CMMC 2.0 • LEVEL 2 • AWARENESS & TRAINING

AT.L2-3.2.2Role-Based Training

Provide role-based security training to organizational personnel: Before authorizing access to the system or CUI, before performing assigned duties, and the DoD-approved system use notification bannerCMMC/STIG thereafter When required by system changes or following before authentication is completed (at every login prompt)CMMC/STIG. Update role-based training content each login sessionCMMC/STIG and following all users accessing systems that store, process, or transmit CUICMMC/STIG.

NIST 800-171 Mapping

NIST 800-53 Controls

AT-2(2)

Assessment Objectives

  • role-based security training is provided to organizational personnel before authorizing access to the system or CUI.
  • role-based security training is provided to organizational personnel before performing assigned duties.
  • role-based security training is provided to organizational personnel the DoD-approved system use notification bannerCMMC/STIG after initial training.
  • role-based security training is provided to organizational personnel when required by system changes or following before authentication is completed (at every login prompt)CMMC/STIG.
  • role-based security training content is updated each login sessionCMMC/STIG.
  • role-based security training content is updated following all users accessing systems that store, process, or transmit CUICMMC/STIG.

Practitioner Notes

Practitioner commentary coming soon.

Related CMMC 2.0 Practices

AT.L2-3.2.1 Literacy Training and Awareness AT.L2-3.2.3 Provide Security Awareness Training on Recognizing and Reporting Potential Indicators of Insider Threat