Navigate

CCI-000109

CCI-000109 Definition

The organization provides role-based security training to personnel with assigned security roles and responsibilities when required by information system changes.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Privileged user type Security-related education/training available through DISA IASE (e.g. VTE, Skill Soft, other professional sources) meets the provision of this control. The organization being inspected/assessed may define specific requirements within the above listed sources for their personnel.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines documented records (IAW AT-4) of their privileged users training.

Compelling Evidence

1.) Signed and dated system security plan (SSP) 2.) Signed and dated security awareness and training policy 3.) Sampling of training records of randomly selected individuals

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000109.

Control	Description
AT-3	The organization provides role-based security training to personnel with assigned security roles and responsibilities: AT-3a.: Before authorizing access to the information system or performing assigned duties; AT-3b.: When required by information system changes; and AT-3c.: [Assignment: organization-defined frequency] thereafter.