Navigation :
Feature Overview
Installation and Configuration
Using the On-Demand Service
Using the Multi-Tenant Service
Security and Compliance Information
Crunchy Compliance Suite Report
-
STIG Compliance
-
NIST 800-53 Compliance
--
AC - Access Control
--
AT - Awareness And Training
--
AU - Audit And Accountability
--
CA - Security Assessment And Authorization
--
CM - Configuration Management
--
CP - Contingency Planning
--
IA - Identification And Authentication
--
IR - Incident Response
--
MA - Maintenance
--
MP - Media Protection
-- NIST 800-53 Baseline
--
PE - Physical And Environmental Protection
--
PL - Planning
--
PM - Program Management
--
PS - Personnel Security
--
RA - Risk Assessment
--
SA - System And Services Acquisition
--
SC - System And Communications Protection
--
SI - System And Information Integrity
--
NIST 800-53 Controls
---
AC - Access Control
---
AT - Awareness And Training
---
AU - Audit And Accountability
---
CA - Security Assessment And Authorization
---
CM - Configuration Management
---
CP - Contingency Planning
---
IA - Identification And Authentication
---
IR - Incident Response
---
MA - Maintenance
---
MP - Media Protection
---
PE - Physical And Environmental Protection
---
PL - Planning
---
PM - Program Management
---
PS - Personnel Security
---
RA - Risk Assessment
---
SA - System And Services Acquisition
---- SA-1: System And Services Acquisition Policy And Procedures
---- SA-2: Allocation Of Resources
---- SA-3: System Development Life Cycle
---- SA-4: Acquisition Process
---- SA-5: Information System Documentation
---- SA-6: Software Usage Restrictions
---- SA-7: User-Installed Software
---- SA-8: Security Engineering Principles
---- SA-9: External Information System Services
---- SA-10: Developer Configuration Management
---- SA-11: Developer Security Testing And Evaluation
---- SA-12: Supply Chain Protection
---- SA-13: Trustworthiness
---- SA-14: Criticality Analysis
---- SA-15: Development Process, Standards, And Tools
---- SA-16: Developer-Provided Training
---- SA-17: Developer Security Architecture And Design
---- SA-18: Tamper Resistance And Detection
---- SA-19: Component Authenticity
---- SA-20: Customized Development Of Critical Components
---- SA-21: Developer Screening
---- SA-22: Unsupported System Components
---
SC - System And Communications Protection
---
SI - System And Information Integrity
Data Migration
Disaster Recovery
Cluster Metrics
Data Loading Tools Lab
Release Notes
Support
Administrator Runbooks
SA-2: Allocation Of Resources
Generated
2019-05-20 15:48:11.984914
Status
Skipped
Statements
The organization:
Code
Description
SA-2a.
Determines information security requirements for the information system or information system service in mission/business process planning;
SA-2b.
Determines, documents, and allocates the resources required to protect the information system or information system service as part of its capital planning and investment control process; and
SA-2c.
Establishes a discrete line item for information security in organizational programming and budgeting documentation.
Additional Guidance
Resource allocation for information security includes funding for the initial information system or information system service acquisition and funding for the sustainment of the system/service.