CMMC Practice AT.2.057: Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Training imparts skills and knowledge. It enables staff to perform a specific resilience function. Training programs identify cybersecurity skill gaps within your organization. Then, the programs train users on their specific cybersecurity roles and responsibilities.There is an important distinction between awareness training and role-based training. Awareness training provides general security training to influence user behavior. Role-based training focuses on the knowledge, skills, and abilities needed to complete a specific job.