N
|
controlAT-3

Role-based Training (AT-3)

Provide role-based security and privacy training to personnel with the following roles and responsibilities: [organization-defined]: Update role-based training content [organization-defined] and following [organization-defined] ; and Incorporate lessons learned from internal or external security incidents or breaches into role-based training.

Security Baselines

LOWMODERATEHIGH
awarenesstrainingworkforce

Why These Connect

Baselined In3

This control is included in the linked security baseline (LOW, MODERATE, or HIGH).

Supports51

These related controls work together — a change to one may affect the others.

Mitigates2

This control helps defend against or reduce the risk of the linked threat technique.

Enhances5

These enhancements add specific capabilities or refinements to the base control.

Related Controls(35)

AC-3Access Enforcement (AC-3)
LMH
AC-22Publicly Accessible Content (AC-22)
LMH
AT-2Literacy Training and Awareness (AT-2)
LMH
AC-17Remote Access (AC-17)
LMH
AT-4Training Records (AT-4)
LMH
CP-3Contingency Training (CP-3)
LMH
IR-2Incident Response Training (IR-2)
LMH
IR-4Incident Handling (IR-4)
LMH
IR-7Incident Response Assistance (IR-7)
LMH
IR-9Information Spillage Response (IR-9)PL-4Rules of Behavior (PL-4)
LMH
PM-13Security and Privacy Workforce (PM-13)PM-23Data Governance Body (PM-23)PS-7External Personnel Security (PS-7)
LMH
PS-9Position Descriptions (PS-9)
LMH
SA-3System Development Life Cycle (SA-3)
LMH
SA-8Security and Privacy Engineering Principles (SA-8)
LMH
SA-11Developer Testing and Evaluation (SA-11)
MH
SA-16Developer-provided Training (SA-16)
H
SR-5Acquisition Strategies, Tools, and Methods (SR-5)
LMH
SR-6Supplier Assessments and Reviews (SR-6)
MH
SR-11Component Authenticity (SR-11)
LMH
CP-4Contingency Plan Testing (CP-4)
LMH
PE-1Policy and Procedures (PE-1)
LMH
PE-2Physical Access Authorizations (PE-2)
LMH
PE-3Physical Access Control (PE-3)
LMH
PE-4Access Control for Transmission (PE-4)
MH
PE-11Emergency Power (PE-11)
MH
PE-13Fire Protection (PE-13)
LMH
PE-14Environmental Controls (PE-14)
LMH
PE-15Water Damage Protection (PE-15)
LMH
PM-14Testing, Training, and Monitoring (PM-14)PS-2Position Risk Designation (PS-2)
LMH
PT-3Personally Identifiable Information Processing Purposes (PT-3)SR-10Inspection of Systems or Components (SR-10)
LMH

Threat Coverage(2 ATT&CK techniques)

T1204User ExecutionT1598Phishing for Information

Control Enhancements(5)

AT-3(1)Environmental Controls (AT-3(1))
AT-3(2)Physical Security Controls (AT-3(2))
AT-3(3)Practical Exercises (AT-3(3))
AT-3(4)Suspicious Communications and Anomalous System Behavior (AT-3(4))W
AT-3(5)Processing Personally Identifiable Information (AT-3(5))

See Also

@SP 800-53 OverviewCompare Baselines