AT-4 SECURITY TRAINING RECORDS

Page last updated:

PCF Compliance

Compliance with this requirement is the responsibility of the PCF deployer.


Control Description

The organization:

  1. Documents and monitors individual information system security training activities including basic security awareness training and specific information system security training; and
  2. Retains individual training records for [Assignment: organization-defined time period].

Supplemental Guidance

Documentation for specialized training may be maintained by individual supervisors at the option of the organization.