Healthcare Delivery Organizations (HDO) face a complex set of challenges in their information technology and operational environment, with threats that can impact patient care, business operations, medical devices, facilities, protected health information, and public confidence. A critical element for defense is the Cybersecurity Operations Center (CSOC), which acts as a focal point for an HDO’s cyber threat monitoring and response. This paper provides a framework that aligns with the threats that HDOs face, which cyber leadership can use to help assess the state of their operational cyber defenses and inform planning for future defensive capabilities.