NIST CSF 2.0 · All Functions · PR Protect · PR.AT Awareness and Training

PR.AT-02

Individuals in specialized roles are provided with awareness and training so that they possess the knowledge and skills to perform relevant tasks with cybersecurity risks in mind

Implementation examples

Ex1: Identify the specialized roles within the organization that require additional cybersecurity training, such as physical and cybersecurity personnel, finance personnel, senior leadership, and anyone with access to business-critical data
Ex2: Provide role-based cybersecurity awareness and training to all those in specialized roles, including contractors, partners, suppliers, and other third parties
Ex3: Periodically assess or test users on their understanding of cybersecurity practices for their specialized roles
Ex4: Require annual refreshers to reinforce existing practices and introduce new practices

Mapped NIST 800-53 r5 controls (1)

AT-03

Mapped CWE weaknesses (4)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

CWE-1004→P CWE-1391→P CWE-200→P CWE-89→P

All informative references (49)

AI-SOC: AI-SOC-29
CCMv4.0: DCS-11
CCMv4.0: HRS-09
CCMv4.0: HRS-12
CCMv4.0: HRS-13
CCMv4.0: SEF-03
CCMv4.0: UEM-14
CIS Controls v8.0: 14.9
CIS Controls v8.1: 14.9
CRI Profile v2.0: PR.AT-02
CRI Profile v2.0: PR.AT-02.01
CRI Profile v2.0: PR.AT-02.02
CRI Profile v2.0: PR.AT-02.03
CRI Profile v2.0: PR.AT-02.04
CRI Profile v2.0: PR.AT-02.05
CRI Profile v2.0: PR.AT-02.06
CRI Profile v2.0: PR.AT-02.07
CRI Profile v2.0: PR.AT-02.08
CSF v1.1: PR.AT-2
CSF v1.1: PR.AT-3
CSF v1.1: PR.AT-4
CSF v1.1: PR.AT-5
CoP: C3
CoP: C4
ISO/IEC 27001:2022: Mandatory Clause: 7.3
ISO/IEC 27001:2022: Annex A Controls: 5.2
ISO/IEC 27001:2022: Annex A Controls: 6.3
NICE Framework: IO-WRL-007
NICE Framework: OG-WRL-002
NICE Framework: OG-WRL-003
NICE Framework: OG-WRL-004
NICE Framework: OG-WRL-005
OWASP Top 10 LLM Applications: LLM01-2025
OWASP Top 10 LLM Applications: LLM04-2025
OWASP Top 10 LLM Applications: LLM05-2025
PCI DSS: 6.2.2
PCI DSS: 12.10.4
PCI DSS: 12.10.4.1
SCF: SAT-03
SCF: SAT-03.6
SP 800-171 Rev 3: 03.02.02
SP 800-221A: GV.CT-3
SP 800-221A: GV.CT-4
SP 800-221A: GV.RR-2
SP 800-53 Rev 5.1.1: AT-03
SP 800-53 Rev 5.2.0: AT-03
SP 800-81r3: 4.2.1.2
SP 800-81r3: 5.2
SSDF: PO.2.2

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).