Navigate

CCI-000577

CCI-000577 Definition

Defines the frequency with which to review and update the CONOPS.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if the CONOPS is reviewed and updated [PL-07_ODP; frequency for review and update of the Concept of Operations (CONOPS) is defined].

Validation Procedures

Examine: [SELECT FROM: Security and privacy planning policy; procedures addressing security and privacy CONOPS development; procedures addressing security and privacy CONOPS reviews and updates; security and privacy CONOPS for the system; system security plan; privacy plan; records of security and privacy CONOPS reviews and updates; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with security and privacy planning and plan implementation responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for developing, reviewing, and updating the security CONOPS; mechanisms supporting and/or implementing the development, review, and update of the security CONOPS].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000577.

Control	Description
PL-7	a: Develop a Concept of Operations (CONOPS) for the system describing how the organization intends to operate the system from the perspective of information security and privacy; and b: Review and update the CONOPS [frequency for review and update of the Concept of Operations (CONOPS) is defined;].