14.1: Establish and Maintain a Security Awareness Program

CSF v1.1 References:

PF v1.0 References:

Group:

Info icon.

Incorporates the following controls from the previous version: 17.3: Implement a Security Awareness Program, 17.4: Update Awareness Content Frequently.

Control Statement

Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]