AT-05: Contacts with Security Groups and Associations
base control objective:
The organization establishes and institutionalizes contact with selected groups and associations within the security community:
- To facilitate ongoing security education and training for organizational personnel;
- To stay up-to-date with the latest recommended security practices, techniques, and technologies; and
- To share current security-related information including threats, vulnerabilities, and incidents.
supplemental objective information:
Ongoing contact with security groups and associations is of paramount importance in an environment of rapid technology changes and dynamic threats. Security groups and associations can include, for example, special interest groups, specialized forums, professional associations, news groups, and/or peer groups of security professionals in similar organizations. The groups and associations selected are consistent with the organization’s mission/business requirements. Information sharing activities regarding threats, vulnerabilities, and incidents related to information systems are consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
enhancements to the base objective:
mapping to FIPS199 baseline:
related (regimented) controls:
documents referenced in SP800-53rev3 for AT-05:
Creating a Patch and Vulnerability Management Program