💼 PR.AT-01: Personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind
- Contextual name: 💼 PR.AT-01: Personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind
- ID:
/frameworks/nist-csf-v2.0/pr-at/01 - Located in: 💼 Awareness and Training (PR.AT)
Description
- Provide basic cybersecurity awareness and training to employees, contractors, partners, suppliers, and all other users of the organization's non-public resources
- Train personnel to recognize social engineering attempts and other common attacks, report attacks and suspicious activity, comply with acceptable use policies, and perform basic cyber hygiene tasks (e.g., patching software, choosing passwords, protecting credentials)
- Explain the consequences of cybersecurity policy violations, both to individual users and the organization as a whole
- Periodically assess or test users on their understanding of basic cybersecurity practices
- Require annual refreshers to reinforce existing practices and introduce new practices
Similar
- Sections
/frameworks/nist-csf-v1.1/pr-at/01/frameworks/nist-csf-v1.1/pr-at/03/frameworks/nist-csf-v1.1/rs-co/01/frameworks/nist-sp-800-53-r5/at/02/frameworks/nist-sp-800-53-r5/at/03
Similar Sections (Take Policies From)
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|