misuse of information technology systemsĬONTRACTORS MUST HAVE A WRITTEN PLAN IN PLACE TO BEGIN IMPLEMENTING INSIDER THREAT REQUIREMENTS NO LATER THAN NOVEMBER 30, 2016.Ĭontractors must establish and maintain a program that is consistent with Executive Order 13587: Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information and the National Insider Threat Policy (Minimum Standards for Executive Standards for Executive Branch Insider Threat Programs).Īccording to Executive Order 13587, " This order directs structural reforms to ensure responsible sharing and safeguarding of classified information on computer networks that shall be consistent with appropriate protections for privacy and civil liberties.emotional, mental, and personality disorders.The adjudicative guidelines are described in Title 32, National Defense, Code of Federal Regulations, and include NISPOM Appendix C defines a "contractor" as "any industrial, educational, commercial, or other entity that has been granted a facility security clearance (FCL) by a Cognizant Security Agency (CSA)." If you are an entity that fits this description, you are affected by these requirements. With the implementation of this change, contracting organizations will need to build an insider threat program to (as taken from the Insider Threat Industrial Security Letter) "gather, integrate, and report relevant and credible information covered by any of the 13 personnel security adjudicative guidelines that is indicative of a potential or actual insider threat to deter cleared employees from becoming insider threats detect insiders who pose a risk to classified information and mitigate the risk of an insider threat."
I suggest you visit the Industry Insider Threat Information and Resources page on the DSS website. The Defense Security Service (DSS) has done a great job of providing policy and guidance documents, resource documents, training material, and toolkits to assist in meeting the requirements to build an insider threat program.
The intent of this blog post is to describe the summary of changes required by Change 2 and the impact it will have on contracting organizations. On May 18, 2016, the DOD published Change 2 to DoD 5220.22-M, "National Industrial Security Operating Manual (NISPOM)," which requires contractors to establish and maintain an insider threat program to detect, deter, and mitigate insider threats.
0 kommentar(er)
