🎓 AT — Awareness and Training
Ensure personnel are aware of security risks and trained appropriately
← Back to all domains3 Practices
L2 AT.L2-3.2.1
Ensure that managers, systems administrators, and users are aware of security risks and their responsibilities
This practice requires that everyone in your organization—from managers to system administrators to regular users—understands the security risks they ...
Level 2 — Advanced
View Control →
L2 AT.L2-3.2.2
Ensure that personnel are trained to carry out their assigned information security-related duties
This practice means that every employee, contractor, or anyone else working for your organization must be properly trained to perform their specific s...
Level 2 — Advanced
View Control →
L2 AT.L2-3.2.3
Provide security awareness training on recognizing and reporting potential indicators of insider threat
This practice requires organizations to train their employees to recognize and report potential signs of insider threats. Insider threats can come fro...
Level 2 — Advanced
View Control →