Requirement:
The cybersecurity awareness program must cover the latest cyber threats and how to protect against them, and must include at least the following subjects:
Sub-Controls:
1-10-3-1:
Requirement:
Secure handling of email services, especially phishing emails.
Control Implementation Guidelines:
- Define and document the requirements of this ECC in the cybersecurity requirements document and approve them by the representative
- Provide cybersecurity awareness programs that cover the safe handling of e-mail services, especially with emails and social engineering
Expected Deliverables:
- A document (such as approved policy or procedure) indicating the identification and documentation of the requirements related to this control
- Action plan to implement the cybersecurity awareness program adopted by the organization
- Evidence of providing awareness content for the safe handling of e-mail services, especially with phishing emails
1-10-3-2:
Requirement:
Secure handling of mobile devices and storage media.
Control Implementation Guidelines:
- Define and document the requirements of this ECC in the cybersecurity requirements document and approve them by the representative
- Provide cybersecurity awareness programs to cover the safe handling of mobile devices and storage media
Expected Deliverables:
- A document (such as approved policy or procedure) indicating the identification and documentation of the requirements related to this control
- Action plan to implement the cybersecurity awareness program adopted by the organization
- Evidence that awareness content is provided for the safe handling of mobile devices and storage media
1-10-3-3:
Requirement:
Secure Internet browsing.
Control Implementation Guidelines:
- Define and document the requirements of this ECC in the cybersecurity requirements document and approve them by the representative
- Provide cybersecurity awareness programs that cover the safe handling of internet browsing services, especially dealing with suspicious websites such as phantom phishing sites and suspicious websites and links
Expected Deliverables:
- A document (such as approved policy or procedure) indicating the identification and documentation of the requirements related to this control
- Action plan to implement the cybersecurity awareness program adopted by the organization
- Evidence that awareness content is provided for the secure handling of internet browsing services
Secure use of social media.
Control Implementation Guidelines:
- Define and document the requirements of this ECC in the cybersecurity requirements document and approve them by the representative
- Provide cybersecurity awareness programs that cover the safe handling of social media
Expected Deliverables:
- A document (such as approved policy or procedure) indicating the identification and documentation of the requirements related to this control
- Action plan to implement the cybersecurity awareness program adopted by the organization
- Evidence that awareness content is provided for safe handling of social media
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.