An OSCAL Control
Document and monitor information security and privacy training activities, including security and privacy awareness training and specific role-based security and privacy training; and
Retain individual training records for time period .
Documentation for specialized training may be maintained by individual supervisors at the discretion of the organization. The National Archives and Records Administration provides guidance on records retention for federal agencies.
information security and privacy training activities, including security and privacy awareness training and specific role-based security and privacy training, are documented;
information security and privacy training activities, including security and privacy awareness training and specific role-based security and privacy training, are monitored;
individual training records are retained for time period .
Security and privacy awareness and training policy
procedures addressing security and privacy training records
security and privacy awareness and training records
system security plan
privacy plan
other relevant documents or records
Organizational personnel with information security and privacy training record retention responsibilities
Mechanisms supporting the management of security and privacy training records