GV.AT-P3: Privacy personnel understand their roles and responsibilities
CSF v1.1 References:
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Related Controls
NIST Special Publication 800-53 Revision 5
AT-3: Role-based Training
Provide role-based security and privacy training to personnel with the following roles and responsibilities: [Assignment: organization-defined roles and responsibilities]: Before authorizing access to the system, information, or performing assigned duties, and [Assignment: organization-defined frequency] thereafter; and When required by system changes; Update role-based training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and Incorporateā¦
CP-3: Contingency Training
Provide contingency training to system users consistent with assigned roles and responsibilities: Within [Assignment: organization-defined time period] of assuming a contingency role or responsibility; When required by system changes; and [Assignment: organization-defined frequency] thereafter; and Review and update contingency training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events].
IR-2: Incident Response Training
Provide incident response training to system users consistent with assigned roles and responsibilities: Within [Assignment: organization-defined time period] of assuming an incident response role or responsibility or acquiring system access; When required by system changes; and [Assignment: organization-defined frequency] thereafter; and Review and update incident response training content [Assignment: organization-defined frequency] and following [Assignment: organization-definedā¦
PM-13: Security and Privacy Workforce
Establish a security and privacy workforce development and improvement program.
Cloud Controls Matrix v3.0.1
HRS-07: Roles / Responsibilities
Roles and responsibilities of contractors, employees, and third-party users shall be documented as they relate to information assets and security.
Critical Security Controls Version 8
14: Security Awareness and Skills Training
Establish and maintain a security awareness program to influence behavior among the workforce to be security conscious and properly skilled to reduce cybersecurity risks to the enterprise.
16: Application Software Security
Manage the security life cycle of in-house developed, hosted, or acquired software to prevent, detect, and remediate security weaknesses before they can impact the enterprise.
NIST Special Publication 800-53 Revision 4
AT-3: Role-Based Security Training
The organization provides role-based security training to personnel with assigned security roles and responsibilities: Before authorizing access to the information system or performing assigned duties; When required by information system changes; and [Assignment: organization-defined frequency] thereafter.
CP-3: Contingency Training
The organization provides contingency training to information system users consistent with assigned roles and responsibilities: Within [Assignment: organization-defined time period] of assuming a contingency role or responsibility; When required by information system changes; and [Assignment: organization-defined frequency] thereafter.
IR-2: Incident Response Training
The organization provides incident response training to information system users consistent with assigned roles and responsibilities: Within [Assignment: organization-defined time period] of assuming an incident response role or responsibility; When required by information system changes; and [Assignment: organization-defined frequency] thereafter.
PM-13: Information Security Workforce
The organization establishes an information security workforce development and improvement program.
Critical Security Controls Version 7.1
17: Implement a Security Awareness and Training Program
For all functional roles in the organization (prioritizing those mission-critical to the business and its security), identify the specific knowledge, skills, and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.