NIST 800-171 R-3.2.1
Provide Security Awareness
Official citation: 3.2.1
Class: core · Severity: high
Statement of the obligation — verify against source
3.2.1
What it means
Make sure managers, system administrators, and users understand the security risks in what they do and the policies, standards, and procedures that protect your systems. Tailor the content and frequency to your environment and the systems people can reach, covering basic security awareness, how to respond to suspected incidents, and operations security. Techniques include formal training, email advisories, logon-screen messages, posters, and awareness events.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.