A Cybersecurity Awareness Program Must Be Developed And Approved. The Program Must Be Conducted Periodically Through Multiple Channels To Strengthen The Awareness About Cybersecurity, Cyber Threats And Risks, And To Build A Positive Cybersecurity Awareness Culture.

The Cybersecurity Awareness Program Must Be Implemented.

1. The cybersecurity awareness program must cover the latest cyber threats and how to protect against them, and must include at least the following subjects:
1. Secure handling of email services, especially phishing emails.
2. Secure handling of mobile devices and storage media.
3. Secure Internet browsing.
4. Secure use of social media.

1. Essential and customized (i.e., tailored to job functions as it relates to cybersecurity) training and access to professional skillsets must be made available to personnel working directly on tasks related to cybersecurity including:
1. Cybersecurity function’s personnel.
2. Personnel working on software/application development. and information and technology assets operations.
3. Executive and supervisory positions.

The Implementation Of The Cybersecurity Awareness Program Must Be Reviewed Periodically