PR.AT-01 - Training Personnel on Cybersecurity Basics
PR.AT-01 ensures that all personnel—employees, contractors, and partners—receive basic cybersecurity awareness and training to handle tasks securely. This includes recognizing phishing attempts, adhering to acceptable use policies, and practicing cyber hygiene like password management. It builds a foundational layer of human-centric security across the organization.
This subcategory reinforces a security-conscious culture by explaining policy violation consequences and testing user understanding periodically. Annual refreshers keep knowledge current, addressing new threats and practices. PR.AT-01 empowers personnel to act as a first line of defense against common cyber risks.
