Pre-Draft Call for Comments | Incorporating Privacy in Awareness and Training

To help organizations incorporate privacy into their security awareness and training regimes, NIST plans to revise SP 800-50, Building an Information Technology Security Awareness and Training Program. In the nearly two decades since SP 800-50 was published in 2003, cybersecurity awareness and training resources, methodologies, and requirements have evolved considerably—and new guidance to inform this work has come from Congress and the Office of Management and Budget.  

Prior to drafting the update, NIST is seeking public comment on several topics, including the potential consolidation of companion document SP 800-16, Information Technology Security Training Requirements: A Role- and Performance-Based Model, into the revised SP 800-50. The proposed title for SP 800-50 Revision 1 is Building a Cybersecurity and Privacy Awareness and Training Program. Comments are due by November 5, 2021. 

Your public comments will be used to influence future drafts, including an Initial Public Draft of the update which is scheduled to be released in early 2022 as SP 800-50 Revision 1.