PL-2(1) — Concept of Operations

A Concept of Operations (CONOPS) describes how your system is intended to be operated from a security perspective. It bridges the gap between technical implementation and operational use.

Example 1: Write a CONOPS section in your SSP that describes how users interact with the system, what security roles are defined (admin, user, auditor), how data flows through the system, and what the expected operating environment looks like (on-premise, cloud, hybrid).

Example 2: Include operational scenarios in your CONOPS: normal operations (day-to-day use), degraded mode (key components unavailable), maintenance mode (system updates being applied), and emergency mode (active incident response). Describe the security posture for each scenario and who has what authorities.