NIST Special Publication 800 NIST SP 800-171r3

The Security Requirements

03.02.01: Literacy Training and Awareness

Organizations provide basic and advanced levels of security literacy training to system users (including managers, senior executives, system administrators, and contractors) and measures to test the knowledge level of users…

03.02.02: Role-Based Training

Access control policies control access between active entities or subjects (i.e., users or system processes acting on behalf of users) and passive entities or objects (i.e., devices, files, records, domains) in organizational systems…

03.02.03: Withdrawn

Incorporated into 03.02.01.