CCI-003791

Defines the frequency for providing training in the employment and operation of personally identifiable information processing and transparency controls to personnel or roles.

Implementation Guidance

Determine if [AT-03(05)_ODP[01]; personnel or roles to be provided with initial and refresher training in the employment and operation of personally identifiable information processing and transparency controls is/are defined] are provided with initial and refresher training [AT-03(05)_ODP[02]; the frequency at which to provide refresher training in the employment and operation of personally identifiable information processing and transparency controls is defined] in the employment and operation of personally identifiable information processing and transparency controls.

Validation Procedures

Examine: [SELECT FROM: Security and privacy awareness and training policy; procedures addressing security and privacy awareness training implementation; security and privacy awareness training curriculum; security and privacy awareness training materials; system security plan; privacy plan; organizational privacy notices; organizational policies; system of records notices; Privacy Act statements; computer matching agreements and notices; privacy impact assessments; information sharing agreements; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibilities for role-based security and privacy training; organizational personnel who participate in security and privacy awareness training].

The controls below (if any) were marked by NIST as being related to CCI-003791.