AT.L2-3.2.1 — Literacy Training and Awareness

Assessment Objectives

• security literacy training is provided to system users as part of initial training for new users.
• security literacy training is provided to system users annually (every 12 months) or following significant changesCMMC/STIG after initial training.
• security literacy training is provided to system users when required by system changes or following annually (every 12 months) or following significant changesCMMC/STIG.
• security literacy training is provided to system users on recognizing indicators of insider threat.
• security literacy training is provided to system users on reporting indicators of insider threat.
• security literacy training is provided to system users on recognizing indicators of social engineering.
• security literacy training is provided to system users on reporting indicators of social engineering.
• security literacy training is provided to system users on recognizing indicators of social mining.
• security literacy training is provided to system users on reporting indicators of social mining.
• security literacy training content is updated the Authorizing Official (AO) or Information System Security Manager (ISSM)CMMC/STIG.
• security literacy training content is updated following the Information System Security Officer (ISSO) or designated System Administrator under ISSM oversightCMMC/STIG.