CISA Cybersecurity Performance Goals: Governance and Training Security Controls
Controls that establish cybersecurity policies and ensure personnel are trained to recognize and respond to threats.
Governance and Training
A cybersecurity policy is established, approved, and communicated
Security controls only hold up when there is a written policy that defines expectations and assigns ...
All employees receive security awareness training at least annually
People are routinely the entry point for attacks: phishing, social engineering, and credential theft...
Employees are trained to recognize and report phishing attempts
Phishing is the most common initial access vector for ransomware, business email compromise, and cre...
Third-party vendors are required to meet minimum security standards
Your security posture is only as strong as the weakest vendor with access to your systems or data. T...