SECURITY AND PRIVACY AWARENESS - 5320.1

Policy: Each state entity shall provide basic security and privacy awareness training to all information asset users (all personnel, including managers and senior executives) as part of initial training for new users and annually thereafter.

Each state entity shall determine the appropriate content of security awareness training based on statewide requirements, specific state entity requirements, and the information processes and assets to which personnel have access.