Which control focuses on maintaining records of personnel security training?

Maintaining records of personnel security training sits in the Awareness and Training family of controls. This specific control requires the organization to document and keep records showing who has completed security training, what training was done, when it occurred, and by whom. Keeping these records ensures accountability and helps verify that staff stay current with security requirements, which is essential for ongoing FISMA compliance and effective risk management. Other controls address different areas: Configuration Change Control is about approving and tracking changes to system configurations, not training documentation. System Interconnections concerns how systems are connected and the agreements governing those connections. Vulnerability Scanning focuses on identifying and addressing security weaknesses. None of these center on maintaining training records, so they fit the scenario less well.