The college will ensure that all employees and contractors receive appropriate awareness education and training relevant to their job function to enhance cybersecurity resilience and promote a culture of security awareness.

The college will ensure that role-based cybersecurity and data privacy-related training is provided to personnel before authorizing access to the system or performing assigned duties, when required by system changes, and annually thereafter.

The college shall implement access controls to ensure that every user accessing a system processing, storing, or transmitting sensitive information is formally trained in data handling requirements, in accordance with NIST 800-53r5 controls.

The college will ensure that specific training is provided to privileged users to ensure they understand their unique roles and responsibilities in maintaining cybersecurity posture.

The college shall ensure that all personnel responsible for cybersecurity and data privacy receive Continuing Professional Education (CPE) training to maintain currency and proficiency with industry- recognized secure practices relevant to their assigned roles and responsibilities.

The college shall incorporate NIST 800-53r5 controls into its policies and procedures to ensure the organization facilitates the implementation of tailored development and acquisition strategies, contract tools, and procurement methods to meet unique business needs.