NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Integrating IT Security into the Capital Planning and Investment Control Process

Published

Author(s)

Joan Hash, N Bartol, H Rollins, W Robinson, J Abeles, S Batdorff

Abstract

Traditionally, information technology (IT) security and capital planning and investment control (CPIC) processes have been performed independently by security and capital planning practitioners. However, the Federal Information Security Management Act (FISMA) of 2002 and other existing federal regulations charge agencies with integrating the two activities. In addition, with increased competition for limited federal budgets and resources, agencies must ensure that available funding is applied towards the agencies' highest priority IT security investments. Applying funding towards high-priority security investments supports the objective of maintaining appropriate security controls, both at the enterprise-wide and system level, commensurate with levels of risk and data sensitivity. This special publication (SP) introduces common criteria against which agencies can prioritize security activities to ensure that corrective actions identified in the annual FISMA reporting process are incorporated into the capital planning process to deliver maximum security in a cost-effective manner.
Citation
Special Publication (NIST SP) - 800-65
Report Number
800-65
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

Local Download

Keywords

Capital planning and investment control, CPIC, FISMA, IT security investments
Information technology and Cybersecurity and privacy

Citation

Hash, J. , Bartol, N. , Rollins, H. , Robinson, W. , Abeles, J. and Batdorff, S. (2005), Integrating IT Security into the Capital Planning and Investment Control Process, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=150214 (Accessed October 27, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created January 1, 2005, Updated February 19, 2017
Was this page helpful?