Insider Threat Program and NISPOM Conforming Change #2

Insider Threat Traininginsider-threat

As you may or may not know, the new NISPOM has been released containing conforming change #2.  This has to do with the Insider Threat Program that is now required to be established at your facility.  In a nutshell this is what it means to you as my client.

The Purpose of the Insider Threat Program according to Executive Order 13587 is to “Deter, Detect, and Mitigate” insiders that could cause damage to national security and your company.  How “we” in industry do this to meet the minimum standards is:

  1. Assign a Senior Official in your Company as the Insider Threat Official. (More than likely will be the FSO, sorry FSO’s)
  2. Organize a Work Group to work together on Insider Threat. Your security consultant would be appropriate along with but not limited to or required:
    1. An HR Rep
    2. An IT Rep
    3. If you are a small company, it could be just your CEO/FSO and your JPAS Consultant
  3. Work Group required to have specific training. The following should meet these requirements. (I have these)

    1. Establishing an Insider Threat Program for your Organization (CI122.16) (1 hr)
    2. Integrating CI & threat Awareness into your Security Program
  4. Annual Training for your Cleared Employees to meet Insider threat requirements.
  5. Establish a Insider Threat Policy to outline your companies actions in these cases.  

Learn how your business can stay compliant with the Insider Threat training.