Section



[Code of Federal Regulations]
[Title 5, Volume 2]
[Revised as of January 1, 2004]
From the U.S. Government Printing Office via GPO Access
[CITE: 5CFR930.302]

[Page 579-580]
 
                    TITLE 5--ADMINISTRATIVE PERSONNEL
 
          CHAPTER I--OFFICE OF PERSONNEL MANAGEMENT (CONTINUED)
 
PART 930_PROGRAMS FOR SPECIFIC POSITIONS AND EXAMINATIONS (MISCELLANEOUS)
--Table of Contents
 
  Subpart C_Employees Responsible for the Management or Use of Federal 
                            Computer Systems
 
Sec. 930.302  Training requirement.

    The head of each agency shall identify employees responsible for the 
management or use of computer systems that process sensitive information 
and provide the following training (consult ``Computer Security Training 
Guidelines,'' NIST Special Publication 500-172 \1\, for more detailed 
information) to each of these groups:
---------------------------------------------------------------------------

    \1\ Copies may be ordered from the Superintendent of Documents, U.S. 
Government Printing Office, Washington, DC 20402-9325.
---------------------------------------------------------------------------

    (a) Executives shall receive awareness training in computer security 
basics, computer security policy and procedures, contingency planning, 
and systems life cycle management; and policy level training in security 
planning and management.

[[Page 580]]

    (b) Program and functional managers shall receive awareness training 
in computer security basics; implementation level training in security 
planning and management, and computer security policy and procedures; 
and performance level training in contingency planning and systems life 
cycle management.
    (c) IRM, security, and audit personnel shall receive awareness 
training in computer security basics; and performance level training in 
security planning and management, computer security policies and 
procedures, contingency planning, and systems life cycle management.
    (d) ADP management and operations personnel shall receive awareness 
training in computer security basics; and performance level training in 
security planning and management, computer security policies and 
procedures, contingency planning, and systems life cycle management.
    (e) End users shall receive awareness training in computer security 
basics, security planning and management, and systems life cycle 
management; and performance level training in computer security policies 
and procedures, and contingency planning.