Awareness and Training (AT)
Provide literacy training on recognizing and reporting potential indicators of insider threat.
Awareness and Training (AT)
Provide literacy training on recognizing and reporting potential and actual instances of social engineering and social mining.
Awareness and Training (AT)
Provide literacy training on recognizing suspicious communications and anomalous behavior in organizational systems using [Assignment: organization-defined indicators of malicious code].
Awareness and Training (AT)
Provide literacy training on the advanced persistent threat.
Awareness and Training (AT)
(a) Provide literacy training on the cyber threat environment; and (b) Reflect current cyber threat information in system operations.
Awareness and Training (AT)
Level N/A
a. Provide role-based security and privacy training to personnel with the following roles and responsibilities: [Assignment: organization-defined roles and responsibilities]: 1. Before authorizing access to the system, information, or performing assigned duties, and [Assignment: organization-defined frequency] thereafter; and 2. When required by system changes; b. Update role-based training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and c. Incorporate lessons learned from internal or external security incidents or breaches into role-based training.
Awareness and Training (AT)
Provide [Assignment: organization-defined personnel or roles] with initial and [Assignment: organization-defined frequency] training in the employment and operation of environmental controls.
Awareness and Training (AT)
Provide [Assignment: organization-defined personnel or roles] with initial and [Assignment: organization-defined frequency] training in the employment and operation of physical security controls.
Awareness and Training (AT)
Provide practical exercises in security and privacy training that reinforce training objectives.
Awareness and Training (AT)
[Withdrawn: Moved to AT-2(4)].
