An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Integrating IT Security into the Capital Planning and Investment Control Process
Published
Author(s)
Joan Hash
Abstract
To assist federal agencies with effectively integrating security into the capital planning and investment control (CPIC) process, NIST has released Special Publication (SP) 800-65, Integrating IT Security into the Capital Planning and Investment Control Process. It provides tips and pointers in addition to a sample methodology, which can be used to address prioritization of security requirements in support of agency business units. The publication describes risk factors which should be considered in addressing security investments and links the current Office of Management and Budget (OMB) guidance in this area to the current Federal Information Security Management Act (FISMA) including the Plan of Action and Milestones (POA&M) process which all agencies are required to implement. NIST Special Publication 800-65 describes in detail the underpinning methodology which can be easily applied to address security requirement integration and prioritization into an agency's capital planning and investment planning process using well understood concepts related to the current FISMA framework and existing NIST standards and guidance. This ITL Bulletin summarizes the special publication.
capital planning and investment control, CPIC, FISMA, IT security investments
Citation
Hash, J.
(2005),
Integrating IT Security into the Capital Planning and Investment Control Process, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=150213
(Accessed December 9, 2024)