Navigate

CCI-003000

CCI-003000 Definition

The organization implements a process for ensuring that organizational plans for conducting security training activities associated with organizational information systems are developed.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process for ensuring that organizational plans for conducting security training activities associated with organizational information systems are developed.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed implements a process for ensuring that organizational plans for conducting security training activities associated with organizational information systems are developed.

Compelling Evidence

1.) Signed and dated testing development process documentation for conducting security training activities associated with organizational information systems.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003000.

Control	Description
PM-14	The organization: PM-14a.: Implements a process for ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems: PM-14a.1.: Are developed and maintained; and PM-14a.2.: Continue to be executed in a timely manner; PM-14b.: Reviews testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.

Control

Description

PM-14

The organization:

PM-14a.: Implements a process for ensuring that organizational plans for conducting security testing, training, and monitoring activities associated with organizational information systems:
- PM-14a.1.: Are developed and maintained; and
- PM-14a.2.: Continue to be executed in a timely manner;

PM-14b.: Reviews testing, training, and monitoring plans for consistency with the organizational risk management strategy and organization-wide priorities for risk response actions.