CCI-000109
CCI-000109 Definition
The organization provides role-based security training to personnel with assigned security roles and responsibilities when required by information system changes.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Privileged user type Security-related education/training available through DISA IASE (e.g. VTE, Skill Soft, other professional sources) meets the provision of this control. The organization being inspected/assessed may define specific requirements within the above listed sources for their personnel.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines documented records (IAW AT-4) of their privileged users training.
DISA Compelling Evidence
1) Copy of system security plan (SSP) 2) security awareness and training policy