§ 930.302 - Training requirement.  

The head of each agency shall identify employees responsible for the management or use of computer systems that process sensitive information and provide the following training (consult “Computer Security Training Guidelines,” NIST Special Publication 500-172 1, for more detailed information) to each of these groups:

(a) Executives shall receive awareness training in computer security basics, computer security policy and procedures, contingency planning, and systems life cycle management; and policy level training in security planning and management.

(b) Program and functional managers shall receive awareness training in computer security basics; implementation level training in security planning and management, and computer security policy and procedures; and performance level training in contingency planning and systems life cycle management.

(c) IRM, security, and audit personnel shall receive awareness training in computer security basics; and performance level training in security planning and management, computer security policies and procedures, contingency planning, and systems life cycle management.

(d) ADP management and operations personnel shall receive awareness training in computer security basics; and performance level training in security planning and management, computer security policies and procedures, contingency planning, and systems life cycle management.

(e) End users shall receive awareness training in computer security basics, security planning and management, and systems life cycle management; and performance level training in computer security policies and procedures, and contingency planning.