Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-16

Information Technology Security Training Requirements: a Role- and Performance-Based Model

Date Published: April 1998

Supersedes: SP 500-172 (11/01/1989)

Planning Note (09/21/2021):

NIST is requesting feedback on the potential consolidation of SP 800-16 with SP 800-50, as SP 800-50 Revision 1, Building a Cybersecurity and Privacy Awareness and Training Program (proposed title). 

Submit your comments by November 5, 2021. See the SP 800-50 Call for Comments for more details and instructions for submitting comments.


Dorothea deZafra (NIH), Sadie Pitcher (U.S. Department of Commerce), John Tressler (U.S. Department of Education), John Ippolito (Allied Technology Group)


Mark Wilson (NIST)



Awareness; behavioral objectives; education; individual accountability; job function; management and technical controls; rules of behavior; training
Control Families

Awareness and Training; Program Management


Download URL

Supplemental Material:
None available

Document History:
04/01/98: SP 800-16 (Final)


Security and Privacy

audit & accountability, awareness training & education

Laws and Regulations

OMB Circular A-130