AT-3: Role-Based Training

NIST Baseline: Low

Additional role-based security and privacy training may be assigned based on factors such as information resource risk or scope of assigned duties. The Tarleton Chief Information Security Officer (CISO), information resource owners and/or department managers/supervCISOrs may assign additional training before authorizing access to systems or on an as needed basis.
- Security awareness training will be delivered in accordance with Texas Government Code §2054.519 and as stated in the Awareness and Training (AT) Control Family.
Role-based training will be updated periodically to incorporate lessons learned from contingency plan testing, internal or external security incidents. See Control CP-3, Contingency Training; Control CP-4, Contingency Plan Testing; Control IR-2, Incident Response Training; and Control IR-3, Incident Response Testing, for additional information.