CMMC Practices
Reference: CMMC 2.11
Family: AT
Level Introduced: 3
Title: Advanced Threat Awareness
Practice:
Provide awareness training upon initial hire, following a significant cyber event, and at least annually, focused on recognizing and responding to threats from social engineering, advanced persistent threat actors, breaches, and suspicious behaviors; update the training at least annually or when there are significant changes to the threat.
NIST 800-172 Requirements (2)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
Source: CMMC v2.0