Date Published: April 1998
Supersedes:
SP 500-172 (11/01/1989)
Planning Note (09/21/2021):
NIST is requesting feedback on the potential consolidation of SP 800-16 with SP 800-50, as SP 800-50 Revision 1, Building a Cybersecurity and Privacy Awareness and Training Program (proposed title).
Submit your comments by November 5, 2021. See the SP 800-50 Call for Comments for more details and instructions for submitting comments.
Author(s)
Dorothea deZafra (NIH), Sadie Pitcher (U.S. Department of Commerce), John Tressler (U.S. Department of Education), John Ippolito (Allied Technology Group)
Editor(s)
Mark Wilson (NIST)
This document supersedes NIST SP 500-172, Computer Security Training Guidelines, published in 1989. The new document supports the Computer Security Act (Public Law 100-235) and OMB Circular A-130 Appendix III requirements that NIST develop and issue computer security training guidance. This publication presents a new conceptual framework for providing information technology (IT) security training. This framework includes the IT security training requirements appropriate for today's distributed computing environment and provides flexibility for extension to accommodate future technologies and the related risk management decisions.
This document supersedes NIST SP 500-172, Computer Security Training Guidelines, published in 1989. The new document supports the Computer Security Act (Public Law 100-235) and OMB Circular A-130 Appendix III requirements that NIST develop and issue computer security training guidance. This...
See full abstract
This document supersedes NIST SP 500-172, Computer Security Training Guidelines, published in 1989. The new document supports the Computer Security Act (Public Law 100-235) and OMB Circular A-130 Appendix III requirements that NIST develop and issue computer security training guidance. This publication presents a new conceptual framework for providing information technology (IT) security training. This framework includes the IT security training requirements appropriate for today's distributed computing environment and provides flexibility for extension to accommodate future technologies and the related risk management decisions.
Hide full abstract
Keywords
Awareness; behavioral objectives; education; individual accountability; job function; management and technical controls; rules of behavior; training
Control Families
Awareness and Training; Program Management
