myctrl.tools
Compare

PM-13Security And Privacy Workforce

PRIVACY

>Control Description

Establish a security and privacy workforce development and improvement program.

>Cross-Framework Mappings

NIST CSF 2.0

via NIST CSF 2.0 Concept Crosswalk
GV.RR-02
Compare
GV.RR-04
Compare

SOC 2 TSC

CC1.2
Compare

SCF

HRS-03
Compare
SAT-01
Compare

>Supplemental Guidance

Security and privacy workforce development and improvement programs include defining the knowledge, skills, and abilities needed to perform security and privacy duties and tasks; developing role-based training programs for individuals assigned security and privacy roles and responsibilities; and providing standards and guidelines for measuring and building individual qualifications for incumbents and applicants for security- and privacy-related positions. Such workforce development and improvement programs can also include security and privacy career paths to encourage security and privacy professionals to advance in the field and fill positions with greater responsibility. The programs encourage organizations to fill security- and privacy-related positions with qualified personnel.

Security and privacy workforce development and improvement programs are complementary to organizational security awareness and training programs and focus on developing and institutionalizing the core security and privacy capabilities of personnel needed to protect organizational operations, assets, and individuals.

>Related Controls

AT-2
AT-3

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is the process for establishing and maintaining security and privacy workforce roles and responsibilities?
  • How does the organization identify personnel requiring security and privacy training and qualifications?
  • Who is responsible for managing the security and privacy workforce development program?
  • How are workforce requirements integrated into hiring, training, and performance management?
  • What governance exists for ensuring the organization has adequate security and privacy workforce capacity?

Technical Implementation:

  • What systems manage security and privacy workforce roles and qualifications?
  • How are workforce requirements integrated with HR systems?
  • What skills tracking or competency management tools are used?

Evidence & Documentation:

  • Provide security and privacy workforce role definitions.
  • Provide documentation of workforce qualification requirements.
  • Provide evidence of workforce capacity assessments.
  • Provide records of workforce development planning.

Ask AI

Configure your API key to use AI features.