SECURITY AND PRIVACY TRAINING RECORDS - 5320.3

Policy: Each state entity shall document and monitor individual information security and privacy training activities including basic security and privacy awareness training and specific information system security training; and retain individual training records to support corrective action, audit and assessment processes. The ISO will be responsible for ensuring that training content is maintained and updated as necessary to address the latest security challenges that may impact users.

Implementation Controls:  NIST SP 800-53: Awareness and Training (AT)