AT 4 TRAINING RECORDS - NIST-SP-800-53-R5/NIST-SP-800-53-R5.github.io GitHub Wiki

Control:

• a. Document and monitor information security and privacy training activities, including security and privacy awareness training and specific role-based security and privacy training; and
• b. Retain individual training records for [ Assignment: organization-defined time period ].

Discussion: Documentation for specialized training may be maintained by individual supervisors at the discretion of the organization. The National Archives and Records Administration provides guidance on records retention for federal agencies.

Related Controls: AT-2, AT-3, CP-3, IR -2, PM-14, SI-12.

Control Enhancements: None.

References: [OMB A-130].