πΌ PR.AT-02: Individuals in specialized roles are provided with awareness and training so that they possess the knowledge and skills to perform relevant tasks with cybersecurity risks in mind
- Contextual name: πΌ PR.AT-02: Individuals in specialized roles are provided with awareness and training so that they possess the knowledge and skills to perform relevant tasks with cybersecurity risks in mind
- ID:
/frameworks/nist-csf-v2.0/pr-at/02 - Located in: πΌ Awareness and Training (PR.AT)
Descriptionβ
- Identify the specialized roles within the organization that require additional cybersecurity training, such as physical and cybersecurity personnel, finance personnel, senior leadership, and anyone with access to business-critical data
- Provide role-based cybersecurity awareness and training to all those in specialized roles, including contractors, partners, suppliers, and other third parties
- Periodically assess or test users on their understanding of cybersecurity practices for their specialized roles
- Require annual refreshers to reinforce existing practices and introduce new practices
Similarβ
- Sections
/frameworks/nist-csf-v1.1/pr-at/02/frameworks/nist-csf-v1.1/pr-at/03/frameworks/nist-csf-v1.1/pr-at/04/frameworks/nist-csf-v1.1/pr-at/05/frameworks/nist-sp-800-53-r5/at/03
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ PR.AT-2: Privileged users understand their roles and responsibilities | ||||
| πΌ NIST CSF v1.1 β πΌ PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities | ||||
| πΌ NIST CSF v1.1 β πΌ PR.AT-4: Senior executives understand their roles and responsibilities | ||||
| πΌ NIST CSF v1.1 β πΌ PR.AT-5: Physical and cybersecurity personnel understand their roles and responsibilities | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ AT-3 Role-based Training | 5 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|