CP-03 Contingency Training
a. Provide contingency training to system users consistent with assigned roles and responsibilities:
1. Within cp-03_odp.01 of assuming a contingency role or responsibility;
2. When required by system changes; and
3. cp-03_odp.02 thereafter; and
b. Review and update contingency training content cp-03_odp.03 and following cp-03_odp.04.
| Parameter ID | Definition |
|---|---|
| cp-03_odp.01 | time period |
| cp-03_odp.02 | frequency |
| cp-03_odp.03 | frequency |
| cp-03_odp.04 | events |
Baselines
- L
- M
- H
- P
Guidance
Contingency training provided by organizations is linked to the assigned roles and responsibilities of organizational personnel to ensure that the appropriate content and level of detail is included in such training. For example, some individuals may only need to know when and where to report for duty during contingency operations and if normal duties are affected; system administrators may require additional training on how to establish systems at alternate processing and storage sites; and organizational officials may receive more specific training on how to conduct mission-essential functions in designated off-site locations and how to establish communications with other governmental entities for purposes of coordination on contingency-related activities. Training for contingency roles or responsibilities reflects the specific continuity requirements in the contingency plan. Events that may precipitate an update to contingency training content include, but are not limited to, contingency plan testing or an actual contingency (lessons learned), assessment or audit findings, security incidents or breaches, or changes in laws, executive orders, directives, regulations, policies, standards, and guidelines. At the discretion of the organization, participation in a contingency plan test or exercise, including lessons learned sessions subsequent to the test or exercise, may satisfy contingency plan training requirements.
References 1
- SP 800-50 Wilson M, Hash J (2003) Building an Information Technology Security Awareness and Training Program. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-50.
Control Enhancements 2
Related controls 9
- AT-02 Literacy Training and Awareness L M H P
- AT-03 Role-based Training L M H P
- AT-04 Training Records L M H P
- CP-02 Contingency Plan L M H P
- CP-04 Contingency Plan Testing L M H P
- CP-08 Telecommunications Services L M H P
- IR-02 Incident Response Training L M H P
- IR-04 Incident Handling L M H P
- IR-09 Information Spillage Response L M H P