CMMC Practice AT.L2-3.2.1

Ensure that managers, system administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.

Bold Coast Security Guidance

Training is key! A large number of your workforce have never been told exactly what the "bad guys" are capable of how they are attempting to fool users via phone, email and text messages. Its imperative to get the message out to all of them on a regular basis so they are prepared and can spot the signs of malicious behavior. We also recommend taking the stance of a "no blame" organization: People need to feel empowered to report it when that ARE fooled by a phishing email, etc. If they fear retribution, they will not notify anyone, and you have missed an opportunity to catch malicious behavior at the start. During your training, reinforce that idea with your users. You will also use this information to define future training needs.
Security Catapult

Be prepared for CMMC

Our Q&A assessment tool is designed by security advisors for MSPs and DoD contractors of all sizes.

Try now for free

Understand your gaps
Security Catapult

Understand your gaps

See compliance gaps, compliance scores and proactive security tasks in a single interface.

Try now for free

Validate NIST SP 800-171
Security Catapult

Validate NIST SP 800-171

Based on your CMMC answers, we let you know where you stand on NIST.

Try now for free

Build a plan of action
Security Catapult

Build a plan of action

Track your burn down and stay on top of security needs.

Try now for free

Build your policy
Security Catapult

Build your policy

Say goodbye to maintaining a security policy. We do it for you.

Try now for free

Discussion From Source

DRAFT NIST SP 800-171 R2 Organizations determine the content and frequency of security awareness training and security awareness techniques based on the specific organizational requirements and the systems to which personnel have authorized access. The content includes a basic understanding of the need for information security and user actions to maintain security and to respond to suspected security incidents. The content also addresses awareness of the need for operations security. Security awareness techniques include: formal training; offering supplies inscribed with security reminders; generating email advisories or notices from organizational officials; displaying logon screen messages; displaying security awareness posters; and conducting information security awareness events. NIST SP 800-50 provides guidance on security awareness and training programs.

References