An error occurred:

CCI-004316

CCI-004316 Definition

Prepare documentation required for addressing information security programs in capital planning and investment requests in accordance with applicable laws, Executive Orders, directives, policies, regulations, and standards.
Status
Type CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - the documentation required for addressing the information security program in capital planning and investment requests is prepared in accordance with applicable laws, executive orders, directives, policies, regulations, standards. - the documentation required for addressing the privacy program in capital planning and investment requests is prepared in accordance with applicable laws, executive orders, directives, policies, regulations, standards.

Validation Procedures

Examine: [SELECT FROM: Information security program plan; Exhibit 300; Exhibit 53; business cases for capital planning and investment; procedures for capital planning and investment; documentation of exceptions to capital planning requirements; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with information security program planning responsibilities; organizational personnel with privacy program planning responsibilities; organizational personnel responsible for capital planning and investment; organizational personnel with information security responsibilities; organizational personnel with privacy responsibilities]. Test: [SELECT FROM: Organizational processes for capital planning and investment; organizational processes for business case, Exhibit 300, and Exhibit 53 development; mechanisms supporting the capital planning and investment process].