πΌ PR.AT-01: Personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind
- Contextual name: πΌ PR.AT-01: Personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind
- ID:
/frameworks/nist-csf-v2.0/pr-at/01 - Located in: πΌ Awareness and Training (PR.AT)
Descriptionβ
- Provide basic cybersecurity awareness and training to employees, contractors, partners, suppliers, and all other users of the organization's non-public resources
- Train personnel to recognize social engineering attempts and other common attacks, report attacks and suspicious activity, comply with acceptable use policies, and perform basic cyber hygiene tasks (e.g., patching software, choosing passwords, protecting credentials)
- Explain the consequences of cybersecurity policy violations, both to individual users and the organization as a whole
- Periodically assess or test users on their understanding of basic cybersecurity practices
- Require annual refreshers to reinforce existing practices and introduce new practices
Similarβ
- Sections
/frameworks/nist-csf-v1.1/pr-at/01/frameworks/nist-csf-v1.1/pr-at/03/frameworks/nist-csf-v1.1/rs-co/01/frameworks/nist-sp-800-53-r5/at/02/frameworks/nist-sp-800-53-r5/at/03
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ PR.AT-1: All users are informed and trained | 7 | 7 | ||
| πΌ NIST CSF v1.1 β πΌ PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities | ||||
| πΌ NIST CSF v1.1 β πΌ RS.CO-1: Personnel know their roles and order of operations when a response is needed | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ AT-2 Literacy Training and Awareness | 6 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AT-3 Role-based Training | 5 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (7)β
| Policy | Logic Count | Flags |
|---|---|---|
| π Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For App Services is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For Containers is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For Key Vault is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For Servers is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For Storage is not set to On π’ | 1 | π’ x6 |