| 💼 12.6.1 A formal security awareness program is implemented to make all personnel aware of the entity's information security policy and procedures, and their role in protecting the cardholder data. | | | | | no data |
| 💼 12.6.2 The security awareness program is reviewed at least once every 12 months, and updated to address any new threats and vulnerabilities. | | | | | no data |
| 💼 12.6.3 Personnel receive security awareness training. | 2 | | | | no data |
|  💼 12.6.3.1 Security awareness training includes awareness of threats and vulnerabilities that could impact the security of the CDE. | | | | | no data |
|  💼 12.6.3.2 Security awareness training includes awareness about the acceptable use of end-user technologies. | | | | | no data |