compliance controls are associated with this Policy definition 'Monitor security and privacy training completion' (82bd024a-5c99-05d6-96ff-01f539676a1a)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
AT-4 |
FedRAMP_High_R4_AT-4 |
FedRAMP High AT-4 |
Awareness And Training |
Security Training Records |
Shared |
n/a |
The organization:
a. Documents and monitors individual information system security training activities including basic security awareness training and specific information system security training; and
b. Retains individual training records for [Assignment: organization-defined time period].
Supplemental Guidance: Documentation for specialized training may be maintained by individual supervisors at the option of the organization. Related controls: AT-2, AT-3, PM-14.
Control Enhancements: None.
References: None. |
link |
3 |
| FedRAMP_Moderate_R4 |
AT-4 |
FedRAMP_Moderate_R4_AT-4 |
FedRAMP Moderate AT-4 |
Awareness And Training |
Security Training Records |
Shared |
n/a |
The organization:
a. Documents and monitors individual information system security training activities including basic security awareness training and specific information system security training; and
b. Retains individual training records for [Assignment: organization-defined time period].
Supplemental Guidance: Documentation for specialized training may be maintained by individual supervisors at the option of the organization. Related controls: AT-2, AT-3, PM-14.
Control Enhancements: None.
References: None. |
link |
3 |
| hipaa |
0108.02d1Organizational.23-02.d |
hipaa-0108.02d1Organizational.23-02.d |
0108.02d1Organizational.23-02.d |
01 Information Protection Program |
0108.02d1Organizational.23-02.d 02.03 During Employment |
Shared |
n/a |
The organization ensures plans for security testing, training, and monitoring activities are developed, implemented, maintained, and reviewed for consistency with the risk management strategy and response priorities. |
|
8 |
| hipaa |
1302.02e2Organizational.134-02.e |
hipaa-1302.02e2Organizational.134-02.e |
1302.02e2Organizational.134-02.e |
13 Education, Training and Awareness |
1302.02e2Organizational.134-02.e 02.03 During Employment |
Shared |
n/a |
Dedicated security and privacy awareness training is developed as part of the organization's onboarding program, is documented and tracked, and includes the recognition and reporting of potential indicators of an insider threat. |
|
19 |
| hipaa |
1305.02e3Organizational.23-02.e |
hipaa-1305.02e3Organizational.23-02.e |
1305.02e3Organizational.23-02.e |
13 Education, Training and Awareness |
1305.02e3Organizational.23-02.e 02.03 During Employment |
Shared |
n/a |
The organization maintains a documented list of each individual who completes the on-boarding process and maintains all training records for at least five years. |
|
3 |
| ISO27001-2013 |
A.7.2.2 |
ISO27001-2013_A.7.2.2 |
ISO 27001:2013 A.7.2.2 |
Human Resources Security |
Information security awareness, education and training |
Shared |
n/a |
All employees of the organization and, where relevant, contractors shall receive appropriate awareness training and regular updates in organizational policies and procedures, as relevant for their job function. |
link |
15 |
| ISO27001-2013 |
C.7.2.a |
ISO27001-2013_C.7.2.a |
ISO 27001:2013 C.7.2.a |
Support |
Competence |
Shared |
n/a |
The organization shall:
a) determine the necessary competence of person(s) doing work under its control that affects its
information security performance;
NOTE Applicable actions may include, for example: the provision of training to, the mentoring of, or the reassignment of current employees; or the hiring or contracting of competent persons. |
link |
3 |
| ISO27001-2013 |
C.7.2.b |
ISO27001-2013_C.7.2.b |
ISO 27001:2013 C.7.2.b |
Support |
Competence |
Shared |
n/a |
The organization shall:
b) ensure that these persons are competent on the basis of appropriate education, training, or experience;
NOTE Applicable actions may include, for example: the provision of training to, the mentoring of, or the reassignment of current employees; or the hiring or contracting of competent persons. |
link |
1 |
| ISO27001-2013 |
C.7.2.c |
ISO27001-2013_C.7.2.c |
ISO 27001:2013 C.7.2.c |
Support |
Competence |
Shared |
n/a |
The organization shall:
c) where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness
of the actions taken;
NOTE Applicable actions may include, for example: the provision of training to, the mentoring of, or the reassignment of current employees; or the hiring or contracting of competent persons. |
link |
1 |
|
mp.eq.3 Protection of portable devices |
mp.eq.3 Protection of portable devices |
404 not found |
|
|
|
n/a |
n/a |
|
71 |
|
mp.per.1 Job characterization |
mp.per.1 Job characterization |
404 not found |
|
|
|
n/a |
n/a |
|
41 |
|
mp.per.3 Awareness |
mp.per.3 Awareness |
404 not found |
|
|
|
n/a |
n/a |
|
15 |
|
mp.per.4 Training |
mp.per.4 Training |
404 not found |
|
|
|
n/a |
n/a |
|
14 |
|
mp.s.1 E-mail protection |
mp.s.1 E-mail protection |
404 not found |
|
|
|
n/a |
n/a |
|
48 |
|
mp.s.3 Protection of web browsing |
mp.s.3 Protection of web browsing |
404 not found |
|
|
|
n/a |
n/a |
|
51 |
|
mp.si.3 Custody |
mp.si.3 Custody |
404 not found |
|
|
|
n/a |
n/a |
|
27 |
| NIST_SP_800-53_R4 |
AT-4 |
NIST_SP_800-53_R4_AT-4 |
NIST SP 800-53 Rev. 4 AT-4 |
Awareness And Training |
Security Training Records |
Shared |
n/a |
The organization:
a. Documents and monitors individual information system security training activities including basic security awareness training and specific information system security training; and
b. Retains individual training records for [Assignment: organization-defined time period].
Supplemental Guidance: Documentation for specialized training may be maintained by individual supervisors at the option of the organization. Related controls: AT-2, AT-3, PM-14.
Control Enhancements: None.
References: None. |
link |
3 |
| NIST_SP_800-53_R5 |
AT-4 |
NIST_SP_800-53_R5_AT-4 |
NIST SP 800-53 Rev. 5 AT-4 |
Awareness and Training |
Training Records |
Shared |
n/a |
a. Document and monitor information security and privacy training activities, including security and privacy awareness training and specific role-based security and privacy training; and
b. Retain individual training records for [Assignment: organization-defined time period]. |
link |
3 |