FedRAMP Security Training Records AT-4

Overview:
The organization:
a. Documents and monitors individual information system security training activities including basic security awareness training and specific information system security training; and
b. Retains individual training records for [Assignment: organization-defined time period].

Supplemental Guidance:
Documentation for specialized training may be maintained by individual supervisors at the option of the organization.

Related controls: AT-2, AT-3, PM-14.

Action Items:
1) Document and monitor security training activities and retain records

Related Documents:
1) Security Awareness and Training Policy

2) Human Resources Security Policy

Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
AT-4 (b) [At least one year]

Moderate Additional FedRAMP Requirements and Guidance
none

Article ID: 56
Created: September 25, 2022
Last Updated: September 25, 2022
Author: Matthew Burdick

Online URL: http://www.compliancewiki.org/article/fedramp-security-training-records-at-4-56.html