Date Published: March 2014
Comments Due:
Email Questions to:
Planning Note (9/21/2021):
NIST is requesting feedback on the potential consolidation of SP 800-16 with SP 800-50, as SP 800-50 Revision 1, Building a Cybersecurity and Privacy Awareness and Training Program (proposed title).
Submit your comments by November 5, 2021. See the SP 800-50 Call for Comments for more details and instructions for submitting comments.
Author(s)
Patricia Toth (NIST), Penny Klein (Systegra)
Announcement
NIST announces the release of Draft Special Publication (SP) 800-16 Revision 1 (3rd public draft), A Role-Based Model For Federal Information Technology/Cyber Security Training for public comment. SP 800-16 describes information technology / cyber security role-based training for Federal Departments and Agencies and Organizations (Federal Organizations). Its primary focus is to provide a comprehensive, yet flexible, training methodology for the development of training courses or modules for personnel who have been identified as having significant information technology / cyber security responsibilities.
Meeting security responsibilities and providing for the confidentiality, integrity, and availability of information in today's highly networked environment can be a difficult task. Each individual that owns, uses, relies on, or manages information and information technology (IT) systems must fully understand their specific security responsibilities. This includes ownership of the information and the role individuals have in protecting information. Information that requires protection includes information they own, information provided to them as part of their work and information they may come into contact with. This document describes information technology/cybersecurity role-based training for the Federal Departments and Agencies and Organizations (Federal Organizations) and contractor support in these roles. Its primary focus is to provide a comprehensive, yet flexible, training methodology for the development of training courses or modules for personnel who have been identified as having significant information technology/cybersecurity responsibilities. This document is intended to be used by Federal information technology/cybersecurity training personnel and their contractors to assist in designing role-based training courses or modules for Federal Organizations personnel and contractors who have been identified as having significant responsibilities for information technology/cybersecurity. This publication should also be read, reviewed, or understood at a fairly high level by several audiences including the Organizational Heads through the leadership chain to the individual. Some of the titles include, but not limited to, the IT Managers, Senior Agency Information Security Officer (SAISO), Certified Information Systems Security Officer (CISSO), Information Systems Security Officer (ISSO), Information Assurance Manager (IAM), and Program Manager (PM).
Meeting security responsibilities and providing for the confidentiality, integrity, and availability of information in today's highly networked environment can be a difficult task. Each individual that owns, uses, relies on, or manages information and information technology (IT) systems must fully...
See full abstract
Meeting security responsibilities and providing for the confidentiality, integrity, and availability of information in today's highly networked environment can be a difficult task. Each individual that owns, uses, relies on, or manages information and information technology (IT) systems must fully understand their specific security responsibilities. This includes ownership of the information and the role individuals have in protecting information. Information that requires protection includes information they own, information provided to them as part of their work and information they may come into contact with. This document describes information technology/cybersecurity role-based training for the Federal Departments and Agencies and Organizations (Federal Organizations) and contractor support in these roles. Its primary focus is to provide a comprehensive, yet flexible, training methodology for the development of training courses or modules for personnel who have been identified as having significant information technology/cybersecurity responsibilities. This document is intended to be used by Federal information technology/cybersecurity training personnel and their contractors to assist in designing role-based training courses or modules for Federal Organizations personnel and contractors who have been identified as having significant responsibilities for information technology/cybersecurity. This publication should also be read, reviewed, or understood at a fairly high level by several audiences including the Organizational Heads through the leadership chain to the individual. Some of the titles include, but not limited to, the IT Managers, Senior Agency Information Security Officer (SAISO), Certified Information Systems Security Officer (CISSO), Information Systems Security Officer (ISSO), Information Assurance Manager (IAM), and Program Manager (PM).
Hide full abstract
Keywords
security literacy; cybersecurity; learning continuum; role-based training; security; security awareness; information assurance; security controls
Control Families
Awareness and Training; Program Management