NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Building a Cybersecurity and Privacy Learning Program

Published

Author(s)

Marian Merritt, SUSAN HANSCHE, BRENDA ELLIS, Julie Nethery Snyder, KEVIN SANCHEZ-CHERRY, DONALD WALDEN

Abstract

This publication provides guidance for federal agencies and organizations to develop and manage a life cycle approach to building a Cybersecurity and Privacy Learning Program (CPLP). The approach is intended to address the needs of large and small organizations as well as those building an entirely new program. The information leverages broadly accepted standards, regulations, legislation, and best practices. The recommendations are customizable and may be implemented as part of an organization-wide process that manages awareness, training, and education programs for a diverse set of federal employee audiences. The program should encourage behavior change as part of risk management and lead to developing a privacy and security culture in the organization. The guidance also includes suggested metrics and evaluation methods to regularly improve and update the program as needs evolve.
Citation
Special Publication (NIST SP) - 800-50r1
Report Number
800-50r1
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.SP.800-50r1
Local Download

Keywords

awareness, behavior change, cybersecurity, education, learning program, privacy, privacy culture, role-based, security culture, training.
Cybersecurity and privacy, Information technology and Cybersecurity education and workforce development

Citation

Merritt, M. , HANSCHE, S. , ELLIS, B. , Nethery Snyder, J. , SANCHEZ-CHERRY, K. and WALDEN, D. (2024), Building a Cybersecurity and Privacy Learning Program, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-50r1, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=958397 (Accessed October 13, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created September 12, 2024, Updated August 29, 2025
Was this page helpful?