CCI-000105
CCI-000105 Definition
Review and update the current security awareness and training procedures in accordance with an organization-defined frequency.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Determine if: - the current awareness and training procedures are reviewed and updated [AT-01_ODP[07]; the frequency at which the current awareness and training procedures are reviewed and updated is defined]. - the current awareness and training procedures are reviewed and updated following [AT-01_ODP[08]; events that would require procedures to be reviewed and updated are defined].
Validation Procedures
Examine: [SELECT FROM: System security plan; privacy plan; awareness and training policy and procedures; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with awareness and training responsibilities; organizational personnel with information security and privacy responsibilities].