Policies Section
  1. Controls List
  2. Access Controls
  3. Training controls
  4. Audit Controls
  5. Certification
  6. Configuration Management
  7. Contingency Planning
  8. Authentication
  9. Incident Response
  10. Maintenance Controls
  11. Media Protection
  12. Physical Controls
  13. Security Planning
  14. Personnel Security
  15. Risk Assessment
  16. Acquisition
  17. Protection
  18. Integrity
  19. Actions and Controls
Policies Section

Awareness and Training Controls (from NIST)

This awareness and training control list and description are meant to tie the awareness and training control to an activity or behavior. For NIST's descriptions, see NIST Special Publication 800-53 Recommended Security Controls for Federal Information Systems.

  • Security awareness and training policy and procedures - The organization should have a computer training policy specifying who should be trained, subjects they should be trained about, and who is responsible. An example of a Computer Training Policy. (low)
  • Security awareness - The organization should be sure that all users have basic knowledge about computer security awareness. The organization will determine the level of training required based on systems the user will access. This can be through enforcement of a computer training policy. (low)
  • Security training - Users are to receive training based on their roles in the organization. Users with a signinicant role dealing with system security should get more training in that area that users who do not deal with system security. (low)
  • Security training records - The organization should keep records of who has taken what training. (low)