Description
Establish a security and privacy workforce development and improvement program.
Supplemental Guidance
Security and privacy workforce development and improvement programs include the definition of the knowledge, skills, and abilities needed to perform security and privacy duties and tasks; the development, improvement, and delivery of training and education programs; and the ongoing assessment of the workforce to ensure that the knowledge, skills, and abilities are being effectively applied to protect organizational operations, organizational assets, and individuals.
Changes from Rev 4
Title changed from 'Information Security Workforce' to 'Security and Privacy Workforce'. Privacy added.
Compliance Mappings
ISO 27001:2022
5.17.27.3A.5.4A.6.3
ISO 27002:2022
5.46.3
COBIT 2019
APO07BAI08EDM04
CIS Controls v8
CIS 14CIS 14.1CIS 14.9
NIST CSF 2.0
GV.RR-01GV.RR-02GV.RR-03GV.RR-04PR.AT-01PR.AT-02
NIS2 Directive
Art. 21(2)(g)
PRA Operational Resilience
SS1/21-5.1SS2/21-17.1
APRA CPS 234
Para 15Para 19-20
BSI IT-Grundschutz
ORP.2ORP.3
BIO2
5.46.3
RBI CSF
ITGRCA.24
LGPD + BCB 4893
BCB.Art.4
HKMA TM-E-1
TME1.7.1
MLPS 2.0
8.1.7.1
DNB Good Practice
DNB.8.2DNB.8.3DNB.9.2
SAMA CSF
1.6
NCA ECC
1-101-21-4
UAE IA
T1T5
CBB TM
TM-3
Qatar NIA
GV
CBUAE
CR-1CR-11
CBE CSF
GOV-1GOV-2GOV-4
SA JS2
JS2-4JS2-8.6
CBN CSF
Part1.1Part8
BoG CISD
CISD-IICISD-XV
BoM CTRM
1.11.23.8
IOSCO Cyber Resilience
GOV-2GOV-4
BCBS 239
Principle 1
CPMI-IOSCO PFMI
CG.GOVPFMI.P2
FFIEC IS
I.AI.BI.CII.C.7(e)
NYDFS 500
500.10500.4
HIPAA Security Rule
§164.308(a)(5)(i)§164.308(a)(5)(ii)(A)
ECB CROE
CROE.2.1.1CROE.2.1.2
EBA ICT Guidelines
3.4.7
SEBI CSCRF
CAPACITYGV.RRPR.AT
BOT Cyber Resilience
Ch1.1Ch7.1
CMMC 2.0
AT
10 CFR 73.54
RG5.71-C-AT
TSA Pipeline SD
SD-2 Sec H
DOE C2M2 v2.1
WORKFORCE
AWIA
AWWA Sec 8
Lloyd's Minimum Standards
MS8.13
NAIC Insurance Data Security
4-personnel4-training4C
PRA SS1/23
P2.1
FCA SYSC 13
SYSC 13.5.1SYSC 13.6.1
HITRUST CSF v11
02.b
ISO 27799
7.2
NHS DSPT
NDG-2.1NDG-3.1NDG-3.2