💼 AT-3 Role-based Training

• Contextual name: 💼 AT-3 Role-based Training
• ID: /frameworks/nist-sp-800-53-r5/at/03
• Located in: 💼 AT Awareness And Training

Description

a. Provide role-based security and privacy training to personnel with the following roles and responsibilities: [Assignment: organization-defined roles and responsibilities]:

1. Before authorizing access to the system, information, or performing assigned duties, and [Assignment: organization-defined frequency] thereafter; and
2. When required by system changes; b. Update role-based training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and c. Incorporate lessons learned from internal or external security incidents or breaches into role-based training.

Similar

• Internal
  • ID: dec-c-8c445027

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 FedRAMP High Security Controls → 💼 AT-3 Role-based Training (L)(M)(H)
💼 FedRAMP Low Security Controls → 💼 AT-3 Role-based Training (L)(M)(H)
💼 NIST CSF v2.0 → 💼 PR.AT-01: Personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind			8
💼 NIST CSF v2.0 → 💼 PR.AT-02: Individuals in specialized roles are provided with awareness and training so that they possess the knowledge and skills to perform relevant tasks with cybersecurity risks in mind

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 AT-3(1) Role-based Training _ Environmental Controls
💼 AT-3(2) Role-based Training _ Physical Security Controls
💼 AT-3(3) Role-based Training _ Practical Exercises
💼 AT-3(4) Role-based Training _ Suspicious Communications and Anomalous System Behavior
💼 AT-3(5) Role-based Training _ Processing Personally Identifiable Information