CCI-003774

Incorporate lessons learned from internal or external security incidents or breaches into literacy training and awareness techniques.

Implementation Guidance

Determine if lessons learned from internal or external security incidents or breaches are incorporated into literacy training and awareness techniques.

Validation Procedures

Examine: [SELECT FROM: System security plan; privacy plan; literacy training and awareness policy; procedures addressing literacy training and awareness implementation; appropriate codes of federal regulations; security and privacy literacy training curriculum; security and privacy literacy training materials; training records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for literacy training and awareness; organizational personnel with information security and privacy responsibilities; organizational personnel comprising the general system user community]. Test: [SELECT FROM: Mechanisms managing information security and privacy literacy training].

The controls below (if any) were marked by NIST as being related to CCI-003774.