Skip to Content

FedRAMP Security Training Records AT-4

56  Matthew Burdick September 25, 2022  Awareness and Training (AT)

Overview:
The organization:
a. Documents and monitors individual information system security training activities including basic security awareness training and specific information system security training; and
b. Retains individual training records for [Assignment: organization-defined time period].


Supplemental Guidance:
Documentation for specialized training may be maintained by individual supervisors at the option of the organization.


Related controls: AT-2, AT-3, PM-14.


Action Items:
1) Document and monitor security training activities and retain records


Related Documents:
1) Security Awareness and Training Policy

2) Human Resources Security Policy

 


Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
AT-4 (b) [At least one year]


Moderate Additional FedRAMP Requirements and Guidance
none
Not Rated
Secure Code