💼 AT-3 Role-based Training
- ID:
/frameworks/nist-sp-800-53-r5/at/03
Description​
a. Provide role-based security and privacy training to personnel with the following roles and responsibilities: [Assignment: organization-defined roles and responsibilities]:
- Before authorizing access to the system, information, or performing assigned duties, and [Assignment: organization-defined frequency] thereafter; and
- When required by system changes; b. Update role-based training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and c. Incorporate lessons learned from internal or external security incidents or breaches into role-based training.
Similar​
- Internal
- ID:
dec-c-8c445027
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 AT-3 Role-based Training (L)(M)(H) | no data | ||||
| 💼 FedRAMP Low Security Controls → 💼 AT-3 Role-based Training (L)(M)(H) | no data | ||||
| 💼 NIST CSF v2.0 → 💼 PR.AT-01: Personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind | 8 | no data | |||
| 💼 NIST CSF v2.0 → 💼 PR.AT-02: Individuals in specialized roles are provided with awareness and training so that they possess the knowledge and skills to perform relevant tasks with cybersecurity risks in mind | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 AT-3(1) Role-based Training _ Environmental Controls | no data | ||||
| 💼 AT-3(2) Role-based Training _ Physical Security Controls | no data | ||||
| 💼 AT-3(3) Role-based Training _ Practical Exercises | no data | ||||
| 💼 AT-3(4) Role-based Training _ Suspicious Communications and Anomalous System Behavior | no data | ||||
| 💼 AT-3(5) Role-based Training _ Processing Personally Identifiable Information | no data |