1. Home
  2. FedRAMP
  3. AT-4

BRACKETOLOGY | FEDRAMP

AT-4: SECURITY TRAINING RECORDS

  • FedRAMP Baseline Membership AT-4:
  • LOW
  • MODERATE
  • HIGH

FedRAMP Bracketology

Use the FedRAMP Control Membership information above to determine if a control or control enhancement is required for each Impact Baseline — LOW, MODERATE, or HIGH

Click on the panel below each control or control enhancement to review the FedRAMP Impact Baseline-specific control configuration requirements for each of the [BRACKETS] in each control and/or control enhancement.

Review and use Additional Requirements and Guidance to build FedRAMP-compliant controls for your risk-based cybersecurity program.

To change the baseline view in the panel, click on LOW, MODERATE, or HIGH when the panel is open

Panels only appear where there are [BRACKETS] in the control or enhancement or where there is FedRAMP-specific requirements or guidance available.

The organization:

    • a. Documents and monitors individual information system security training activities including basic security awareness training and specific information system security training; and
    • b. Retains individual training records for [Assignment: organization-defined time period].

Click Low | Moderate | High below to see FedRAMP control configuration information. It's in BOLD.

AT-4a.: Document and monitor individual information system security training activities including basic security awareness training and specific information system security training; and

AT-4b.: Retains individual training records for at least one year.

AT-4a.: Document and monitor individual information system security training activities including basic security awareness training and specific information system security training; and

AT-4b.: Retains individual training records for at least one year.

AT-4a.: Document and monitor individual information system security training activities including basic security awareness training and specific information system security training; and

AT-4b.: Retains individual training records for at least five (5) years or 5 years after completion of a specific training program.

SUPPLEMENTAL GUIDANCE

Documentation for specialized training may be maintained by individual supervisors at the option of the organization.

CONTROL ENHANCEMENTS

NO CONTROL ENHANCEMENTS

REFERENCES:

  • NO REFERENCES