{"id":792,"date":"2024-04-24T16:46:57","date_gmt":"2024-04-24T16:46:57","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=792"},"modified":"2024-09-06T16:29:17","modified_gmt":"2024-09-06T16:29:17","slug":"at-1-policy-and-procedures","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/awareness-and-training-at\/at-1-policy-and-procedures\/","title":{"rendered":"AT-1: Security Awareness and Training Policy and Procedures \u00a0\u00a0"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">AT-1: Security Awareness and Training Policy and Procedures &nbsp;&nbsp;<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: &nbsp;<\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By:<\/strong> &nbsp;07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: &nbsp;<\/strong>05\/08\/2024&nbsp;<\/h2>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>Purpose &#8211;&nbsp;<\/strong>&nbsp;<\/h3>\n\n\n\n<p>Tarleton State University (Tarleton) recognizes that security awareness training policies and procedures are vital to reducing information security risks. The Security Awareness Training Policy and associated controls document the requirements for training users to understand their responsibilities under State law and System policy, and their role in protecting Tarleton\u2019s information resources by reducing information security risks.&nbsp;&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>Scope and Roles &#8211;<\/strong>&nbsp;<\/h3>\n\n\n\n<p>The intended audience includes the Tarleton Chief Information Officer (CIO), Chief Information Security Officer (CISO), information resource owners, information resource custodians, and all users of Tarleton information resources.&nbsp;&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>Compliance &#8211;&nbsp;<\/strong>&nbsp;<\/h3>\n\n\n\n<p>The Security Awareness Training Policy and associated controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code <a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=76\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7202.76<\/a>, <a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=74\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7202.74<\/a>, Texas Government Code <a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm#2054.519\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a72054.519<\/a>, <a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm#2054.5191\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a72054.5191<\/a>, <a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm#2054.5192\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a72054.5192<\/a>, and Texas A&amp;M University System <a href=\"https:\/\/policies.tamus.edu\/29-01-03.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Regulation 29.01.03, Information Security<\/a>.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>Implementation<\/strong>&nbsp;<\/h3>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>The Security Awareness Training Policy and associated controls are implemented to ensure compliance with the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code <a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=76\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7202.76<\/a>, <a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=74\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a7202.74<\/a>, Texas Government Code <a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm#2054.519\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a72054.519<\/a>, <a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm#2054.5191\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a72054.5191<\/a>, <a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm#2054.5192\" target=\"_blank\" rel=\"noreferrer noopener\">\u00a72054.5192<\/a>, Texas A&amp;M University System (TAMUS) <a href=\"https:\/\/policies.tamus.edu\/29-01-03.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Regulation 29.01.03, Information Security<\/a>, and Tarleton\u2019s <a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_99_t1.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Rule 29.01.99.T1, Information Resources<\/a>.&nbsp;<\/li>\n\n\n\n<li>As stated in <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/awareness-and-training-at\/at-2-literacy-training-awareness\/\" data-type=\"page\" data-id=\"805\">Control AT-2, Literacy Training and Awareness<\/a>, all Tarleton employees who use information resources and third-party vendors that require a Tarleton account are required to comply with the policy and procedures related to Information Security Awareness (ISA) training and must acknowledge they have read, understand, and will comply with university requirements regarding computer security policies and procedures.&nbsp;&nbsp;&nbsp;\n<ul class=\"wp-block-list\">\n<li>Tarleton employees must complete ISA training within 30 days of their hire date.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Third-party vendors and contractors requiring a Tarleton vendor account must complete training prior to receiving their account credentials.&nbsp;&nbsp;<\/li>\n\n\n\n<li>Tarleton requires employees and applicable third-party vendors to complete TAMUS and\/or DIR approved ISA training annually.&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The Tarleton CISO or designee reviews and updates, as needed, the security awareness training policy and security awareness training procedures as needed.&nbsp; TAMUS assists with updates to TrainTraq Course No. 3001 \u2013 Information Security Awareness Training, which is the DIR approved course used by Tarleton for the training requirement as a member of the Texas A&amp;M University System.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>References\/Additional Resources<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm#2054.138:~:text=Sec.%202054.519.%20%20STATE%20CERTIFIED%20CYBERSECURITY%20TRAINING%20PROGRAMS.\" target=\"_blank\" rel=\"noreferrer noopener\">Tex. Gov\u2019t Code Section 2054.519<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=24\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.24<\/a>&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/texreg.sos.state.tx.us\/public\/readtac$ext.TacPage?sl=R&amp;app=9&amp;p_dir=&amp;p_rloc=&amp;p_tloc=&amp;p_ploc=&amp;pg=1&amp;p_tac=&amp;ti=1&amp;pt=10&amp;ch=202&amp;rl=74\" target=\"_blank\" rel=\"noreferrer noopener\">1 TAC \u00a7 202.74<\/a>&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/policies.tamus.edu\/29-01-03.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">TAMUS Regulation 29.01.03, Information Security<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.tarleton.edu\/policy\/wp-content\/uploads\/sites\/142\/2022\/06\/29_01_99_t1.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Tarleton Rule 29.01.99.T1, Information Resources<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>AT-1: Security Awareness and Training Policy and Procedures &nbsp;&nbsp; NIST Baseline: &nbsp;Low&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: &nbsp;05\/08\/2024&nbsp; Purpose &#8211;&nbsp;&nbsp; Tarleton State University (Tarleton) recognizes that security awareness training &#8230;<\/p>\n","protected":false},"author":62,"featured_media":580,"parent":780,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-792","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/kyle-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"kyle"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on April 24, 2024","modified":"Updated on September 6, 2024"},"absolute_dates_time":{"created":"Posted on April 24, 2024 4:46 pm","modified":"Updated on September 6, 2024 4:29 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/792","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=792"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/792\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/780"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=792"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}