Doc:NIST SP 800-53r3 Appendix F/AT-4
AT-4 SECURITY TRAINING RECORDS
- Control: The organization:
- a. Documents and monitors individual information system security training activities including basic security awareness training and specific information system security training; and
- b. Retains individual training records for [Assignment: organization-defined time period].
- Supplemental Guidance: While an organization may deem that organizationally mandated individual training programs and the development of individual training plans are necessary, this control does not mandate either. Documentation for specialized training may be maintained by individual supervisors at the option of the organization.
- Control Enhancements: None.