NIST 800-53 REV 5 • AWARENESS AND TRAINING

AT-6Training Feedback

Provide feedback on organizational training results to the following personnel {{ insert: param, at-06_odp.01 }}: {{ insert: param, at-06_odp.02 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Training feedback includes awareness training results and role-based training results. Training results, especially failures of personnel in critical roles, can be indicative of a potentially serious problem. Therefore, it is important that senior managers are made aware of such situations so that they can take appropriate response actions. Training feedback supports the evaluation and update of organizational training described in [AT-2b](#at-2_smt.b) and [AT-3b](#at-3_smt.b).

Practitioner Notes

Collect feedback on your training program and use it to improve. If your training is boring, irrelevant, or too basic, people will tune out and you will not get the behavior change you need.

Example 1: Send a short survey (5 questions max) after each training module using Microsoft Forms or SurveyMonkey. Ask whether the content was relevant to their job, whether the difficulty was appropriate, and what topics they want to learn more about. Review results quarterly and adjust the curriculum.

Example 2: Track phishing simulation click rates as a measure of training effectiveness. If click rates are not declining over time, your training is not working and needs to change. In KnowBe4, use the Phish-prone Percentage trend report to visualize improvement (or lack thereof) over time. Report these metrics to leadership quarterly.

More Awareness and Training Controls

AT-1 Policy and Procedures AT-2 Literacy Training and Awareness AT-2(1) Practical Exercises AT-2(2) Insider Threat