AT-3: Role-based Training

From NIST's SP800-53:

a. Provide role-based security and privacy training to personnel with the following roles and responsibilities: [Assignment: organization-defined roles and responsibilities]: 1. Before authorizing access to the system, information, or performing assigned duties, and [Assignment: organization-defined frequency] thereafter; and 2. When required by system changes; b. Update role-based training content [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and c. Incorporate lessons learned from internal or external security incidents or breaches into role-based training.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Control ID	Description
PR.AT-2	Privileged users understand their roles and responsibilities
PR.AT-5	Physical and cybersecurity personnel understand their roles and responsibilities
PR.AT-4	Senior executives understand their roles and responsibilities