>myctrl.tools
Preferences
Under active development Content is continuously updated and improved · Last updated Feb 18, 2026, 2:55 AM UTC
Compare

AT-2(5)Literacy Training and Awareness | Advanced Persistent Threat

IL5
IL6

>Control Description

Provide literacy training on the advanced persistent threat.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

An effective way to detect advanced persistent threats (APT) and to preclude successful attacks is to provide specific literacy training for individuals. Threat literacy training includes educating individuals on the various ways that APTs can infiltrate the organization (e.g., through websites, emails, advertisement pop-ups, articles, and social engineering). Effective training includes techniques for recognizing suspicious emails, use of removable systems in non-secure settings, and the potential targeting of individuals at home.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of AT-2(5) (Advanced Persistent Threat)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring AT-2(5)?
  • How frequently is the AT-2(5) policy reviewed and updated, and what triggers policy changes?
  • What training or awareness programs ensure personnel understand their responsibilities related to AT-2(5)?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce AT-2(5) requirements.
  • What automated tools, systems, or technologies are deployed to implement AT-2(5)?
  • How is AT-2(5) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce AT-2(5) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of AT-2(5)?
  • What audit logs, records, reports, or monitoring data validate AT-2(5) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of AT-2(5) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate AT-2(5) compliance?

Ask AI

Configure your API key to use AI features.