NIST plans to revise NIST Special Publication 800-50, Building an Information Technology Security Awareness and Training Program. In the nearly two decades since SP 800-50 was published in 2003, cybersecurity awareness and training resources, methodologies, and requirements have evolved considerably—and new guidance to inform this work has come from Congress and the Office of Management and Budget.
Prior to drafting the update, NIST is seeking public comment on several topics, including how to help organizations include privacy awareness and training in addition to security and the potential consolidation of companion document SP 800-16, Information Technology Security Training Requirements: A Role- and Performance-Based Model, into the revised SP 800-50. The proposed title for SP 800-50 Revision 1 is Building a Cybersecurity and Privacy Awareness and Training Program. Comments are due by November 5, 2021.