AT-2(6)—Literacy Training and Awareness | Cyber Threat Environment
IL5
IL6
>Control Description
(a) Provide literacy training on the cyber threat environment; and
(b) Reflect current cyber threat information in system operations.
>DoD Impact Level Requirements
No specific parameter values or requirements for this impact level.
>Discussion
Since threats continue to change over time, threat literacy training by the organization is dynamic. Moreover, threat literacy training is not performed in isolation from the system operations that support organizational mission and business functions.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What formal policies and procedures govern the implementation of AT-2(6) (Cyber Threat Environment)?
- •Who are the designated roles responsible for implementing, maintaining, and monitoring AT-2(6)?
- •How frequently is the AT-2(6) policy reviewed and updated, and what triggers policy changes?
- •What training or awareness programs ensure personnel understand their responsibilities related to AT-2(6)?
Technical Implementation:
- •Describe the specific technical mechanisms or controls used to enforce AT-2(6) requirements.
- •What automated tools, systems, or technologies are deployed to implement AT-2(6)?
- •How is AT-2(6) integrated into your system architecture and overall security posture?
- •What configuration settings, parameters, or technical specifications enforce AT-2(6) requirements?
Evidence & Documentation:
- •What documentation demonstrates the complete implementation of AT-2(6)?
- •What audit logs, records, reports, or monitoring data validate AT-2(6) compliance?
- •Can you provide evidence of periodic reviews, assessments, or testing of AT-2(6) effectiveness?
- •What artifacts would you present during a FedRAMP assessment to demonstrate AT-2(6) compliance?
Ask AI
Configure your API key to use AI features.