CCI-000611

The organization documents the resources required to protect the information system or information system service as part of its capital planning and investment control process.

Implementation Guidance

The organization being inspected/assessed documents the resources (funding, staffing, etc) required for the cybersecurity requirements to protect the information system or information system service as part of its planning, programming, and budget process (PPBE).

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the planning, programming, and budget documentation to ensure the organization being inspected/assessed has documented the resources required for cybersecurity requirements to protect the information system or information system service.

Compelling Evidence

1.) System security plan (SSP). 2.) Mission/business planning documentation. 3.) Capital planning and investment documentation includes what resources are necessary to protect the information systems or services.

The controls below (if any) were marked by NIST as being related to CCI-000611.