Reference: CMMC 2.0
Family: AT
Level Introduced: 2
Title: Role-Based Training
Practice:
Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities.
CMMC Clarification:
Training imparts skills and knowledge. It enables staff to perform a specific resilience function. Training programs identify cybersecurity skill gaps within your organization. Then, the programs train users on their specific cybersecurity roles and responsibilities.
There is an important distinction between awareness training and role-based training. Awareness training provides general security training to influence user behavior. Role- based training focuses on the knowledge, skills, and abilities needed to complete a specific job.
Example
Your company upgraded the firewall to a newer, more advanced system. Your company identified you as an employee who needs training on the device. This will enable you to use it effectively. Your company considered this when it planned for the upgrade. It made training funds available as part of the upgrade project.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (2)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.