Navigate

CCI-003783

CCI-003783 Definition

Provide role-based privacy training to personnel with organization-defined roles and responsibilities before authorizing access to the system, information, or performing assigned duties.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - role-based security training is provided to [AT-03_ODP[01]; roles and responsibilities for role-based security training are defined] before authorizing access to the system, information, or performing assigned duties. - role-based privacy training is provided to [AT-03_ODP[02]; roles and responsibilities for role-based privacy training are defined] before authorizing access to the system, information, or performing assigned duties. - role-based security training is provided to [AT-03_ODP[01]; roles and responsibilities for role-based security training are defined] [AT-03_ODP[03]; the frequency at which to provide role-based security and privacy training to assigned personnel after initial training is defined] thereafter. - role-based privacy training is provided to [AT-03_ODP[02]; roles and responsibilities for role-based privacy training are defined] [AT-03_ODP[03]; the frequency at which to provide role-based security and privacy training to assigned personnel after initial training is defined] thereafter.

Validation Procedures

Examine: [SELECT FROM: System security plan; privacy plan; security and privacy awareness and training policy; procedures addressing security and privacy training implementation; codes of federal regulations; security and privacy training curriculum; security and privacy training materials; training records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for role-based security and privacy training; organizational personnel with assigned system security and privacy roles and responsibilities]. Test: [SELECT FROM: Mechanisms managing role-based security and privacy training].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003783.

Control	Description
AT-3	a: Provide role-based security and privacy training to personnel with the following roles and responsibilities: [one of ]: 1: Before authorizing access to the system, information, or performing assigned duties, and [the frequency at which to provide role-based security and privacy training to assigned personnel after initial training is defined;] thereafter; and 2: When required by system changes; b: Update role-based training content [the frequency at which to update role-based training content is defined;] and following [events that require role-based training content to be updated are defined;] ; and c: Incorporate lessons learned from internal or external security incidents or breaches into role-based training.

Control

Description

AT-3

a: Provide role-based security and privacy training to personnel with the following roles and responsibilities: [one of ]:
- 1: Before authorizing access to the system, information, or performing assigned duties, and [the frequency at which to provide role-based security and privacy training to assigned personnel after initial training is defined;] thereafter; and
- 2: When required by system changes;

b: Update role-based training content [the frequency at which to update role-based training content is defined;] and following [events that require role-based training content to be updated are defined;] ; and

c: Incorporate lessons learned from internal or external security incidents or breaches into role-based training.