Navigate

CCI-000105

CCI-000105 Definition

The organization reviews and updates the current security awareness and training procedures in accordance with an organization-defined frequency.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoDD 8570.01 meets the DoD requirement for IA awareness training policy and procedures.DoD Components are automatically compliant with this CCI because they are covered by the DoD level policy, DoDD 8570.01.DoD has defined the frequency as annually.

Validation Procedures

DoD Components are automatically compliant with this CCI because they are covered by the DoD level policy, DoDD 8570.01.DoD has defined the frequency as annually.

Compelling Evidence

Automatically compliant per DoDD 8570.01

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000105.

Control	Description
AT-1	The organization: AT-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: AT-1a.1.: A security awareness and training policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and AT-1a.2.: Procedures to facilitate the implementation of the security awareness and training policy and associated security awareness and training controls; and AT-1b.: Reviews and updates the current: AT-1b.1.: Security awareness and training policy [Assignment: organization-defined frequency]; and AT-1b.2.: Security awareness and training procedures [Assignment: organization-defined frequency].

Control

Description

AT-1

The organization:

AT-1a.: Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]:
- AT-1a.1.: A security awareness and training policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
- AT-1a.2.: Procedures to facilitate the implementation of the security awareness and training policy and associated security awareness and training controls; and

AT-1b.: Reviews and updates the current:
- AT-1b.1.: Security awareness and training policy [Assignment: organization-defined frequency]; and
- AT-1b.2.: Security awareness and training procedures [Assignment: organization-defined frequency].