For agencies and contractors that work under the U.S. Department of Defense (DoD), preventing data breaches and cyberattacks is a matter of national security. Given that even the most robust technological defenses can be undermined by simple human error, the DoD puts considerable importance on cybersecurity awareness training. Parties entrusted with handling classified information must complete a security awareness refresher course every year.
Why? With 82% of data breaches related to security weaknesses caused by humans, it makes good sense to give soldiers, contractors, and other DoD employees the skills to become more aware of potential cyber threats. The DoD’s mandatory annual refresher ensures the integrity, availability, and confidentiality of critical information systems and networks necessary for national defense operations.
If your organization does work for the DoD involving classified materials, you’re never too far from the next annual security awareness refresher. Let’s look at what this course entails and how to prepare yourself.
What is the DoD Annual Security Awareness Refresher?
The annual security awareness refresher is a requirement in the Department of Defense Manual. It’s a course intended to reinforce the policies and procedures workers would have received during their initial training.
The refresher covers the threats and methodologies employed by foreign intelligence agencies, the penalties for unauthorized disclosures of classified information, and any changes to policies or the threat landscape that may have occurred since the last refresher.
For information system users, cybersecurity training is a required element of the refresher, and for good reason. Threats in the digital realm are always evolving, and it’s vital for personnel to be informed, vigilant, and understand their roles and responsibilities when protecting sensitive information and critical national security assets from cyberattacks.
Proper training can foster a culture of cybersecurity awareness and resilience throughout the entire organization.
Who is the DoD Annual Security Awareness Refresher for?
The annual security awareness refresher course is required for all civilian workers, military members, and on-site contractors who handle classified information or controlled unclassified information (CUI) for the DoD. CUI includes documents marked “for official use only” and “law enforcement sensitive,” as well as personally identifiable information (PII).
What is classified information?
According to the DoD’s National Industrial Security Program Operating Manual, classified information is any information that has been determined (pursuant to Executive Order 13526, any predecessor or successor orders, or the Atomic Energy Act of 1954) to require protection against unauthorized disclosure in the interests of national security, and has been designated and marked as such by a classification authority.
What is the DoD Policy on cybersecurity awareness training?
The DoD has a four-point policy concerning security training, including cybersecurity awareness training:
- “The DoD will develop and maintain security education, training, and certification programs.
- All security education, training, and certification programs will be technically sound and support DoD missions.
- Security education, training, and certification will be funded and provided to meet DoD security training requirements.
- All security education, training, and certification for service members will be implemented in accordance to [DoD Directive 1322.18].”
Where can I find the DoD Annual Security Awareness Refresher?
The official DoD Annual Security Awareness Refresher is offered as an eLearning course by the Center for Development of Security Excellence (CDSE), a directorate within the DoD’s Defense Counterintelligence and Security Agency.
The course includes two tests, which must be passed with a score of 75% or higher to receive a certificate of completion. The course may be repeated as many times as needed.
What are the 5 main topics the DoD Annual Security Awareness Refresher covers?
The course covers the following topics:
- Personnel Security – The guidelines for assigning security clearances for DoD employees and contractors
- Information Security – Reviews the definitions of classified information and CUI, and the proper methods for labeling, storage, protection, transportation, and destruction
- Physical Security – Discusses safeguarding of equipment, facilities, and human personnel
- Operations Security – The best practices for day-to-day activity
- Foreign Travel – How foreign travel (official and unofficial) needs to be managed and reported
7 Ways to Prepare for the DoD Annual Security Awareness Refresher
1. Review the Course Materials
The CDSE provides online resources, including a student guide, glossary, policy documents, standard forms, and links to relevant laws, regulations, and DoD manuals. These materials directly specify the requirements and objectives of the course. The more familiar you are with them, the more likely you’ll be able to pass on the first try.
2. The CDSE’s Security Education and Training Awareness Toolkit
In addition to providing course-specific materials, the CDSE offers a toolkit for anyone responsible for providing education and training to their organizations. The toolkit includes information and resources for developing a security awareness program, giving briefings, creating security awareness materials, raising awareness, and deepening your own knowledge.
3. Alternative DoD Security Courses
One of the resources in the CDSE’s SETA Toolkit is a link to their online Developing a Security Education and Training Program eLearning class. Taking a course like this (which covers the policy requirements for DoD workers) will help you prepare for the required annual refresher and teach you valuable strategies that you can put to work within your organization. You can also review their list of offered courses to find others that might apply to your security needs.
4. Provide Your Organization with Cybersecurity Awareness Training
Everyone in your organization taking the annual security awareness refresher course will benefit from education on the best practices for identifying, preventing, and reporting phishing attempts and other cyberattacks.
A training platform like CybeReady is an easy and effective way to deliver engaging, organization-wide security awareness training to build a resilient security culture while helping you prepare for the refresher course.
5. Drill Yourself with Flashcards
Breaking the essential subject matter down into organized topics or a set of questions and answers is still a highly effective way to absorb and retain information. You can make your own or use flashcards that are published online.
6. Search for Online Resources
The DoD is one of the largest employers in the federal government, so you’re not alone in having to take annual security awareness refreshers. You can look for study guides and slideshows prepared by other organizations, which can give you fresh and accessible perspectives in addition to the official resources provided by CDSE.
7. Refer Back to Your Initial Orientation
It’s time to break out any notes, documents, or resources from your first training on the secure handling of classified information and CUI. They can still come in handy to prepare you for the refresher. While there are likely to have been changes to the threat landscape since then (such as AI security risks), the basic definitions and regulatory obligations will remain the same.
Cybersecurity Awareness is the Best Defense
While the DoD Annual Security Awareness Refresher may be mandatory, it’s a good idea to look at it as an opportunity to reacquaint yourself with the threats your organization is dealing with and ensure that you’re following the most effective, up-to-date strategy for protecting its data and assets.
Your first line of defense will always be the individuals whose responsibility is to recognize and fend off phishing and other common cyber attacks that target them. With CybeReady, you can provide staffers with accessible, insightful training modules, simulations, and reporting tools proven to get results.
Book a demo to discover how CybeReady can enhance your organization’s security awareness and preparedness.
