Office of the Chief Information Officer

United States Department of Agriculture

Departmental Regulation 3545-001

Office of the Chief Information Officer


Information Security Awareness and Training Policy


a. This Departmental Regulation (DR) establishes the policy of the United States Department of Agriculture (USDA) for meeting the laws, regulations, and standards of a comprehensive information security awareness and training program.

b. This DR addresses guidance issued by the Office of Management and Budget (OMB), the National Institute of Standards and Technology (NIST), and the Federal Information Security Management Act (FISMA) of 2002 requiring Federal agencies to design, develop, document, and implement an agency-wide information security awareness training program.

c. It is the policy of USDA to comply with Federal requirements to establish, implement, and support an Information Security Awareness Training program. The Department confirms the commitment of its management to comply with the authorities mandating and governing Security Awareness Training.


This policy applies to all USDA agencies and staff offices, employees, contractors, partners, and volunteers working for or on behalf of the USDA that require access to sensitive USDA information, information systems, or are otherwise directed by Federal guidance to comply with this training requirement.