PR.AT-1

All users are informed and trained

Protect · Awareness and Training

Semi-Automated

Compliance Score

40%

Non-Compliant

Documentation Maturity

2/ 5

Target: 2.5

Implementation Maturity

2/ 5

Target: 2.5

Control Description

Employees receive cybersecurity awareness training appropriate to their roles. Training covers phishing, password security, data handling, and incident reporting.

Microsoft Graph API Endpoints Used

GET /security/attackSimulation/simulations

Required Permissions

AttackSimulation.Read.All

Findings (1)

8/20 items compliant

Severity	Finding	Recommendation
high	Improvement needed: All users are informed and trained Current implementation does not fully meet the requirements of PR.AT-1.	Implement annual cybersecurity awareness training for all employees. Run regular phishing simulations using Microsoft Attack Simulation Training. Provide role-specific training for IT staff and management. Track completion rates.

Severity

Finding

high

Improvement needed: All users are informed and trained

Current implementation does not fully meet the requirements of PR.AT-1.

Remediation Guidance

Implement annual cybersecurity awareness training for all employees. Run regular phishing simulations using Microsoft Attack Simulation Training. Provide role-specific training for IT staff and management. Track completion rates.