Awareness & Training
Awareness and Training makes sure the people handling CUI actually know the risks and their own responsibilities. Technology fails when a well-meaning employee clicks the wrong link, so this family treats your team as part of the control set.
The 3 Awareness & Training requirements
9 assessment objectives across this family.
- 3.2.1Role-based Risk AwarenessEnsure that managers, system s administrators, and users of organizational systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedures related to the security of those systems.5 pt✕ POA&M
- 3.2.2Role-based TrainingEnsure that personnel are trained to carry out their assigned information security -related duties and responsibilities.5 pt✕ POA&M
- 3.2.3Insider Threat AwarenessProvide security awareness training on recognizing and reporting potential indicators of insider threat.1 pt
Build Awareness & Training, and all 14 families, with an officer
The Level 2 Accelerator walks all 110 requirements with you, generates your SSP, POA&M, and Audit Room from real evidence, includes the full Level 1 platform, and puts a credentialed officer alongside you for 180 days. Filed in 180 days, or we work free until you are.
No credit card. Phase 2 begins Nov 10, 2026, when applicable DoD solicitations start requiring a current Level 2 status to win the award.
Questions, answered
How many CMMC Level 2 requirements are in Awareness & Training?+
The Awareness & Training family (AT) has 3 of the 110 CMMC Level 2 requirements, assessed against 9 objectives from NIST SP 800-171A.
What is the Awareness & Training family about?+
Awareness and Training makes sure the people handling CUI actually know the risks and their own responsibilities. Technology fails when a well-meaning employee clicks the wrong link, so this family treats your team as part of the control set.