Description
The organization documents and monitors individual information system security training activities including basic security awareness training and specific information system security training.
Supplemental Guidance
None.
Changes from Rev 4
Title changed from 'Security Training Records' Adds privacy to control text, to imply training includes privacy, as well as security Discussion includes reference to NARA
Enhancements
(0) None.
Compliance Mappings
ISO 27001:2022
A.6.3
ISO 27002:2022
6.3
CIS Controls v8
CIS 14
NIST CSF 2.0
GV.RR-04
PCI DSS v4.0.1
12.6
ISO 42001:2023
A.4.6
BSI IT-Grundschutz
ORP.2ORP.3
ANSSI
Hygiene.3Hygiene.4SecNumCloud.8.3
FINMA Circular 2023/1
IV.B.a(48)IV.B.a(49)
OSFI B-13
B-13.1.1
EU GDPR
Art.24(1)Art.5(2)
EU DORA
Art.13(6)
BIO2
6.3
RBI CSF
Annex1.23Annex1.21
FISC Security Guidelines
FISC.O8
MLPS 2.0
8.1.8.2
DNB Good Practice
DNB.9.2
SAMA CSF
1.6
NCA ECC
1-10
UAE IA
T5
Qatar NIA
HR
CBUAE
CR-11
CBE CSF
GOV-4
SA JS2
JS2-8.6
CBN CSF
Part8
BoG CISD
CISD-XV
BoM CTRM
3.8
IOSCO Cyber Resilience
PROT-4
FFIEC IS
I.AII.C.7(e)
NYDFS 500
500.14
HIPAA Security Rule
§164.308(a)(5)(i)
ECB CROE
CROE.2.3.2
EBA ICT Guidelines
3.4.7
SEBI CSCRF
CAPACITYPR.AT
BOT Cyber Resilience
Ch7.1
CMMC 2.0
AT
NERC CIP
CIP-004-7
10 CFR 73.54
RG5.71-C-AT
TSA Pipeline SD
SD-2 Sec H
DOE C2M2 v2.1
WORKFORCE
IAEA NSS 17-T
Sec 9
Lloyd's Minimum Standards
MS8.13
NAIC Insurance Data Security
4-training
FCA SYSC 13
SYSC 13.6.1
HITRUST CSF v11
02.b
FDA 21 CFR Part 11
§11.10(i)
ISO 27799
7.2
NHS DSPT
NDG-2.1NDG-2.2NDG-3.1
BSSC Standards
GSP-03
ISO 17799 (legacy)
None.
COBIT 4.1 (legacy)
DS7.2