Date Published: October 2003
Planning Note (09/21/2021):
NIST is requesting feedback on the potential consolidation of SP 800-16 with SP 800-50, as SP 800-50 Revision 1, Building a Cybersecurity and Privacy Awareness and Training Program (proposed title).
Submit your comments by November 5, 2021. See the SP 800-50 Call for Comments for more details and instructions for submitting comments.
Author(s)
Mark Wilson (NIST), Joan Hash (NIST)
NIST Special Publication 800-50, Building An Information Technology Security Awareness and Training Program, provides guidance for building an effective information technology (IT) security program and supports requirements specified in the Federal Information Security Management Act (FISMA) of 2002 and the Office of Management and Budget (OMB) Circular A-130, Appendix III.The document identifies the four critical steps in the life cycle of an IT security awareness and training program: 1) awareness and training program design (Section 3); 2) awareness and training material development (Section 4); 3) program implementation (Section 5); and 4) post-implementation (Section 6).The document is a companion publication to NIST Special Publication 800-16, Information Technology Security Training Requirements: A Role- and Performance-Based Model. The two publications are complementary - SP 800-50 works at a higher strategic level, discussing how to build an IT security awareness and training program, while SP 800-16 is at a lower tactical level, describing an approach to role-based IT security training.
NIST Special Publication 800-50, Building An Information Technology Security Awareness and Training Program, provides guidance for building an effective information technology (IT) security program and supports requirements specified in the Federal Information Security Management Act (FISMA) of 2002...
See full abstract
NIST Special Publication 800-50, Building An Information Technology Security Awareness and Training Program, provides guidance for building an effective information technology (IT) security program and supports requirements specified in the Federal Information Security Management Act (FISMA) of 2002 and the Office of Management and Budget (OMB) Circular A-130, Appendix III.The document identifies the four critical steps in the life cycle of an IT security awareness and training program: 1) awareness and training program design (Section 3); 2) awareness and training material development (Section 4); 3) program implementation (Section 5); and 4) post-implementation (Section 6).The document is a companion publication to NIST Special Publication 800-16, Information Technology Security Training Requirements: A Role- and Performance-Based Model. The two publications are complementary - SP 800-50 works at a higher strategic level, discussing how to build an IT security awareness and training program, while SP 800-16 is at a lower tactical level, describing an approach to role-based IT security training.
Hide full abstract
Keywords
Awareness; certification; design; develop; education; implement; maintain; metrics; training
Control Families
Awareness and Training; Contingency Planning; Incident Response
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
