Organizational Control: Developer-provided Training
| Control ID: SA-16 Developer-provided Training | Family: System and Services Acquisition | Source: NIST 800-53r4 |
| Control: The organization requires the developer of the information system, system component, or information system service to provide [Assignment: organization-defined training] on the correct use and operation of the implemented security functions, controls, and/or mechanisms. | ||
| Supplemental Guidance: This control applies to external and internal (in-house) developers. Training of personnel is an essential element to ensure the effectiveness of security controls implemented within organizational information systems. Training options include, for example, classroom-style training, web-based/computer-based training, and hands-on training. Organizations can also request sufficient training materials from developers to conduct in-house training or offer self-training to organizational personnel. Organizations determine the type of training necessary and may require different types of training for different security functions, controls, or mechanisms. Related Controls: AT-2, AT-3, SA-5 |
||
| Control Enhancements: N/A | ||
| References: N/A | ||
| Mechanisms: | ||
| Protocol Implementation Conformance Statements: N/A | ||