GV.AT-P2: Senior executives understand their roles and responsibilities
CSF v1.1 References:
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.
Related Controls
NIST Special Publication 800-53 Revision 5
AT-3: Role-based Training
Provide role-based security and privacy training to personnel with the following roles and responsibilities: [Assignment: organization-defined roles and responsibilities]: Before authorizing access to the system, information, or performing assigned duties, and [Assignment: organization-defined frequency] thereafter; and When required by system changes; Update role-based training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and Incorporateā¦
PM-13: Security and Privacy Workforce
Establish a security and privacy workforce development and improvement program.
Cloud Controls Matrix v3.0.1
GRM-05: Management Support/Involvement
Executive and line management shall take formal action to support information security through clearly-documented direction and commitment, and shall ensure the action has been assigned.
HRS-07: Roles / Responsibilities
Roles and responsibilities of contractors, employees, and third-party users shall be documented as they relate to information assets and security.
Critical Security Controls Version 8
14: Security Awareness and Skills Training
Establish and maintain a security awareness program to influence behavior among the workforce to be security conscious and properly skilled to reduce cybersecurity risks to the enterprise.
NIST Special Publication 800-53 Revision 4
AT-3: Role-Based Security Training
The organization provides role-based security training to personnel with assigned security roles and responsibilities: Before authorizing access to the information system or performing assigned duties; When required by information system changes; and [Assignment: organization-defined frequency] thereafter.
PM-13: Information Security Workforce
The organization establishes an information security workforce development and improvement program.
Critical Security Controls Version 7.1
17: Implement a Security Awareness and Training Program
For all functional roles in the organization (prioritizing those mission-critical to the business and its security), identify the specific knowledge, skills, and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.