STIGViewer Trial workspace — loading your subscription…

NIST 800-53 Rev 5

424 controls available

AT-2lowmoderatehighprivacy

Literacy Training and Awareness

Awareness and Training

Control Statement

Provide security and privacy literacy training to system users (including managers, senior executives, and contractors): As part of initial training for new users and {{ insert: param, at-2_prm_1 }} thereafter; and When required by system changes or following {{ insert: param, at-2_prm_2 }}; Employ the following techniques to increase the security and privacy awareness of system users {{ insert: param, at-02_odp.05 }}; Update literacy training and awareness content {{ insert: param, at-02_odp.06 }} and following {{ insert: param, at-02_odp.07 }} ; and Incorporate lessons learned from internal or external security incidents or breaches into literacy training and awareness techniques.

Discussion

Organizations provide basic and advanced levels of literacy training to system users, including measures to test the knowledge level of users. Organizations determine the content of literacy training and awareness based on specific organizational requirements, the systems to which personnel have authorized access, and work environments (e.g., telework). The content includes an understanding of the need for security and privacy as well as actions by users to maintain security and personal privacy and to respond to suspected incidents. The content addresses the need for operations security and the handling of personally identifiable information. Awareness techniques include displaying posters, offering supplies inscribed with security and privacy reminders, displaying logon screen messages, generating email advisories or notices from organizational officials, and conducting awareness events. Literacy training after the initial training described in [AT-2a.1](#at-2_smt.a.1) is conducted at a minimum frequency consistent with applicable laws, directives, regulations, and policies. Subsequent literacy training may be satisfied by one or more short ad hoc sessions and include topical information on recent attack schemes, changes to organizational security and privacy policies, revised security and privacy expectations, or a subset of topics from the initial training. Updating literacy training and awareness content on a regular basis helps to ensure that the content remains relevant. Events that may precipitate an update to literacy training and awareness content include, but are not limited to, assessment or audit findings, security incidents or breaches, or changes in applicable laws, executive orders, directives, regulations, policies, standards, and guidelines.

Framework
NIST SP 800-53 Rev 5
Family
Awareness and Training
Baselines
low, moderate, high, privacy

Related Frameworks

40 paths across 2 frameworks
NIST 800-1712 mappings
3.2.1
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.2.2
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI26 mappings
CCI-000106
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000108
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000109
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000110
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000111
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-000112
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-001479
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-001480
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003766
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003767
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003768
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003769
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003770
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003771
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003772
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003773
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003774
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003782
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003783
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003784
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003785
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003786
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003787
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003788
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003789
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-005147
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent

Related STIGs

No STIGs in the current catalog reference any CCI mapped to this control.