Awareness and Training
This is the second of a fourteen piece blog series intended to describe how Ascolta Greenfield environments achieve National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 Revision 1, Protecting Controlled Unclassified Information in Non-federal Systems,compliance. This entry covers the controls contained in the Awareness and Training Policy and Procedures family.
What is it?
Users can, and many times are, viewed as the weakest link in securing systems. Often users are not aware of how their actions may impact the security of a system. Making users aware of their security responsibilities and teaching them correct practices helps change their behavior. It also supports individual accountability, which is one of the most important ways to improve information security. Without knowing best-practice security measures or how to use them, users cannot be held truly accountable for their actions and your information will be at risk.📷The purpose of information security awareness, training, and education is to enhance security by:raising awareness of the need to protect system resources,developing skills and knowledge so system users can perform their jobs more securely, andbuilding in-depth knowledge as needed to design, implement, or operate security programs for organizations and systems.
How does Greenfield solve it?
Greenfield provides training and awareness by requiring users to complete government approved Cyber Security Awareness and Insider Threat training prior to being issued a Greenfield account and annual re-certification is required to maintain account access. Privileged users must complete a Greenfield familiarization program before being granted access to the system.Depending on the level of user the training takes anywhere form two hours to an afternoon. Once complete, the Greenfield portal tracks users completion dates and notifies them and administrators when annual re-certification is required. 📷