Security Training - Information Security (INFOSEC) for ALL Employees; Military, Government Civilian and Contractor
An XCCDF Rule
Description
<VulnDiscussion>Failure to provide security training to ALL employees results in a weak security program and could lead to the loss or compromise of classified or sensitive information. REFERENCES: DoD 5220.22-M (NISPOM), February 2006, Incorporating Change 2, May 18, 2016 Chapter 1, para 1-206 and Chapter 3. NIST Special Publication 800-53 (SP 800-53) Controls: AT-1, AT-2, AT-3 and AT-4 DoD Manual 5200.01, Volume 1, 24 February 2012, SUBJECT: DoD Information Security Program: Overview, Classification, and Declassification Encl 2, para 7.c., 7.d., 7.g., 9.f.; Encl 3, para 5.f.; Encl 4 para 10.c.; Encl 5, para 3.b. CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), 9 February 2011 Encl A, para 11; Encl B, para 4.h., 4.i., 6.m.; Encl C para 5., 7.f., 21.h.(2), 27e.(8)(d) and 31.b. DoD Manual 5200.01, Volume 3, 24 February 2012, SUBJECT: DoD Information Security Program: Protection of Classified Information Enclosure 5</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-245872r822940_rule
- Severity
- Medium
- Updated
Remediation - Manual Procedure
1. Ensure initial and recurring (annual minimum) information security training is provided to each employee.
2. Ensure the following training topics are covered at a MINIMUM:
a. Classified Handling (physical (storage) security, transportation/transmission & marking of documents, equipment and media)
b. Communications Security