>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-16Developer Provided Training

PBMM (P3)
Secret (P3)
Management

>Control Description

(A) The organization requires the developer of the information system, system component, or information system service to provide organization-defined training on the correct use and operation of the implemented security functions, controls, and/or mechanisms.

>Supplemental Guidance

This control applies to external and internal (in-house) developers. Training of personnel is an essential element to ensure the effectiveness of security controls implemented within organizational information systems. Training options include, for example, classroom-style training, web-based/computer-based training, and hands-on training.

Organizations can also request sufficient training materials from developers to conduct in-house training or offer self-training to organizational personnel. Organizations determine the type of training necessary and may require different types of training for different security functions, controls, or mechanisms. Related controls: AT-2, AT-3, SA-5

>Tailoring Guidance

Apply to custom developed systems or components.

Ask AI

Configure your API key to use AI features.