92
InformatIon SecurIty PolIcy DeveloPment for comPlIance
b. Determines, documents, and allocates the resources required
to protect the information system as part of its capital planning
and investment control process; and
c. Est
ablishes a discrete line item for information security in
organizational programming and budgeting documentation.
SA-3 LIFE CYCLE SUPPORT
Control: e organization:
a. Man
ages the information system using a system develop-
ment life cycle methodology that includes information secu-
rity considerations;
b. Denes and documents information system security roles
and responsibilities throughout the system development life
cycle; and
c. Ide
nties individuals having information system security