PR.AT-01—Personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind
>Control Description
This awareness and training subcategory ensures that personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind. Key activities include: Provide basic cybersecurity awareness and training to employees, contractors, partners, suppliers, and all other users of the organization’s non-pu...; Train personnel to recognize social engineering attempts and other common attacks, report attacks and suspicious activity, comply with acceptable u...; Explain the consequences of cybersecurity policy violations, both to individual users and the organization as a whole.
>Cross-Framework Mappings
>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
DCS-11
HRS-09
HRS-11
HRS-12
HRS-13
SEF-02
SEF-03
UEM-14
CIS Controls v8.0
14.1
CIS Controls v8.1
14.1
CRI Profile v2.0
PR.AT-01
PR.AT-01.01
PR.AT-01.02
PR.AT-01.03
PR.AT-01.04
CSF v1.1
PR.AT-1
PR.AT-3
RS.CO-1
CoP
C3
C4
ISO/IEC 27001:2022
Mandatory Clause: 7.3
Annex A Controls: 6.3
NICE Framework
IO-WRL-007
OG-WRL-002
OG-WRL-003
OG-WRL-004
OG-WRL-005
PCI DSS
12.6.1
12.6.3
SCF
SAT-02
SAT-03
SAT-03.6
SP 800-171 Rev 3
03.02.02
SP 800-218
PO.2.2
SP 800-221A
GV.CT-3
GV.RR-2
SP 800-53 Rev 5.1.1
AT-02
AT-03
SP 800-53 Rev 5.2.0
AT-02
AT-03
Ask AI
Configure your API key to use AI features.