NIST 800-53 REV 5 • AWARENESS AND TRAINING

AT-2(5)Advanced Persistent Threat

Provide literacy training on the advanced persistent threat.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

An effective way to detect advanced persistent threats (APT) and to preclude successful attacks is to provide specific literacy training for individuals. Threat literacy training includes educating individuals on the various ways that APTs can infiltrate the organization (e.g., through websites, emails, advertisement pop-ups, articles, and social engineering). Effective training includes techniques for recognizing suspicious emails, use of removable systems in non-secure settings, and the potential targeting of individuals at home.

Practitioner Notes

Train people on Advanced Persistent Threats (APTs) — sophisticated, well-funded adversaries who target your organization specifically and persistently. This is especially relevant for defense contractors.

Example 1: Include an APT module in your annual security training that explains nation-state threat actors, their motivations (espionage, IP theft), and their techniques (spearphishing, supply chain attacks, zero-day exploits). Use declassified CISA advisories and FBI Private Industry Notifications as training materials — they are free and credible.

Example 2: Brief key personnel (executives, program managers, engineers with access to CUI) on specific threat actor groups known to target your industry sector. Reference MITRE ATT&CK groups relevant to defense contractors (APT10, APT41, Lazarus Group). Make it real and specific to their work, not generic.

More Awareness and Training Controls

AT-1 Policy and Procedures AT-2 Literacy Training and Awareness AT-2(1) Practical Exercises AT-2(2) Insider Threat