Version 2.2 (31 August 2020) of the Defense Counterintelligence and Security Agency Assessment and Authorization Process Manual (DAAPM) mentions the phrase "insider threat" fifteen times, and for good reason. It's well-known that cleared industry has strict requirements for implementing and maintaining an insider threat program.
The DAAPM also incorporates Insider Threat minimum requirements defined in the NISPOM, which are consistent with the requirements of Executive Order 13587, Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing of Classified Information, and the Presidential Memorandum, National Insider Threat Policy and Minimum Standards for Executive Branch Threat Programs.
As to specific requirements for cleared industry, the DAAPM states the following:
- Coordinating with the cleared contractor’s Facility Security Officer (FSO) and the cleared contractor’s Insider Threat Program Senior Official (ITPSO) to ensure insider threat awareness is addressed within the cleared contractor’s system security programs.
- Ensuring insider threat awareness is addressed within the cleared contractor’s security program.
- Coordinating and conducting periodic self-inspections related to the activity, information, system, and conditions of the overall security program, to include the insider threat program.
Download Insider Threat Toolkit Today
Cleared industry's solution for an Insider Threat Program is the Insider Threat Toolkit, available for immediate download at the Arlington Security Portal (ASP). Our Insider Threat Toolkit is an In-depth, comprehensive, professionally developed Insider Threat Program for developing, building, implementing, and maintaining an insider threat program as required for DoD & cleared contractors in industry.
The Insider Threat Toolkit is developed in accordance with NIST SP 800-53, Revision 5 (12-10-2020), DAAPM, CISA, DNI NITTF, and numerous other DoD related security control frameworks, where applicable.
- Insider Threat Program
- Insider Threat Training Manual
100 + NIST 800-53 Templates Available for Download for Cleared Industry
The solution for cleared industry is the Arlington Security Portal (ASP), an online repository of world-class, industry leading security and privacy policies & procedures, programs, plans – and other highly essential documents & templates developed specifically on NIST SP 800-53, Revision 5. eMASS services include the following:
- Scoping & Gap (i.e., Readiness) Assessments
- Remediation Services (Policy and Procedures writing)
- Remediation Services (Technical and Operational)
- System Security Plan (SSP) Development
- Completion of eMASS Export Control Spreadsheets
- Continuous Monitoring (ConMon) Services
We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®. Learn more at arlingtonintel.com.