AT-3 Role-Based Security Training

Description

Organizations determine the appropriate content of security training based on the assigned roles and responsibilities of individuals and the specific security requirements of organizations and the information systems to which personnel have authorized access.

In addition, organizations provide

  1. enterprise architects,
  2. information system developers,
  3. software developers,
  4. acquisition/procurement officials,
  5. information system managers,
  6. system/network administrators,
  7. personnel conducting configuration management and auditing activities,
  8. personnel performing independent verification and validation activities,
  9. security control assessors, and
  10. other personnel having access to system-level software

with adequate security-related technical training specifically tailored for their assigned duties.

Comprehensive role-based training addresses management, operational, and technical roles and responsibilities covering physical, personnel, and technical safeguards and countermeasures. Such training can include for example, policies, procedures, tools, and artifacts for the organizational security roles defined.

Organizations also provide the training necessary for individuals to carry out their responsibilities related to operations and supply chain security within the context of organizational information security programs.

Role-based security training also applies to contractors providing services to federal agencies.

Applicability

The Chief Information Security and Privacy Officer (CISPO), or designee is responsible for ensuring that the measures described in this Control are implemented.

Implementation

TAMU-CC shall provide role-based security training to personnel with assigned security roles and responsibilities:

  1. Before authorizing access to the information system or performing assigned duties;
  2. When required by information system changes; and
  3. Annually thereafter.

Revision History

Last Updated: February 21, 2025

Previous Versions:

  • June 29, 2023
  • May 31, 2022
  • March 25, 2021
  • September 16, 2019

Chief Information Security and Privacy Officer

Submit a Ticket

News

See All News

Events

See All Events