This bulletin describes NIST's Special Publication (SP) 800-65, Integrating IT Security into the Capital Planning and Investment Control Process. It provides tips and pointers in addition to a sample methodology, which can be used to address prioritization of security requirements in support of... See full abstract

This bulletin describes NIST's Special Publication (SP) 800-65, Integrating IT Security into the Capital Planning and Investment Control Process. It provides tips and pointers in addition to a sample methodology, which can be used to address prioritization of security requirements in support of agency business units. SP 800-65 describes risk factors that should be considered in addressing security investments and links the current Office of Management and Budget (OMB) guidance in this area to the current Fedreal Information Security Management Act (FISMA), including the Plan of Action and Milestones (POA&M) process that all agencies are required to implement.
Hide full abstract