Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization provides training to its personnel on [FedRAMP Assignment: (H) malicious code indicators as defined by organization incident policy/capability] to recognize suspicious communications and anomalous behavior in organizational information systems.
NIST 800-53 (r4) Supplemental Guidance:
A well-trained workforce provides an other organizational safeguard that can be employed as part of a defense-in-depth strategy to protect organizations against malicious code coming in to organizations via email or the web applications. Personnel are trained to look for indications of potentially suspicious email (e.g., receiving an unexpected email, receiving an email containing strange or poor grammar, or receiving an email from an unfamiliar sender but who appears to be from a known sponsor or contractor). Personnel are also trained on how to respond to such suspicious email or web communications (e.g., not opening attachments, not clicking on embedded web links, and checking the source of email addresses). For this process to work effectively, all organizational personnel are trained and made aware of what constitutes suspicious communications. Training personnel on how to recognize anomalous behaviors in organizational information systems can potentially provide early warning for the presence of malicious code. Recognition of such anomalous behavior by organizational personnel can supplement automated malicious code detection and protection tools and systems employed by organizations.
References: C.F.R. Part 5 Subpart C (5 C.F.R. 930.301); NIST Special Publications 800-16, 800- 50.
NIST 800-53 (r5) Discussion:
None.
38North Guidance:
Meets Minimum Requirement:
Personnel receive training on recognizing suspicious communications and anomalous behavior, such as:
Phishing training: Recognizing suspicious emails or web communication and how to respond
Malware indicators: common indicators of system compromise (ex: system slow down, new browser activity, pop-ups, etc..)
Best Practice:
TBD
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Evidence of any training pertaining to recognizing suspicious behavior or anomalous activity
Records of individual training activities showing that individuals completed the training
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse