What does CMMC practice AT.L2‑3.2.3 require for mitigating insider threats?

CMMC practice AT.L2-3.2.3 focuses on mitigating insider threats through the implementation of security awareness training for employees. This practice recognizes that employees are often the first line of defense against security threats, including those originating from within the organization. By providing security awareness training, organizations can educate their workforce about recognizing potential threats, understanding security protocols, and promoting a culture of security.

This training helps employees to identify suspicious activities, understand the importance of safeguarding sensitive information, and encourages them to report any concerns. An informed and vigilant employee base is critical in mitigating risks that may arise from insider threats, which can include intentional or unintentional actions that compromise the organization's security posture.

While the other choices may play a role in an organization's overall security strategy, they do not specifically address the requirement set forth in AT.L2-3.2.3 to enhance employee awareness and engagement in security practices.