NIST SP 800-171 & CMMC 2.0 3.2.1 Requirement:
Ensure that managers, system administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.
NIST SP 800-171 & CMMC 2.0 3.2.1 Requirement Explanation:
The vast majority of cyber attacks are caused by human error. Security awareness training helps reduce the chance of cyber attacks resulting from human error. An example of a human error is when a user downloads an attachment from a malicious email.
Example NIST SP 800-171 & CMMC 2.0 3.2.1 Implementation:
Provide security awareness training to your system users. Security awareness training can be given via instructor or online training. The center for the development of security excellence (CDSE) has a free online security awareness course. You can require all of your employees to complete the course. Collect the employee's certificates of completion and document employee training using our training log excel sheet template. Require personnel to complete this training annually and upon first hire.
NIST SP 800-171 & CMMC 2.0 3.2.1 Scenario(s):
- Scenario 1:
Your company requires all its employees and system users to complete annual security awareness training. It accomplishes this by having personnel take the online DoD "Annual Security Awareness" refresher. Personnel who complete the training receive a certificate of completion. Every employee is responsible for providing their certificate to your security officer.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.