The Interagency Guidelines Establishing Information Security Standards as per Gramm-Leach-Bliley Act (GLBA) of 2001 require each financial institution to have a comprehensive written information security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the institution and the nature and scope of its activities. NIST Special Publication 800-50, Building An Information Technology Security Awareness and Training Program, provides guidance for building an effective information technology (IT) security program.”]
Source: https://www.cuinfosecurity.com/focus-on-information-security-training-awareness-a-376