The National Institute of Standards and Technology’s newly released Special Publication 800-50r1 (Revision 1) provides the federal government with updated guidance for developing and managing a robust cybersecurity and privacy learning program.
The first SP 800-50 revision integrates privacy with cybersecurity in the development of organization-wide learning programs; introduces a learning program concept that incorporates language found in other NIST documents; proposes an employee-focused cybersecurity and privacy culture for organizations; and incorporates guidance for using standard instructional design elements, maturity models and assessment approaches, NIST said Thursday.
Other changes include guidelines to integrate learning programs with organizational goals to manage cybersecurity and privacy risks and address the challenge of measuring the impacts of cybersecurity and privacy learning programs.
The SP 800-50r1 was informed by the fiscal year 2021 National Defense Authorization Act, the Cybersecurity Enhancement Act of 2014 and the NICE Workforce Framework for Cybersecurity.
Federal agencies must have security and privacy awareness and training programs under the Office of Management and Budget Circular A-130.