Description
a. Develop a Concept of Operations (CONOPS) for the system describing how the organization intends to operate the system from the perspective of information security and privacy; and b. Review and update the CONOPS [Assignment: organization-defined frequency].
Supplemental Guidance
The concept of operations may be included in the security or privacy plans for the system or in other system development life cycle documents. The concept of operations is a living document that requires updating throughout the system development life cycle.
Changes from Rev 4
No significant changes from Rev 4.
Compliance Mappings
COBIT 2019
BAI02
CSA CCM v4
BCR-05
CSA AICM v1
BCR-05
RBI CSF
ITGRCA.4
HKMA TM-E-1
TME1.2.2TME1.3.1
MLPS 2.0
8.1.9.2
EU CRA
CRA.Info.4
CBB TM
TM-2
BoG CISD
CISD-I
FFIEC IS
II.C.1
NYDFS 500
500.2
EBA ICT Guidelines
3.6.1
BOT Cyber Resilience
Ch6.2
Common Criteria
CC Part 1 — PP
NAIC Insurance Data Security
4
HITRUST CSF v11
10.a
FDA Cybersecurity Guidance
SPDF-3