Navigate

CCI-003071

CCI-003071 Definition

Develop a security Concept of Operations (CONOPS) for the system describing how the organization intends to operate the system from the perspective of information security.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed develops and documents a security Concept of Operations (CONOPS) for the information system containing at a minimum, how the organization intends to operate the system from the perspective of information security.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the security CONOPS to ensure the organization being inspected/assessed develops a security CONOPS for the information system containing at a minimum, how the organization intends to operate the system from the perspective of information security.

Compelling Evidence

1.) Concept of Operations (CONOPS) which includes how the organization intends to operate the system from the perspective of information security.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003071.

Control	Description
PL-7	The organization: a: Develops a security Concept of Operations (CONOPS) for the information system containing at a minimum, how the organization intends to operate the system from the perspective of information security; and b: Reviews and updates the CONOPS [organization-defined frequency].