STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

PL-7

PlanningRev 5organization

Concept of Operations

Control Statement

a. Develop a Concept of Operations (CONOPS) for the system describing how the organization intends to operate the system from the perspective of information security and privacy; and b. Review and update the CONOPS [Assignment: frequency].

Supplemental Guidance

The CONOPS may be included in the security or privacy plans for the system or in other system development life cycle documents. The CONOPS is a living document that requires updating throughout the system development life cycle. For example, during system design reviews, the concept of operations is checked to ensure that it remains consistent with the design for controls, the system architecture, and the operational procedures. Changes to the CONOPS are reflected in ongoing updates to the security and privacy plans, security and privacy architectures, and other organizational documents, such as procurement specifications, system development life cycle documents, and systems engineering documents.

Related Controls (3)

PL-2SA-2SI-12

CCI Identifiers (4)

CCI-000577Defines the frequency with which to review and update the CONOPS.CCI-000578Review and update the CONOPS in accordance with organization-defined frequency.CCI-004291Develop a security Concept of Operations (CONOPS) for the system describing how the organization intends to operate the system from the perspective of information privacy.CCI-003071Develop a security Concept of Operations (CONOPS) for the system describing how the organization intends to operate the system from the perspective of information security.

Linked STIG Checks (0)

No STIG checks reference this control.