Back to Control Families

Awareness and Training

3 controls in this family. Select a control for detailed guidance, implementation examples, and assessment questions.

3.2.1

Ensure that managers, systems administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.

3.2.2

Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities.

3.2.3

Provide security awareness training on recognizing and reporting potential indicators of insider threat.

Need Complete CMMC Guidance?

Get full access to all controls, detailed implementation guidance, and expert support.

Request Full Access