Requirement:
Essential and customized (i.e., tailored to job functions as it relates to cybersecurity) training and access to professional skillsets must be made available to personnel working directly on tasks related to cybersecurity including:
Sub-Controls:
Cybersecurity function’s personnel.
Control Implementation Guidelines:
- Define and document the requirements of this ECC in the cybersecurity requirements document and approve them by the representative
- Develop and implement an approved cybersecurity training plan for employees of the cybersecurity function in coordination with the training department in the organization, which may include the following
- Implement the cybersecurity training plan for the organization in coordination with the Training and Employee Development Department
- Assist in the establishment of cybersecurity career paths to allow career progression, deliberate development, and growth within and between cybersecurity career fields
- Support in advocating for adequate funding for cybersecurity training resources, to include both internal and industry-provided courses, instructors, and related materials
Expected Deliverables:
- A document (such as approved policy or procedure) indicating the identification and documentation of the requirements related to this control
- Approved training plans and programs for the cybersecurity department employees at the organization
- Cybersecurity training certificates
1-10-4-2:
Requirement:
Personnel working on software/application development. and information and technology assets operations.
Control Implementation Guidelines:
- Define and document the requirements of this ECC in the cybersecurity requirements document and approve them by the representative
- Develop and implement an approved training plan in the field of secure program and application development, and the safe management of the organization’s information and technology assets for relevant employees in coordination with the training department in the organization. This may include the following
- Training plan to develop programs, applications and employees operating the organization’s information and technology assets must be implemented in coordination with Training and Employee Development Department
- Assistance in defining career paths for software and application developers and the employees operating the organization’s information and technology assets must be provided to allow for professional growth and upgrades in professional areas related to software development
- Provide support in requesting the adequate funding of training resources related to the development of programs, applications and employees operating the organization’s information and technology assets, including internal and sector-related courses, trainers and related materials
Expected Deliverables:
- A document (such as approved policy or procedure) indicating the identification and documentation of the requirements related to this control
- Approved training programs for employees involved in the development of programs, applications, and employees operating the organization’s information and technology assets
- Training certificates in software and application development
1-10-4-3:
Requirement:
Executive and supervisory positions.
Control Implementation Guidelines:
- Define and document the requirements of this ECC in the cybersecurity requirements document and approve them by the representative
- Develop and implement an approved cybersecurity training plan for employees of the cybersecurity Supervisory and executive functions in coordination with the training department in the organization, which may include the following
- Awareness of the importance of cybersecurity, developing the cybersecurity culture and the key risks and threats, such as phishing emails for supervisory and executive positions (Whale phishing) must be conducted
- Training plan for supervisory and executive positions in the organization must be implemented in coordination with the Training and Employee Development Department
- Assistance in the establishment of cybersecurity career paths to allow career progression, deliberate development, and growth within and between cybersecurity career fields must be provided
- Support in advocating for adequate funding for cybersecurity training resources, including both internal and industry-provided courses, instructors, and related materials must be provided
Expected Deliverables:
- A document (such as approved policy or procedure) indicating the identification and documentation of the requirements related to this control
- Security training programs dedicated to supervisory and executive positions in the organization
- Training certificates in supervisory and executive positions
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.