Insider Threat Monitoring Rules for Federal Contractors
Reminder that your must certify to DSS that your company has appointment an Insider Threat Program by Today – November 30, 2016. All Federal contractors holding facility clearances face new insider threat monitoring rules that will require them to gather, integrate, and report relevant and available information indicative of a potential or actual insider threat. “This is a step in the right direction,” said Raj Ananthanpillai, in an interview with the Wall Street Journal. “Change 2” to the National Industrial Security Program Operating Manual (NISPOM) is set to take affect November 30, 2016.
Here are some of the changes that contractors will be required to make:
- Appoint an Insider Threat Program Senior Official (ITPS) who is a senior official and a U.S. citizen with appropriate clearance.
- Ensure that contractor program personnel assigned insider threat program responsibilities complete training in counterintelligence and security fundamentals, procedures for conducting insider threat response actions, applicable laws and regulations regarding the gathering, integration, retention, safeguarding, and use of records and data, including the consequences of misuse of such information, and applicable legal civil liberties, and privacy policies.
- Review, among other things, the contractor’s insider threat program, during its self-inspections.
- Report information that may indicate an employee poses an insider threat.
- Implement security protection measures for contractor information systems that are used to capture, create, store, process, or distribute classified information, in accordance with guidance issued by the cognizant security agency, including tools or capabilities to monitor ser activity on classified information systems in order to detect activity indicative of insider threat behavior.
Other highlights from “Change 2” include:
- Self-Inspections. In addition to requiring contractors to perform periodic self-inspections of their overall security program, they now will be required to prepare a formal report describing the self-inspection, its findings, and the resolution of any issues found.
Reporting of Cyber Incidents. Cleared Defense Contractors must report immediately any cyber incident involving their covered information systems that have been approved to process classified information.
Information System Security Program. Contractors must maintain a classified information system security program that incorporates a risk-based set of management, operational, and technical controls.
According to the Wall Street Journal article, these changes will not be hard for big defense firms, but they could prove to be costly for small- to medium-sized firms.
If you need assistance with your Insider Threat Implementation plan, please do not hesitate to contact Security First & Associates
www.securityfirstassociates.com
Sources: