Federal Cybersecurity Role-Based Training Approaches, Successes, and Challenges

Most United States federal government organizations are required to conduct cybersecurity role-based training for federal government personnel and supporting contractors who are assigned roles having security and privacy responsibilities. Despite the training mandate, there has been little prior effort to look broadly across federal organizations to see how they are implementing these training activities and what issues they are experiencing. This lack of understanding may be hindering the development of improvements and resources for training activities. To address this gap, the Usable Cybersecurity team at the National Institute of Standards and Technology conducted a research study consisting of focus groups and a survey to gain insights into the approaches of and challenges faced by federal organizations when implementing role-based training activities. This paper reports the results of the study and suggests actions that organizations can take to improve federal role-based training activities.