TA-08—Role-based Security Training
>Control Description
Organization personnel with key security responsibilities complete relevant role-based training on an annual basis:
• personnel must complete training prior to obtaining access to privileged security systems
• personnel with contingency responsibilities must complete role-based training within 10 days of assuming the role
• records of training completion are documented and retained for tracking purposes
Theme
People
Type
Preventive
Policy/Standard
Training & Awareness Procedure>Implementation Guidance
1. Ensure role-based training material contains details around key security responsibilities. 2. Training records for each employee shall be maintained for future tracking.
>Testing Procedure
1 Inspect training material to determine whether it detailed key security responsibilities relevant to role-based trainings. 2 Inspect training completion records for a sample of employees.
>Audit Artifacts
E-TA-02
E-TA-03
>Framework Mappings
Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.
Ask AI
Configure your API key to use AI features.