SAT-03
Role-Based Cybersecurity & Data Protection Training
Description
Mechanisms exist to provide role-based cybersecurity and data protection-related training: (1) Before authorizing access to the system or performing assigned duties; (2) When required by system changes; and (3) Annually thereafter.
Control Question
Does the organization provide role-based cybersecurity and data protection-related training: (1) Before authorizing access to the system or performing assigned duties; (2) When required by system changes; and (3) Annually thereafter?
Control Metadata
Domain:
Security Awareness & Training
Validation Cadence:
Annual
Evidence Request List:
E-SAT-05
Framework Mappings
This control maps to the following compliance frameworks
MAS TRM
3.6.23.6.36.1.5