AT: Awareness and Training

Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]: [Assignment (one or more): organization-level, mission/business process-level, system-level] awareness and training policy that: Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and Procedures to facilitate the…

Provide security and privacy literacy training to system users (including managers, senior executives, and contractors): As part of initial training for new users and [Assignment: organization-defined frequency] thereafter; and When required by system changes or following [Assignment: organization-defined events]; Employ the following techniques to increase the security and privacy awareness of system users [Assignment: organization-defined…

Provide role-based security and privacy training to personnel with the following roles and responsibilities: [Assignment: organization-defined roles and responsibilities]: Before authorizing access to the system, information, or performing assigned duties, and [Assignment: organization-defined frequency] thereafter; and When required by system changes; Update role-based training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and Incorporate…

Document and monitor information security and privacy training activities, including security and privacy awareness training and specific role-based security and privacy training; and Retain individual training records for [Assignment: organization-defined time period].

Provide feedback on organizational training results to the following personnel [Assignment: organization-defined frequency]: [Assignment: organization-defined personnel].