home || catalog: SP800-53rev3 / class: Operational / family: (AT) Awareness and Training ||
search controls:
search nistpubs:

AC
AT

AT-01
AT-02
AT-03
AT-04 *
AT-05
AT-06

AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
RA
SA
SC
SI
MMMMM

  AT-04: Security Training Records  

base control objective:
The organization:
a. Documents and monitors individual information system security training activities including basic security awareness training and specific information system security training; and
b. Retains individual training records for [Assignment: organization-defined time period].

supplemental objective information:
While an organization may deem that organizationally-mandated individual training programs and the development of individual training plans are necessary, this control does not mandate either. Documentation for specialized training may be maintained by individual supervisors at the option of the organization.

enhancements to the base objective:

(1) None.

mapping to FIPS199 baseline:

  LOW: base     MOD: base     HIGH: base  

related (regimented) controls:

None.

documents referenced in SP800-53rev3 for AT-04:

Document Date Status Title
NIST SP800-50 October, 2003 current   Building an Information Technology Security Awareness and Training Program

Search SP800-53rev3 catalog: