NIST CSF 2.0 · All Functions · PR Protect · PR.AT Awareness and Training

PR.AT-01

Personnel are provided with awareness and training so that they possess the knowledge and skills to perform general tasks with cybersecurity risks in mind

Implementation examples

Ex1: Provide basic cybersecurity awareness and training to employees, contractors, partners, suppliers, and all other users of the organization's non-public resources
Ex2: Train personnel to recognize social engineering attempts and other common attacks, report attacks and suspicious activity, comply with acceptable use policies, and perform basic cyber hygiene tasks (e.g., patching software, choosing passwords, protecting credentials)
Ex3: Explain the consequences of cybersecurity policy violations, both to individual users and the organization as a whole
Ex4: Periodically assess or test users on their understanding of basic cybersecurity practices
Ex5: Require annual refreshers to reinforce existing practices and introduce new practices

Mapped NIST 800-53 r5 controls (2)

AT-02 AT-03

Mapped CWE weaknesses (1)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

CWE-1391→P

All informative references (45)

AI-SOC: AI-SOC-29
CCMv4.0: DCS-11
CCMv4.0: HRS-09
CCMv4.0: HRS-11
CCMv4.0: HRS-12
CCMv4.0: HRS-13
CCMv4.0: SEF-02
CCMv4.0: SEF-03
CCMv4.0: UEM-14
CIS Controls v8.0: 14.1
CIS Controls v8.1: 14.1
CRI Profile v2.0: PR.AT-01
CRI Profile v2.0: PR.AT-01.01
CRI Profile v2.0: PR.AT-01.02
CRI Profile v2.0: PR.AT-01.03
CRI Profile v2.0: PR.AT-01.04
CSF v1.1: PR.AT-1
CSF v1.1: PR.AT-3
CSF v1.1: RS.CO-1
CoP: C3
CoP: C4
ISO/IEC 27001:2022: Mandatory Clause: 7.3
ISO/IEC 27001:2022: Annex A Controls: 6.3
NICE Framework: IO-WRL-007
NICE Framework: OG-WRL-002
NICE Framework: OG-WRL-003
NICE Framework: OG-WRL-004
NICE Framework: OG-WRL-005
OWASP Top 10 LLM Applications: LLM01-2025
OWASP Top 10 LLM Applications: LLM02-2025
OWASP Top 10 LLM Applications: LLM09-2025
PCI DSS: 12.6.1
PCI DSS: 12.6.3
SCF: SAT-02
SCF: SAT-03
SCF: SAT-03.6
SP 800-171 Rev 3: 03.02.02
SP 800-221A: GV.CT-3
SP 800-221A: GV.RR-2
SP 800-53 Rev 5.1.1: AT-02
SP 800-53 Rev 5.1.1: AT-03
SP 800-53 Rev 5.2.0: AT-02
SP 800-53 Rev 5.2.0: AT-03
SP 800-81r3: 4.2.1.2
SSDF: PO.2.2

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).