CMMC 1.0 Practice AT.2.056 Requirement:

Ensure that managers, system administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.

CMMC 1.0 AT.2.056 Requirement Explanation:

The vast majority of cyber attacks are caused by human error. Security awareness training helps reduce the chance of cyber attacks resulting from human error. An example of a human error is when a user downloads an attachment from a malicious email.

Example CMMC 1.0 AT.2.056 Implementation:

Provide security awareness training to your employees and persons using your systems. Security awareness training can be given via instructor or online training. Security awareness training should cover important security policies and common cyber threats. Occasionally send security awareness/tip emails to employees.

CMMC 1.0 AT.2.056 Scenario(s):

- Scenario 1:

Your company requires all its employees and system users to complete annual security awareness training. It accomplishes this by having personnel take the online DoD "Annual Security Awareness" refresher. Personnel who complete the training receive a certificate of completion. Every employee is responsible for providing their certificate to your security officer.

Discover Our Cybersecurity Complaince Solutions:


NIST SP 800-171 & CMMC Compliance

Whether you need to meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements, help your clients meet them, or verify sub-contractor compliance we have the expertise and solution for you.

HIPAA Compliance

Whether you need to meet and maintain your HIPAA compliance requirements or help your clients meet them we have the expertise and solution for you.