PM-13: Security and Privacy Workforce

Control Family:

Program Management

CSF v1.1 References:

Baselines:

  • Low

    N/A

  • Moderate

    N/A

  • High

    N/A

  • Privacy
    • PM-13

Previous Version:

Control Statement

Establish a security and privacy workforce development and improvement program.

Supplemental Guidance

Security and privacy workforce development and improvement programs include defining the knowledge, skills, and abilities needed to perform security and privacy duties and tasks; developing role-based training programs for individuals assigned security and privacy roles and responsibilities; and providing standards and guidelines for measuring and building individual qualifications for incumbents and applicants for security- and privacy-related positions. Such workforce development and improvement programs can also include security and privacy career paths to encourage security and privacy professionals to advance in the field and fill positions with greater responsibility. The programs encourage organizations to fill security- and privacy-related positions with qualified personnel. Security and privacy workforce development and improvement programs are complementary to organizational security awareness and training programs and focus on developing and institutionalizing the core security and privacy capabilities of personnel needed to protect organizational operations, assets, and individuals.