User Awareness and Training
Purpose
This SOP defines the procedures for security awareness and training for all personnel within the Organization seeking certification (OSC). It ensures compliance with NIST SP 800-171 requirements and Department of Defense (DoD) security training mandates.
Scope
This SOP applies to all OSC personnel who require access to organizational systems and data. Compliance with this SOP is mandatory for maintaining security and regulatory adherence.
Section 1: Organization seeking certification (OSC) Steps
Step 1: Complete Required Training
Training materials and courses can be accessed via the Security Awareness Hub:
🔗 Security Awareness Hub
All personnel must complete the following mandatory security training courses annually:
- Counterintelligence Awareness and Reporting for DoD
- Cybersecurity Awareness
- DoD Security Principles
- DoD Annual Security Awareness Refresher
- Insider Threat Awareness
- Operations Security
Additional role-specific training may be required:
- DoD Mandatory Controlled Unclassified Information (CUI) Training
- Privileged User Cybersecurity Responsibilities Training
Step 2: Complete Organization-Specific Training
Personnel must also review any OSC Annual Security Training documentation.
- After completing the briefing, print and sign the annual security acknowledgment form.
- Submit the signed acknowledgment to your Facility Security Officer (FSO).
Step 3: Submit Training Completion Certificates
Upon successful completion of the required courses:
- Obtain certificates of completion from the training portal.
- Provide all certificates to the OSC FSO.
Step 4: Compliance Verification and Monitoring
- OSC leadership must track and document training completion for all personnel.
- Non-compliance with training requirements must be escalated to management for corrective action.
Review & Maintenance
This SOP will be reviewed annually to ensure alignment with compliance requirements and DoD mandates.