In September 2017, this (legacy) site will be replaced with the new site you can see at beta.csrc.nist.rip. At that time, links to this legacy site will be automatically redirected to apporpriate links on the new site.

View the beta site
NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage

Awareness, Training, & Education (ATE)

Public Law 100-235 titled, "The Computer Security Act of 1987," mandated NIST and OPM to create guidelines on computer security awareness and training based on functional organizational roles. Guidelines were produced in the form of NIST Special Publication 800-16 titled, "Information Technology Security Training Requirements: A Role- and Performance-Based Model." The learning continuum modeled in this guideline provides the relationship between awareness, training, and education. The publication also contains a methodology that can be used to develop training courses for a number of audiences which may be deemed to have significant information security responsibilities. In October 2003, NIST also published Special Publication 800-50 - "Building an Information Technology Security Awareness and Training Program."

Awareness
To focus attention on security.
Training
To produce relevant and needed security skills and competency.
Education
To integrate all (security skills and competencies) into a common body of knowledge, adding a multidisciplinary study of concepts, issues, and principles.
Professional Development (Organizations and Certifications)
Implies a guarantee as meeting a standard by applying evaluation or measurement criteria.