Fandom

The IT Law Wiki

Security awareness and training

32,199pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Overview Edit

U.S. government Edit

Security awareness and training in accepted security practices for Federal employees are mandated by the Computer Security Act of 1987 (the "Act") . . . for "all employees who are involved with the management, use, or operation of each Federal computer system within or under the supervision of that agency." NIST and the U.S. Office of Personnel Management (OPM) were assigned the joint task of developing and issuing guidelines for the computer security training mandated by the Act. NIST issued NIST Special Publication 500-172, Computer Security Training Guidelines, in November 1989. In January 1992, OPM issued a revision to Federal regulations that made the voluntary guidelines in that publication mandatory.[1]

The OPM regulation requires training: (1) for current employees; (2) for new employees within 60 days of hire; (3) whenever there is a significant change in the agency's IT security environment or procedures; and (4) when an employee enters a new position that deals with sensitive information. It also requires periodic refresher training, based on the sensitivity of the information the employee handles.

OMB Circular A-130, Appendix III restates these mandatory training requirements. It also requires that before receiving access to any IT systems or applications, all employees must receive specialized training focusing on their IT security responsibilities and established system rules.

References Edit

  1. 5 C.F.R. Part 930, RIN 3205-AD43 (hereinafter OPM regulation).

Source Edit

Also on Fandom

Random Wiki