Reference: CMMC 2.0
Level Introduced: 2
Title: Role-Based Training
Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities.
Training imparts skills and knowledge. It enables staff to perform a specific resilience function. Training programs identify cybersecurity skill gaps within your organization. Then, the programs train users on their specific cybersecurity roles and responsibilities.
There is an important distinction between awareness training and role-based training. Awareness training provides general security training to influence user behavior. Role- based training focuses on the knowledge, skills, and abilities needed to complete a specific job.
Your company upgraded the firewall to a newer, more advanced system. Your company identified you as an employee who needs training on the device. This will enable you to use it effectively. Your company considered this when it planned for the upgrade. It made training funds available as part of the upgrade project.