GV.AT-P3: Privacy personnel understand their roles and responsibilities

CSF v1.1 References:

Description

[csf.tools Note: Subcategories do not have detailed descriptions.]

Related Controls

NIST Special Publication 800-53 Revision 5

AT-3: Role-based Training

Provide role-based security and privacy training to personnel with the following roles and responsibilities: [Assignment: organization-defined roles and responsibilities]: Before authorizing access to the system, information, or performing assigned duties, and [Assignment: organization-defined frequency] thereafter; and When required by system changes; Update role-based training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and Incorporateā€¦

CP-3: Contingency Training

Provide contingency training to system users consistent with assigned roles and responsibilities: Within [Assignment: organization-defined time period] of assuming a contingency role or responsibility; When required by system changes; and [Assignment: organization-defined frequency] thereafter; and Review and update contingency training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events].

IR-2: Incident Response Training

Provide incident response training to system users consistent with assigned roles and responsibilities: Within [Assignment: organization-defined time period] of assuming an incident response role or responsibility or acquiring system access; When required by system changes; and [Assignment: organization-defined frequency] thereafter; and Review and update incident response training content [Assignment: organization-defined frequency] and following [Assignment: organization-definedā€¦

Cloud Controls Matrix v3.0.1

HRS-07: Roles / Responsibilities

Roles and responsibilities of contractors, employees, and third-party users shall be documented as they relate to information assets and security.

Critical Security Controls Version 7.1

17: Implement a Security Awareness and Training Program

For all functional roles in the organization (prioritizing those mission-critical to the business and its security), identify the specific knowledge, skills, and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.

Critical Security Controls Version 8

14: Security Awareness and Skills Training

Establish and maintain a security awareness program to influence behavior among the workforce to be security conscious and properly skilled to reduce cybersecurity risks to the enterprise.

16: Application Software Security

Manage the security life cycle of in-house developed, hosted, or acquired software to prevent, detect, and remediate security weaknesses before they can impact the enterprise.

NIST Special Publication 800-53 Revision 4

AT-3: Role-Based Security Training

The organization provides role-based security training to personnel with assigned security roles and responsibilities: Before authorizing access to the information system or performing assigned duties; When required by information system changes; and [Assignment: organization-defined frequency] thereafter.

CP-3: Contingency Training

The organization provides contingency training to information system users consistent with assigned roles and responsibilities: Within [Assignment: organization-defined time period] of assuming a contingency role or responsibility; When required by information system changes; and [Assignment: organization-defined frequency] thereafter.

IR-2: Incident Response Training

The organization provides incident response training to information system users consistent with assigned roles and responsibilities: Within [Assignment: organization-defined time period] of assuming an incident response role or responsibility; When required by information system changes; and [Assignment: organization-defined frequency] thereafter.