Pick a framework (optional)

The moment you created the client, we assigned Security Awareness Foundations automatically — our NIST-aligned baseline curriculum covering phishing, password hygiene, social engineering, safe web browsing, and the core topics every employee should be trained on. We maintain the course list and update it as the catalog evolves, so you don’t have to pick courses individually.

For the majority of your clients, that’s the whole picture. There’s nothing for you to do in this step.

This step exists for the others — clients who also need compliance reporting against a specific standard. If your client falls into one of the following, head to Assign a compliance framework:

• HIPAA — healthcare providers and business associates.
• SOC 2 — service providers reporting against the AICPA trust criteria.
• PCI DSS — anyone handling cardholder data.
• Other standards — federal, financial, education, energy, AI, and more. The picker lists them by category.

Note

Foundations stays in place when you add another framework. The new framework layers on top — it doesn’t replace the baseline.

You’ll know it’s set up when

• Open the client and go to Training → Frameworks. Security Awareness Foundations is in the list of assigned frameworks for the client.

Related

• Assign a compliance framework — full walkthrough for adding HIPAA, SOC 2, PCI DSS, or any other framework.
• Tailor to your client — the post-onboarding settings that come before this step.