Developer-provided training applies to external and internal (in-house) developers. Training personnel is essential to ensuring the effectiveness of the controls implemented within organizational systems. Types of training include web-based and computer-based training, classroom-style training, and hands-on training (including micro-training). Organizations can also request training materials from developers to conduct in-house training or offer self-training to organizational personnel. Organizations determine the type of training necessary and may require different types of training for different security and privacy functions, controls, and mechanisms.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| SA-16 | Developer-provided Training | Protects | T1078 | Valid Accounts |
| SA-16 | Developer-provided Training | Protects | T1078.001 | Default Accounts |
| SA-16 | Developer-provided Training | Protects | T1078.003 | Local Accounts |
| SA-16 | Developer-provided Training | Protects | T1078.004 | Cloud Accounts |
| SA-16 | Developer-provided Training | Protects | T1574.002 | DLL Side-Loading |