Skip to main content

πŸ’Ό AT-3 Role-based Training

  • Contextual name: πŸ’Ό AT-3 Role-based Training
  • ID: /frameworks/nist-sp-800-53-r5/at/03
  • Located in: πŸ’Ό AT Awareness And Training

Description​

a. Provide role-based security and privacy training to personnel with the following roles and responsibilities: [Assignment: organization-defined roles and responsibilities]:

  1. Before authorizing access to the system, information, or performing assigned duties, and [Assignment: organization-defined frequency] thereafter; and
  2. When required by system changes; b. Update role-based training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and c. Incorporate lessons learned from internal or external security incidents or breaches into role-based training.

Similar​

  • Internal
    • ID: dec-c-8c445027

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό AT-3 Role-based Training (L)(M)(H)
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό AT-3 Role-based Training (L)(M)(H)
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.AT-01: Personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.AT-02: Individuals in specialized roles are provided with awareness and training so that they possess the knowledge and skills to perform relevant tasks with cybersecurity risks in mind

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό AT-3(1) Role-based Training _ Environmental Controls
πŸ’Ό AT-3(2) Role-based Training _ Physical Security Controls
πŸ’Ό AT-3(3) Role-based Training _ Practical Exercises
πŸ’Ό AT-3(4) Role-based Training _ Suspicious Communications and Anomalous System Behavior
πŸ’Ό AT-3(5) Role-based Training _ Processing Personally Identifiable Information