An error occurred:

CCI-000106

CCI-000106 Definition

Provide basic security literacy training to system users (including managers, senior executives, and contractors) as part of initial training for new users.
Status
Type CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - security literacy training is provided to system users (including managers, senior executives, and contractors) as part of initial training for new users. - privacy literacy training is provided to system users (including managers, senior executives, and contractors) as part of initial training for new users. - security literacy training is provided to system users (including managers, senior executives, and contractors) [AT-02_ODP[01]; the frequency at which to provide security literacy training to system users (including managers, senior executives, and contractors) after initial training is defined] thereafter. - privacy literacy training is provided to system users (including managers, senior executives, and contractors) [AT-02_ODP[02]; the frequency at which to provide privacy literacy training to system users (including managers, senior executives, and contractors) after initial training is defined] thereafter.

Validation Procedures

Examine: [SELECT FROM: System security plan; privacy plan; literacy training and awareness policy; procedures addressing literacy training and awareness implementation; appropriate codes of federal regulations; security and privacy literacy training curriculum; security and privacy literacy training materials; training records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for literacy training and awareness; organizational personnel with information security and privacy responsibilities; organizational personnel comprising the general system user community]. Test: [SELECT FROM: Mechanisms managing information security and privacy literacy training].