Date Published: August 28, 2023
Comments Due: October 27, 2023 (public comment period is CLOSED)
Email Questions to:
sp800-50-comments@nist.gov
Cybersecurity awareness and training resources, methodologies, and requirements have evolved since NIST SP 800-50 was introduced in 2003. New guidance from the National Defense Authorization Act (NDAA) for FY2021 and the Cybersecurity Enhancement Act of 2014 have informed this revision. In addition, the 2016 update to Office of Management and Budget (OMB) Circular A-130 emphasizes the role of both privacy and security in the federal information life cycle and requires agencies to have both security and privacy awareness and training programs. Additionally, the NICE Workforce Framework for Cybersecurity (NICE Framework), which was published as NIST SP 800-181 in 2017 and revised in 2020, further informed the development of the draft of SP 800-50.
Work on a companion guide — NIST SP 800-16r3, Information Technology Security Training Requirements: A Role- and Performance-Based Model — will cease and the original NIST SP 800-16 (1998) will be withdrawn with the final publication of NIST SP 800-50r1.
The public comment period is open through October 27, 2023. We encourage you to use this comment template when preparing and submitting your comments.
NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.
None selected
Publication:
https://doi.org/10.6028/NIST.SP.800-50r1.ipd
Download URL
Supplemental Material:
Comment template (xlsx)
Document History:
09/21/21: SP 800-50 Rev. 1 (Draft)
08/28/23: SP 800-50 Rev. 1 (Draft)
09/12/24: SP 800-50 Rev. 1 (Final)