Pre-Draft Call for Comments | Incorporating Privacy in
Awareness & Training
To
help organizations incorporate privacy into their security awareness and
training regimes, NIST plans to revise SP 800-50,
Building
an Information Technology Security Awareness and Training Program.
In the nearly two decades since SP 800-50 was published in 2003, cybersecurity
awareness and training resources, methodologies, and requirements have evolved
considerably—and new guidance to inform this work has come from Congress and
the Office of Management and Budget.
Prior
to drafting the update, NIST is seeking public
comment on several topics, including the potential consolidation of
companion document SP 800-16,
Information
Technology Security Training Requirements: A Role- and Performance-Based
Model, into the revised SP 800-50. The proposed title for
SP 800-50 Revision 1 is Building a Cybersecurity and Privacy Awareness
and Training Program. Comments are due by November
5, 2021.
Your
public comments will be used to influence future drafts, including an Initial
Public Draft of the update which is scheduled to be released in early 2022 as
SP 800-50 Revision 1.