Back

Develop or acquire content to update the training plans.


CONTROL ID
12867
CONTROL TYPE
Training
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain training plans., CC ID: 00828

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • incorporate any changes to course material as requested by ASD. (54.d., IRAP Policies and Procedures Australian Signals Directorate Information Security Registered Assessors Program, 11/2020)
  • Develop or acquire content that does not exist in the current curriculum or education plan and modify any content that needs updating in to meet current learning objects. (OCEG GRC Capability Model, v. 3.0, P4.3 Develop or Acquire Content, OCEG GRC Capability Model, v 3.0)
  • issues arising from monitoring, auditing, reviews, complaints and noncompliance, including stakeholder feedback. (§ 7.2.2 ¶ 5 Bullet 6, ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
  • When addressing changing needs and trends, the organization shall consider its current knowledge and determine how to acquire or access any necessary additional knowledge and required updates. (7.1.6 ¶ 3, ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
  • Customer awareness materials are readily available (e.g., DHS' Cybersecurity Awareness Month materials). (Domain 1: Assessment Factor: Training and Culture, TRAINING Baseline 1 ¶ 4, FFIEC Cybersecurity Assessment Tool, Baseline, May 2017)
  • Providing your personnel with security awareness training that is updated as necessary to reflect risks identified by the risk assessment; (§ 314.4 ¶ 1(e)(1), 16 CFR Part 314, Standards for Safeguarding Customer Information, Final Rule, Amended February 15, 2022)
  • Design training curriculum and course content based on requirements. (T0450, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Develop new or identify existing awareness and training materials that are appropriate for intended audiences. (T0073, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Develop or assist in the development of computer based training modules or classes. (T0316, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Provide role-based training for all personnel with responsibilities that contribute to secure development. Periodically review personnel proficiency and role-based training, and update the training as needed. (PO.2.2, NIST SP 800-218, Secure Software Development Framework: Recommendations for Mitigating the Risk of Software Vulnerabilities, Version 1.1)
  • Develop new or identify existing awareness and training materials that are appropriate for intended audiences. (T0073, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Design training curriculum and course content based on requirements. (T0450, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Develop or assist in the development of computer based training modules or classes. (T0316, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)