Security and Privacy Controls for Information Systems and Organizations
AWARENESS and TRAINING
The AWARENESS and TRAINING Playbook addresses the following areas:
- Policy and Procedures
- Account Management
- Access Enforcement
- Information Flow Enforcement
- Separation of Duties
- Least Privilege
- Unsuccessful Logon Attempts
- System Use Notification
- Previous Logon Notification
- Concurrent Session Control
- Device Lock
- Session Termination
- Supervision and Review-Access Control
- Permitted Actions without Identification or Authentication
- Automated Marking
- Security and Privacy Attributes
- Remote Access
- Wireless Access
- Access Control for Mobile Devices
- Use of External Systems
- Information Sharing
- Data Mining Protection
- Access Control Decisions
- Reference Monitor
The AWARENESS and TRAINING Playbook is included in the Security and Privacy Controls for Information Systems and Organizations (NIST 80-53) Library which has been developed by the U.S. Department of Commerce's National Institute of Standards and Technology (NIST). It establishes controls for systems and organizations. The controls can be implemented within any organization or system that processes, stores, or transmits information.