Friday, January 20, 2017

Insider Threat Program Results

The first part of the template demonstrates outlines the purpose, policies, and demonstrates the contractor understands the ITP requirements.  The organization identifies themselves by name and lists the responsibilities of the ITP and positions within that organization. The remainder of the plan should spell out the ITP logistics:

A. Written designation of ITPSO.

B. The ITPSO responsibilities as addressed in NISPOM Change 2. Responsibilities include:
·         Self-certify the Insider Threat Program Plan in writing to DSS (Suspense has passed).
·         Provide copies of the Insider Threat Plan upon request and will make the plan available to the DSS.
·         Establish an Insider Threat Program based on the organization’s size and operations.
·         Provide Insider Threat training for Insider Threat Program personnel and awareness for cleared employees.
·         Demonstrate user activity monitoring on classified information systems in order to detect activity indicative of insider threat behavior.
·         Produce procedures to access, gather, integrate, and provide for reporting of relevant and credible adverse information across the contractor.
·         Demonstrate system or process to identify patterns of negligence or carelessness in handling classified information.
·         Conduct and document self-inspections of the Insider Threat Program.
·         Oversee the collection, analysis, and reporting of information across the company to support the identification and assessment of insider threats.
·         Provide proof of implementing and documenting all ITP assessments and reports to the Senior Management.

C. Insider Threat Training.
·         Provide documentation of ITPSO Training completed by November 30, 2016 and within for recently appointed ITPSO within 30-days of being assigned responsibilities.
·         ITP Personnel Training.
o   Provide to all contractor personnel assigned ITP duties within 30-days of being assigned duties and refresher training each year as long as they continue to serve.
o   Provide insider threat awareness training to all cleared employees before being granted access to classified information, prior to May 31, 2017, and each year as long as they maintain their clearance.
o   Incorporate Insider Threat Awareness into annual refresher training

D. Insider Threat Training Records Management.
·      Maintain training attendance records, certificates, or other documentation that verify completed initial and refresher training for review during DSS security vulnerability assessments.

E.  Insider Threat Reporting Requirements. Develop reporting requirements that capture:
·         Adverse information regarding cleared employees.
·         Suspicious contacts
·         Actual, probable or possible espionage, sabotage, terrorism, or subversive activities at any of its locations
·         Information determined to be any possible or potential successful penetration of a classified information system

You may notice that the above summarization follows the DSS Template, requirements in the NISPOM Change 2, pattern in the Self-Inspection Handbook for NISP Contractors, and other resources. Though not required in particular format, the information DSS is looking for remains consistent. Using the above format may suffice with proper documentation of compliance. Refer to the strategically placed hyperlinks for NISPOM, publications, and downloadable training that can help meet NISPOM and DSS requirements.

No comments: