NIST 800-171 R-3.2.2
Train Personnel for Their Security Duties
Official citation: 3.2.2
Class: core · Severity: high
Statement of the obligation — verify against source
3.2.2
What it means
Train people to carry out the specific security duties their roles require, with content and frequency matched to their responsibilities and the systems they access. Role-based training spans management, operational, and technical roles and can cover the policies, procedures, tools, and artifacts each role uses — including responsibilities for operations and supply-chain security.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.