Your Cart is Empty
Menu
-
- View NIST RMF Control Families
- Access Control (AC)
- Awareness and Training (AT)
- Audit and Accountability (AU)
- Assessment, Authorization and Monitoring (CA)
- Configuration Management (CM)
- Contingency Planning (CP)
- Identification and Authentication (IA)
- Incident Response (IR)
- Maintenance (MA)
- Media Protection (MP)
- Physical and Environment Protection (PE)
- Planning (PL)
- Program Management (PM)
- Personnel Security (PS)
- PII Processing and Transparency (PT)
- Risk Assessment (RA)
- System and Services Acquisition (SA)
- System and Communications Protection (SC)
- System and Information Integrity (SI)
- Supply Chain Risk Management (SR)
- View All
- View Compliance Toolkits
- Enterprise
- About ASP
- FAQ
-
- ← Main Site
- Company
- Resources
- Blog
- Submit RFP
- Login
View NIST RMF Control Families
Add description, images, menus and links to your mega menu
A column with no settings can be used as a spacer
Link to your collections, sales and even external links
Add up to five columns
Add description, images, menus and links to your mega menu
A column with no settings can be used as a spacer
Link to your collections, sales and even external links
Add up to five columns
NIST SP 800-53 AT-1 Awareness and Training Policy and Procedures | Download Template Today
September 20, 2023 2 min read
NIST SP 800-53 AT-1 Awareness and Training Policy and Procedures | Download Template Today
AT-1 is titled "Awareness and Training Policy and Procedures" and serves as the foundational control for the entire AT family. It requires organizations to develop, disseminate, and periodically review and update an awareness and training policy and associated procedures that address the following:
- Security Roles and Responsibilities: Clearly defining the security roles and responsibilities of individuals within the organization to ensure everyone understands their duties related to information security.
- Security Awareness Training: Establishing a program for providing security awareness training to personnel. This training helps employees understand various security risks, threats, and best practices to protect sensitive information and information systems.
- Security Training for New Employees: Ensuring that security training is provided to new employees at the time of hiring or before granting them access to information systems.
- Security Training for Existing Employees: Providing periodic security training for existing employees to reinforce their knowledge and update them on new threats and security measures.
- Training for Specialized Roles: Providing specialized security training to personnel with specific security-related roles, such as system administrators, security officers, and network administrators.
- Training Records: Maintaining records of security training activities, including attendance and completion certificates, to demonstrate compliance with the organization's training program.
- Training Effectiveness: Evaluating the effectiveness of the training program periodically to ensure it is meeting its objectives and making necessary improvements if needed.
The goal of AT-1 is to ensure that personnel are aware of their roles in safeguarding information and understand the organization's security policies and procedures. By providing regular training and promoting security awareness, organizations can reduce the risk of human-related security incidents and improve the overall security posture.
Reporting Requirements
Specifically, Per AT-1 of NIST SP 800-53, organizations are to “Develop, document, and disseminate…” an awareness and training policy and procedures document. The keyword here is “document”, which means you need a policy and procedure for AT-1.
How to Get Started
Start by downloading our world-class NIST RMF Security and Privacy Policies and Procedures templates at the Arlington Security Portal (ASP), which includes access to our awareness and training policy and procedures template, and our NIST RMF developed awareness and training toolkit.
About Arlington
We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Learn more at arlingtonintel.com.