
ISO27001-2013 |
C.5.1.f |
ISO27001-2013_C.5.1.f |
ISO 27001:2013 C.5.1.f |
Leadership |
Leadership and commitment |
Shared |
n/a |
Top management shall demonstrate leadership and commitment with respect to the information
security management system by:
f) directing and supporting persons to contribute to the effectiveness of the information security
management system. |
link |
9 |
ISO27001-2013 |
C.7.1 |
ISO27001-2013_C.7.1 |
ISO 27001:2013 C.7.1 |
Support |
Resources |
Shared |
n/a |
The organization shall determine and provide the resources needed for the establishment, implementation,
maintenance and continual improvement of the information security management system. |
link |
7 |
NIST_SP_800-53_R4 |
SA-2 |
NIST_SP_800-53_R4_SA-2 |
NIST SP 800-53 Rev. 4 SA-2 |
System And Services Acquisition |
Allocation Of Resources |
Shared |
n/a |
The organization:
a. Determines information security requirements for the information system or information system service in mission/business process planning;
b. Determines, documents, and allocates the resources required to protect the information system or information system service as part of its capital planning and investment control process; and
c. Establishes a discrete line item for information security in organizational programming and budgeting documentation.
Supplemental Guidance: Resource allocation for information security includes funding for the initial information system or information system service acquisition and funding for the sustainment of the system/service. Related controls: PM-3, PM-11.
Control Enhancements: None.
References: NIST Special Publication 800-65. |
link |
6 |
NIST_SP_800-53_R5 |
SA-2 |
NIST_SP_800-53_R5_SA-2 |
NIST SP 800-53 Rev. 5 SA-2 |
System and Services Acquisition |
Allocation of Resources |
Shared |
n/a |
a. Determine the high-level information security and privacy requirements for the system or system service in mission and business process planning;
b. Determine, document, and allocate the resources required to protect the system or system service as part of the organizational capital planning and investment control process; and
c. Establish a discrete line item for information security and privacy in organizational programming and budgeting documentation. |
link |
6 |