>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AT-2(4)Literacy Training and Awareness | Suspicious Communications and Anomalous System Behavior

IL5
IL6

>Control Description

Provide literacy training on recognizing suspicious communications and anomalous behavior in organizational systems using organization-defined indicators of malicious code.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

A well-trained workforce provides another organizational control that can be employed as part of a defense-in-depth strategy to protect against malicious code coming into organizations via email or the web applications. Personnel are trained to look for indications of potentially suspicious email (e.g., receiving an unexpected email, receiving an email containing strange or poor grammar, or receiving an email from an unfamiliar sender that appears to be from a known sponsor or contractor). Personnel are also trained on how to respond to suspicious email or web communications.

For this process to work effectively, personnel are trained and made aware of what constitutes suspicious communications. Training personnel on how to recognize anomalous behaviors in systems can provide organizations with early warning for the presence of malicious code. Recognition of anomalous behavior by organizational personnel can supplement malicious code detection and protection tools and systems employed by organizations.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of AT-2(4) (Suspicious Communications And Anomalous System Behavior)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring AT-2(4)?
  • How frequently is the AT-2(4) policy reviewed and updated, and what triggers policy changes?
  • What training or awareness programs ensure personnel understand their responsibilities related to AT-2(4)?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce AT-2(4) requirements.
  • What automated tools, systems, or technologies are deployed to implement AT-2(4)?
  • How is AT-2(4) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce AT-2(4) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of AT-2(4)?
  • What audit logs, records, reports, or monitoring data validate AT-2(4) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of AT-2(4) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate AT-2(4) compliance?

Ask AI

Configure your API key to use AI features.