National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NIST Special Publication 800-53 (Rev. 4)

Security and Privacy Controls for Federal Information Systems and Organizations

PL-7 SECURITY CONCEPT OF OPERATIONS

Family:
PL - PLANNING
Class:
Priority:
P0 - Unspecified priority.
Baseline Allocation:
Low Moderate High
N/A N/A N/A

Control Description

The organization:

a. Develops a security Concept of Operations (CONOPS) for the information system containing at a minimum, how the organization intends to operate the system from the perspective of information security; and

b. Reviews and updates the CONOPS [Assignment: organization-defined frequency].

Supplemental Guidance

The security CONOPS may be included in the security plan for the information system or in other system development life cycle-related documents, as appropriate. Changes to the CONOPS are reflected in ongoing updates to the security plan, the information security architecture, and other appropriate organizational documents (e.g., security specifications for procurements/acquisitions, system development life cycle documents, and systems/security engineering documents).

Related to: PL-2

Control Enhancements

None.

References

None.