U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

Secure websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to our website. Please do not share sensitive information with us.

This is an archive
(replace .gov by .rip)

Building a Cybersecurity and Privacy Awareness and Training Program | Call for Comments
September 21, 2021

Cybersecurity awareness and training resources, methodologies, and requirements have evolved since NIST Special Publication (SP) 800-50Building an Information Technology Security Awareness and Training Program, was published in 2003 and companion document NIST SP 800-16, Information Technology Security Training Requirements: a Role- and Performance-Based Model, was published in 1998 (a 3rd draft revision of NIST SP 800-16 was released in 2014).  

New guidance to inform this work comes from the National Defense Authorization Act (NDAA) for FY2021 and the Cybersecurity Enhancement Act of 2014; in addition, the 2016 update to OMB Circular A-130 emphasizes the role of both privacy and security in the federal information life cycle and requires agencies to have both security and privacy awareness and training programs.

To ensure NIST stakeholders benefit from guidance informed by these updated resources, methodologies, and requirements, NIST plans to update SP 800-50 to include privacy, and potentially consolidate with SP 800-16. The new proposed title for SP 800-50 is Building a Cybersecurity and Privacy Awareness and Training Program.

The public is invited to provide input by November 5, 2021, for consideration in the update. See the complete announcement for details and instructions for submitting comments. An Initial Public Draft of the update, which will be published as SP 800-50 Revision 1, is scheduled for an early 2022 release.

Related Topics

Security and Privacy: awareness training & education, general security & privacy

Created September 21, 2021, Updated September 27, 2021