compliance controls are associated with this Policy definition 'Require developers to provide training' (676c3c35-3c36-612c-9523-36d266a65000)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
SA-16 |
FedRAMP_High_R4_SA-16 |
FedRAMP High SA-16 |
System And Services Acquisition |
Developer-Provided Training |
Shared |
n/a |
The organization requires the developer of the information system, system component, or information system service to provide [Assignment: organization-defined training] on the correct use and operation of the implemented security functions, controls, and/or mechanisms.
Supplemental Guidance: This control applies to external and internal (in-house) developers. Training of personnel is an essential element to ensure the effectiveness of security controls implemented within organizational information systems. Training options include, for example, classroom-style training, web-based/computer-based training, and hands-on training. Organizations can also request sufficient training materials from developers to conduct in-house training or offer self- training to organizational personnel. Organizations determine the type of training necessary and may require different types of training for different security functions, controls, or mechanisms. Related controls: AT-2, AT-3, SA-5.
References: None. |
link |
1 |
| hipaa |
0108.02d1Organizational.23-02.d |
hipaa-0108.02d1Organizational.23-02.d |
0108.02d1Organizational.23-02.d |
01 Information Protection Program |
0108.02d1Organizational.23-02.d 02.03 During Employment |
Shared |
n/a |
The organization ensures plans for security testing, training, and monitoring activities are developed, implemented, maintained, and reviewed for consistency with the risk management strategy and response priorities. |
|
8 |
| hipaa |
1304.02e3Organizational.1-02.e |
hipaa-1304.02e3Organizational.1-02.e |
1304.02e3Organizational.1-02.e |
13 Education, Training and Awareness |
1304.02e3Organizational.1-02.e 02.03 During Employment |
Shared |
n/a |
Personnel with significant security responsibilities receive specialized education and training on their roles and responsibilities: (i) prior to being granted access to the organization’s systems and resources; (ii) when required by system changes; (iii) when entering into a new position that requires additional training; and, (iv) no less than annually thereafter. |
|
9 |
| NIST_SP_800-53_R4 |
SA-16 |
NIST_SP_800-53_R4_SA-16 |
NIST SP 800-53 Rev. 4 SA-16 |
System And Services Acquisition |
Developer-Provided Training |
Shared |
n/a |
The organization requires the developer of the information system, system component, or information system service to provide [Assignment: organization-defined training] on the correct use and operation of the implemented security functions, controls, and/or mechanisms.
Supplemental Guidance: This control applies to external and internal (in-house) developers. Training of personnel is an essential element to ensure the effectiveness of security controls implemented within organizational information systems. Training options include, for example, classroom-style training, web-based/computer-based training, and hands-on training. Organizations can also request sufficient training materials from developers to conduct in-house training or offer self- training to organizational personnel. Organizations determine the type of training necessary and may require different types of training for different security functions, controls, or mechanisms. Related controls: AT-2, AT-3, SA-5.
References: None. |
link |
1 |
| NIST_SP_800-53_R5 |
SA-16 |
NIST_SP_800-53_R5_SA-16 |
NIST SP 800-53 Rev. 5 SA-16 |
System and Services Acquisition |
Developer-provided Training |
Shared |
n/a |
Require the developer of the system, system component, or system service to provide the following training on the correct use and operation of the implemented security and privacy functions, controls, and/or mechanisms: [Assignment: organization-defined training]. |
link |
1 |