Home NIST Guidelines AT-1
AT-1 Awareness and Training

Security Awareness and Training Policy and Procedures

Medium Priority Intermediate NIST CSF

The organization develops, documents, and disseminates security awareness and training policy and procedures that address purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.

Implementation Guidance

Develop comprehensive security awareness and training programs that cover all personnel. Include role-specific training for different job functions.

Best Practices

Implement annual security awareness training, provide role-specific training, conduct phishing simulations, maintain training records

Quick Facts

Guideline ID AT-1
Category Awareness and Training
Subcategory Policy and Procedures
Priority Medium
Level Intermediate
Last Updated Mar 6, 2026
Get Expert Help Free Assessment

Related Guidelines

Explore other guidelines in the Awareness and Training category.

AT-4 Medium

Security Training Records

NIST AT-4 control implementation guidance for Security Training Records. This control addresses Awareness and Training requirements and provides compr...

AT-3 Medium

Role-Based Security Training

NIST AT-3 control implementation guidance for Role-Based Security Training. This control addresses Awareness and Training requirements and provides co...

AT-3(3) Medium

Enhanced AT-3 (3)

NIST AT-3(3) control implementation guidance for Enhanced AT-3 (3). This enhanced control addresses Awareness and Training requirements and provides c...

Need Help Implementing This Guideline?

Our certified experts can help you align NIST guidelines with your HIPAA compliance program.

Contact Our Experts View All Guidelines