Insider Threat Training Program Toolkit for Federal (DoD) Contractors

One of the biggest challenges facing any organization today – regardless of industry, size or sector – is combatting the growing threats from the inside. A strict requirement for federal contractors - including DoD contractors - is developing and implementing a comprehensive insider threat program.

Per the Center for Development of Security Excellence, the premier provider of security education and training for the DoD and industry under the National Industrial Security Program (NISP), “Insider Threat Programs are designed to deter, detect, and mitigate actions by insiders who represent a threat to national security.”

Reporting Requirements

Per the DoD ISL 2016-02, NISPOM 1-202 requires the contractor to establish and maintain an insider threat program that will gather, integrate, and report relevant and available information indicative of a potential or actual insider threat.

Additionally, per NIST SP 800-53, rev. 5, PM-12, organizations are to “Implement an insider threat program that includes a cross-discipline insider threat incident handling team.” Additionally, “Organizations that handle classified information are required, under Executive Order 13587 [EO 13587] and the National Insider Threat Policy [ODNI NITP], to establish insider threat programs.”

And per Executive Order 13587, organizations are to “...implement an insider threat detection and prevention program consistent with guidance and standards developed by the Insider Threat Task Force established in section 6 of this order…”.

Key Elements of a Successful Insider Threat Program

• You need to designate a senior official as the person responsible for the overall program.
• You need to identify employees that can act as program personnel.
• And naturally, you need to provide comprehensive training and awareness on the very topic of insider threats.
• And while all organizations are inherently different in what they do from a business perspective, they all share common challenges with regards to insider threats - all the more reason for developing a program that truly fits your needs.
• Additionally, as part of your insider threat program, you need to have in place monitoring measures relating to user activities, and much more.
• You’ll also need to integrate the program into your organization, and also provide not only comprehensive training, as mentioned earlier, but also continuous, regularly scheduled training for all employees.

How to Get Started

Start by downloading our world-class NIST RMF Security and Privacy Policies and Procedures templates at the Arlington Security Portal (ASP), which includes access to our Insider Threat Toolkits for both DoD & cleared contractors and non-DoD contractors. All of our documents are developed in accordance with NIST SP 800-53 control families, along with other supporting publications and guidelines within the broader federal agency apparatus.

How Arlington Can Help

We have years of experience working within the broader federal agency apparatus in helping federal contractors develop high-quality, well-written, policies and procedures and additional NIST RMF information security and privacy materials. Our NIST RMF information security and privacy policies, procedures, programs, and plans have been used by thousands of federal contractors in helping organizations develop customized documentation for their growing security and compliance needs.

About Arlington

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Learn more at arlingtonintel.com.