T7.2.2 - DEVELOPER-PROVIDED STRATEGY Implementation Guidance
The entity shall require the developer of the information system, system component, or information system service to provide the trainings needed.
Back to T7.2.2 - DEVELOPER-PROVIDED STRATEGY
This control applies to external and internal (in-house- developers). Training of personnel is an essential element to ensure the effectiveness of security controls implemented within organizational information systems. Training options include, for example, classroom-style training, web-based/computer-based training, and hands-on training. Entities can also request sufficient training materials from developers to conduct in-house training or offer self-training to organizational personnel. Entities determine the type of training necessary and may require different types of training for different security functions, controls, or mechanisms.
