OPM outlines four steps for IT security training

The Office of Personnel Management today outlined a four-step process for agencies to follow to ensure employees, contractors and others who access federal systems are adequately trained in IT security.

The final rule, effective today, requires agencies to develop an IT security training plan.


The plan should identify employees with significant cybersecurity responsibilities and provide role-specific training as detailed by the National Institute of Standards and Technology guidance. The rule said:

  • All users of agency systems must be exposed to security awareness materials at least annually.

  • Executives must receive training in IT security basics and policy level training in security and planning management.

  • Program managers, functional managers and IT functional and operations personnel must received training in IT security basics, management and implementation level training in security planning and system security management, application lifecycle management, risk management and contingency planning.

  • CIOs, IT security program managers, auditors and other security personnel, such as system and network administrators, must receive training in security basics and broad training in security planning, system and application security management, and system lifecycle, risk and contingency planning management.


Agencies also must provide all new employees training before granting them access to federal systems. Employees must be given refresher training as determined necessary by the agency based on the sensitivity of the information that the worker uses.

Departments also must provide new training whenever there is a significant change in the IT environment or procedures.

inside gcn

  • smart city (metamorworks/Shutterstock.com)

    Citizen engagement and public service in the era of the IoT

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group