Awareness and Training

Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.

Personnel with security duties receive training specific to their assigned information security responsibilities

Provide security awareness training that addresses insider threats, including how to recognize and report suspicious behavior.