People with security responsibilities are trained to perform them.
What it actually means
Beyond general awareness, anyone with a specific security role (admins, the person who reviews logs, whoever handles incidents) needs role-specific training to actually do that job. General awareness covers everyone; this covers the people with duties.
Pass or fail — an assessor needs a "yes" to each
- Personnel with security duties get role-specific training.
- Training maps to their assigned responsibilities.
- Completion is tracked.
What to have ready
- Role-based training plan
- Completion records for security-role personnel
Where teams trip up
- Only general awareness, no role-specific depth
- Assigning security duties to untrained staff
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →