Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Deckard
Viewer II
‎01-08-2018 02:24 PM
‎01-08-2018 02:24 PM

Seeking a Template for a Cybersecurity Program Organizational CONOPS Document

I am helping with a high level Cybersec Organization CONOPS document, and I would appreciate any leads to a template or other Word document that would be helpful.

Communicate early and often.
Keep cool, but care.
Reply
6 Replies
Clive
Newcomer I
‎01-08-2018 03:19 PM
‎01-08-2018 03:19 PM

Although not for security I was impressed by the document the University of Alabama IT department published. 

 

It got the right conversations started 

 

https://www.uab.edu/it/home/strategic-plan 

Reply
ClayBoswell
Reader I
‎01-08-2018 05:06 PM
‎01-08-2018 05:06 PM

The link provided by Clive had a space at end - kept me from accessing the document directly.

 

If you have trouble try to use: https://www.uab.edu/it/home/strategic-plan

Reply
j_M007
Community Champion
‎01-09-2018 12:20 PM
‎01-09-2018 12:20 PM

Hi Deckard,

What about the NIST Cybersecurity Framework? Pardon if I missed something there, but the NIST documentation set is complete. This is the link to check it out. https://www.nist.gov/cyberframework

 

In SP 800-53, CONOPS as a control is mentioned in PL-7

https://nvd.nist.gov/800-53/Rev4/control/PL-7

 

I don't know if there is a formalized methodology, so I suppose at a minimum  a statement of how the system is to be operated would work. (However, if you don't think it's too much, maybe an Executive Summary style would work - Who, what, where, when, why, how. But just KISS it.)

 

Best regards!

Reply
Deckard
Viewer II
‎01-09-2018 01:57 PM
‎01-09-2018 01:57 PM

Thank you, Clive and Clay for the useful input. As far as PL-7 goes, that is a requirement for the CONOPS of a system. It doesn't present much practical guidance for the content of such a document, and it is not concerned with the Concept of Operations of an OU such as a Cybersecurity Program.

Communicate early and often.
Keep cool, but care.
Reply
0 Kudos
tavilucea
Newcomer I
‎02-08-2018 09:13 AM
‎02-08-2018 09:13 AM

This is not really a template but I use this as a guide when a brief senior managers or train new people. 

 

Risk Management Framework is my world...since i work in the Government realm.

 

https://www.dau.mil/tools/Lists/DAUTools/Attachments/37/DoD%20-%20Guidebook,%20Cybersecurity%20Risk%...

Reply
j_M007
Community Champion
‎02-12-2018 04:35 PM
‎02-12-2018 04:35 PM

Hello Deckard,


My Google search of +CONOPS +TEMPLATE revealed a good deal of information.

The first hits were in fact templates and how tos concerning the composition of the CONOPS document. I hope you will find the templates useful.

https://www.google.ca/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwirvNaMqKHZAhVCMd8KHaivBqUQ...

 

https://www.google.ca/url?sa=t&rct=j&q=&esrc=s&source=web&cd=9&ved=0ahUKEwirvNaMqKHZAhVCMd8KHaivBqUQ...

 

Best regards.

Reply