Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Integrating IT Security into the Capital Planning and Investment Control Process

Published

Author(s)

Joan Hash

Abstract

To assist federal agencies with effectively integrating security into the capital planning and investment control (CPIC) process, NIST has released Special Publication (SP) 800-65, Integrating IT Security into the Capital Planning and Investment Control Process. It provides tips and pointers in addition to a sample methodology, which can be used to address prioritization of security requirements in support of agency business units. The publication describes risk factors which should be considered in addressing security investments and links the current Office of Management and Budget (OMB) guidance in this area to the current Federal Information Security Management Act (FISMA) including the Plan of Action and Milestones (POA&M) process which all agencies are required to implement. NIST Special Publication 800-65 describes in detail the underpinning methodology which can be easily applied to address security requirement integration and prioritization into an agency's capital planning and investment planning process using well understood concepts related to the current FISMA framework and existing NIST standards and guidance. This ITL Bulletin summarizes the special publication.
Citation
ITL Bulletin -

Keywords

capital planning and investment control, CPIC, FISMA, IT security investments

Citation

Hash, J. (2005), Integrating IT Security into the Capital Planning and Investment Control Process, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=150213 (Accessed December 9, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created January 27, 2005, Updated April 10, 2015