About GPO   |   Newsroom/Media   |   Congressional Relations   |   Inspector General   |   Careers   |   Contact   |   askGPO   |   Help  
 
Home   |   Customers   |   Vendors   |   Libraries  

The Electronic Code of Federal Regulations (e-CFR) is a regularly updated, unofficial editorial compilation of CFR material and Federal Register amendments produced by the National Archives and Records Administration's Office of the Federal Register (OFR) and the Government Printing Office.

Parallel Table of Authorities and Rules for the Code of Federal Regulations and the United States Code
Text | PDF

Find, review, and submit comments on Federal rules that are open for comment and published in the Federal Register using Regulations.gov.

Purchase individual CFR titles from the U.S. Government Online Bookstore.

Find issues of the CFR (including issues prior to 1996) at a local Federal depository library.

[2]
 
 

Electronic Code of Federal Regulations

e-CFR Data is current as of April 14, 2014

Title 5: Administrative Personnel
PART 930—PROGRAMS FOR SPECIFIC POSITIONS AND EXAMINATIONS (MISCELLANEOUS)
Subpart C—Information Security Responsibilities for Employees who Manage or Use Federal Information Systems


§930.301   Information systems security awareness training program.

Each Executive Agency must develop a plan for Federal information systems security awareness and training and

(a) Identify employees with significant information security responsibilities and provide role-specific training in accordance with National Institute of Standards and Technology (NIST) standards and guidance available on the NIST Web site, http://csrc.nist.gov/publications/nistpubs/, as follows:

(1) All users of Federal information systems must be exposed to security awareness materials at least annually. Users of Federal information systems include employees, contractors, students, guest researchers, visitors, and others who may need access to Federal information systems and applications.

(2) Executives must receive training in information security basics and policy level training in security planning and management.

(3) Program and functional managers must receive training in information security basics; management and implementation level training in security planning and system/application security management; and management and implementation level training in system/application life cycle management, risk management, and contingency planning.

(4) Chief Information Officers (CIOs), IT security program managers, auditors, and other security-oriented personnel (e.g., system and network administrators, and system/application security officers) must receive training in information security basics and broad training in security planning, system and application security management, system/application life cycle management, risk management, and contingency planning.

(5) IT function management and operations personnel must receive training in information security basics; management and implementation level training in security planning and system/application security management; and management and implementation level training in system/application life cycle management, risk management, and contingency planning.

(b) Provide the Federal information systems security awareness material/exposure outlined in NIST guidance on IT security awareness and training to all new employees before allowing them access to the systems.

(c) Provide information systems security refresher training for agency employees as frequently as determined necessary by the agency, based on the sensitivity of the information that the employees use or process.

(d) Provide training whenever there is a significant change in the agency information system environment or procedures or when an employee enters a new position that requires additional role-specific training.



For questions or comments regarding e-CFR editorial content, features, or design, email ecfr@nara.gov.
For questions concerning e-CFR programming and delivery issues, email webteam@gpo.gov.