NIST SP 800-171 & CMMC 2.0 - 3.2.1
Ensure that managers, system administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.
NIST SP 800-171 & CMMC 2.0 - 3.2.2
Ensure that personnel are trained to carry out their assigned information security related duties and responsibilities.
NIST SP 800-171 & CMMC 2.0 - 3.2.3
Provide security awareness training on recognizing and reporting potential indicators of insider threat.