PO.2.2—Provide role-based training for all personnel with responsibilities that contribute to secure development. Periodically review personnel proficiency and role-based training, and update the training as needed.
PO.2
>Control Description
Provide role-based training for all personnel with responsibilities that contribute to secure development. Periodically review personnel proficiency and role-based training, and update the training as needed.
>Practice: PO.2
Implement Roles and Responsibilities
Ensure that everyone inside and outside of the organization involved in the SDLC is prepared to perform their SDLC-related roles and responsibilities throughout the SDLC.
>Notional Implementation Examples
- 1.Document the desired outcomes of training for each role.
- 2.Define the type of training or curriculum required to achieve the desired outcome for each role.
- 3.Create a training plan for each role.
- 4.Acquire or create training for each role; acquired training may need to be customized for the organization.
- 5.Measure outcome performance to identify areas where changes to training may be beneficial.
>Cross-Framework References
Mappings to related frameworks and standards from NIST SP 800-218
BSA FSS
PD.2-2
BSIMM
T1.1
T1.7
T1.8
T2.5
T2.8
T2.9
T3.1
T3.2
+1 more
EO 14028
4e(ix)
IEC 62443
SM-4
Microsoft SDL
1
NIST CSF
OWASP SAMM
EG1-A
EG2-A
PCI SSLC
1.3
SAFECode Agile
Operational Security Tasks 14
15
Tasks Requiring the Help of Security Experts 1
SAFECode FPSSD
Planning the Implementation and Deployment of Secure Development Practices
SAFECode SIC
Vendor Software Development Integrity Controls
SP 800-53
SP 800-160
3.2.4
3.2.6
SP 800-161
SA-8
SP 800-181 (NICE)
OV-TEA-001
OV-TEA-002
T0030
T0073
T0320
K0204
K0208
K0220
+8 more
Ask AI
Configure your API key to use AI features.