CCI-000109
CCI-000109 Definition
Provide role-based security training to personnel with organization-defined roles and responsibilities when required by system changes.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Privileged user type Security-related education/training available through DISA IASE (e.g. VTE, Skill Soft, other professional sources) meets the provision of this control. The organization being inspected/assessed may define specific requirements within the above listed sources for their personnel.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines documented records (IAW AT-4) of their privileged users training.
Compelling Evidence
1.) Signed and dated system security plan (SSP) 2.) Signed and dated security awareness and training policy 3.) Sampling of training records of randomly selected individuals