KSI-CED-RGT—Reviewing General Training
Formerly KSI-CED-01
>Control Description
>NIST 800-53 Controls
>Trust Center Components4
Ways to express your implementation of this indicator — approaches vary by organization size, complexity, and data sensitivity.
From the field: Mature implementations express data governance through automated lifecycle management — retention policies enforced by platform rules, disposal verified through cryptographic erasure logs, and data lifecycle dashboards showing retention compliance across all data categories. Data governance becomes machine-auditable through automated policy enforcement.
Data Retention Enforcement
Automated enforcement of retention and disposal policies — platform rules expire data according to classification, with disposal verification logs
Data Disposal Certification
Certificates or attestations for secure data disposal — cryptographic erasure verification and media destruction records
Data Lifecycle Documentation
Complete data lifecycle from collection through disposal — showing retention periods by data category
Data Retention and Disposal Policy
Human-readable data retention schedules and secure disposal procedures — documents intent behind automated lifecycle rules
>Programmatic Queries
CLI Commands
curl -s -H "Authorization: Bearer ${LMS_TOKEN}" "${LMS_URL}/api/v1/courses?category=security-awareness" | jq '.[].{name,completion_rate,due_date}'curl -s -H "Authorization: Bearer ${LMS_TOKEN}" "${LMS_URL}/api/v1/enrollments?status=overdue&course_category=security" | jq '.[].{user,course,due_date}'>20x Assessment Focus Areas
Aligned with FedRAMP 20x Phase Two assessment methodology
Completeness & Coverage:
- •Does general security training cover all required topics — phishing awareness, social engineering, data handling, password hygiene, incident reporting, and acceptable use?
- •Are all employees included in training requirements — full-time, part-time, contractors, and temporary staff with access to organizational systems?
- •How do you ensure training addresses current threats (AI-powered phishing, deepfakes, business email compromise) rather than only historical patterns?
- •When new policies or security procedures are introduced, how quickly are they incorporated into training content?
Automation & Validation:
- •What automated mechanisms flag employees who have not completed required training and escalate to management?
- •How do you measure training effectiveness beyond completion rates — for example, through phishing simulations, knowledge assessments, or behavioral metrics?
- •What happens if an employee fails a post-training assessment — are they automatically re-enrolled and tracked until they pass?
- •How do you detect if phishing simulation click rates or security incident rates are not improving despite training — triggering a training content review?
Inventory & Integration:
- •How does your LMS integrate with HR systems to automatically enroll new hires and remove terminated employees?
- •What tools deliver training content, and how do they support varied learning formats (video, interactive modules, assessments)?
- •How is training completion data integrated with access management — can employees be restricted from systems if training is overdue?
- •Are phishing simulation results correlated with training modules to identify which topics need reinforcement?
Continuous Evidence & Schedules:
- •What is the required training frequency, and what evidence demonstrates 100% completion within each training cycle?
- •Is training completion and effectiveness data available via API or dashboard for ongoing monitoring?
- •How do you demonstrate that training effectiveness reviews are conducted on schedule and result in content updates?
- •What metrics trending over time show that general security awareness is improving across the organization?
Update History
Ask AI
Configure your API key to use AI features.