PM — PROGRAM MANAGEMENT

PM-3: INFORMATION SECURITY RESOURCES

FedRAMP Baseline Membership PM-3: NOT SELECTED

The organization:

a. Ensures that all capital planning and investment requests include the resources needed to implement the information security program and documents all exceptions to this requirement;
b. Employs a business case/Exhibit 300/Exhibit 53 to record the resources required; and
c. Ensures that information security resources are available for expenditure as planned.

SUPPLEMENTAL GUIDANCE

Organizations consider establishing champions for information security efforts and as part of including the necessary resources, assign specialized expertise and resources as needed. Organizations may designate and empower an Investment Review Board (or similar group) to manage and provide oversight for the information security-related aspects of the capital planning and investment control process.

PM-4 — PROGRAM MANAGEMENT | PLAN OF ACTION AND MILESTONES PROCESS
SA-2 — SYSTEM AND SERVICES ACQUISITION | ALLOCATION OF RESOURCES

CONTROL ENHANCEMENTS

NO CONTROL ENHANCEMENTS

REFERENCES:

NIST Special Publication 800-65