AT-4

Awareness and TrainingRev 5organization

Training Records

Baselines:LowModerateHighPrivacy

Control Statement

a. Document and monitor information security and privacy training activities, including security and privacy awareness training and specific role-based security and privacy training; and b. Retain individual training records for [Assignment: time period].

Supplemental Guidance

Documentation for specialized training may be maintained by individual supervisors at the discretion of the organization. The National Archives and Records Administration provides guidance on records retention for federal agencies.

Related Controls (6)

AT-2 AT-3 CP-3 IR-2 PM-14 SI-12

CCI Identifiers (6)

CCI-003794Document individual privacy training activities, including privacy awareness training and specific system privacy training.CCI-003795Monitor individual information privacy training activities, including privacy awareness training and specific privacy training.CCI-001336Retain individual training records for an organization-defined time-period.CCI-001337Defines the time period for retaining individual training records.CCI-000113Document individual security training activities, including security awareness training and specific system security training.CCI-000114Monitor individual information security training activities, including security awareness training and specific security training.

Linked STIG Checks (1)

Across 1 STIGs. Click to expand.