Employee Training and Awareness

NIST resources that defines requirements for literacy training and awareness.

NIST resources that defines requirements for role-based training.

This publication provides recommendations for securing BYOD devices used for telework and remote access, as well as those directly attached to the enterprise’s own networks.

This publication provides guidance for federal agencies and organizations to develop and manage a life cycle approach to building a Cybersecurity and Privacy Learning Program (CPLP).

This paper from Carnegie Mellon discusses potential ways an insider threat program could go wrong.

This course introduces the threats and vulnerabilities faced when working within the government or defense industrial systems.

This course discusses how Insider Threat Awareness is an essential component of a comprehensive security program.

This resource provides general awareness and role-based information security training documents.

This webpage provided by CISA will help individuals, organizations, and communities create or improve an existing insider threat mitigation program.

This blog discusses security awareness best practices and references other awareness training topics

This guide provides direction for implementing the basic building blocks of an insider threat program.

This guide focuses on organizational security awareness, security awareness content, and it provides a security awareness training checklist.

This SANS whitepaper describes how to successfully implement a comprehensive Security Training, Awareness, and Education program.

This link to CDSE provides insider threat training and awareness.

This toolkit contains resources to help you perform your role in the insider threat field.

Cybersecurity awareness resources for all segments of the community.

Collection of cyber training courses and training aids provided by the DoD Cyber Exchange. It provides an overview of cybersecurity threats and best practices to keep information and information systems secure. 

The purpose of this example procedure from the EPA is to help with implementing the security control requirements for the Awareness and Training (AT) control family.

KnowBe4 is a large security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering.

Proofpoint Security Awareness Training is offering a free Phishing Awareness Kit. This kit gives you the tools you need to engage your users and turn them into a strong line of defense against phishing attacks and other cyber threats.

The NICCS Education and Training Catalog is a central location where cybersecurity professionals across the nation can find over 3,000 cybersecurity-related courses.

This document is an example of an Acceptable Use for System Administrators Policy from the University of Arizona.

This document provides self-assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 1.

This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2.

This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 3.

The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171.