[csf.tools Note: Subcategories do not have detailed descriptions.]
Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.
NIST Special Publication 800-53 Revision 5
Provide role-based security and privacy training to personnel with the following roles and responsibilities: [Assignment: organization-defined roles and responsibilities]: Before authorizing access to the system, information, or performing assigned duties, and [Assignment: organization-defined frequency] thereafter; and When required by system changes; Update role-based training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and Incorporate…
Establish a security and privacy workforce development and improvement program.
Cloud Controls Matrix v3.0.1
Executive and line management shall take formal action to support information security through clearly-documented direction and commitment, and shall ensure the action has been assigned.
Roles and responsibilities of contractors, employees, and third-party users shall be documented as they relate to information assets and security.
Critical Security Controls Version 7.1
For all functional roles in the organization (prioritizing those mission-critical to the business and its security), identify the specific knowledge, skills, and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.
Critical Security Controls Version 8
Establish and maintain a security awareness program to influence behavior among the workforce to be security conscious and properly skilled to reduce cybersecurity risks to the enterprise.
NIST Special Publication 800-53 Revision 4
The organization provides role-based security training to personnel with assigned security roles and responsibilities: Before authorizing access to the information system or performing assigned duties; When required by information system changes; and [Assignment: organization-defined frequency] thereafter.
The organization establishes an information security workforce development and improvement program.