National Counterintelligence and Security Center

This section includes briefings that have been shared with the Insider Threat Community.  The briefings on this page have been cleared for public release and NITTF has received permission from the owner to place the briefing on this page.  If you would like information on any other briefings please contact the NITTF at This email address is being protected from spambots. You need JavaScript enabled to view it..


Name of Briefing Owner Date of Briefing

This section includes learning modules that have developed and shared by NITTF Partners and provides additional insider threat information and training to the Insider Threat Community.  For additional information please contact This email address is being protected from spambots. You need JavaScript enabled to view it..


20180516 Insider Threat Module

One of our Intelligence Community partners developed this training to address a variety of insider threat matters such as leaks, spills, espionage, sabotage, and targeted violence. Click on the image to access the module.


20180516 Mental Wellness Module


This mental wellness training was developed by the Office of Intelligence Community Equal Employment Opportunity and Diversity to explain challenges our workforce may endure if they are experiencing mental health issues. While there are times when behaviors of security concern overlap with mental disorders and require further review, the overwhelming reason for an employee to visit an agency’s Employee Assistance Program (EAP) is to have an objective, trained professional help sort out generally temporary and minor emotional problems. Click on the image to access the module.


NITTF Endorsed Workforce Training:

In addition to training tailored for your insider threat professionals, the Minimum Standards also require insider threat awareness training for the federal workforce. Many D/As have taken the initiative to develop their own training in line with the standards. For agencies without "in house" training for their workforce, the NITTF issued a directive in 2014 for federal agencies to use the Defense Security Service (DSS) Center for Development of Security Excellence (CDSE) web-based Insider Threat Awareness course. The DSS CDSE site is open to all government D/As, and certificates are available after course completion. Additional DSS CDSE training can be found at http://www.cdse.edu/catalog/insider-threat.html

This section of the resource library provides the Executive order that establishes the NITTF as well as additional information on key insider threat topics developed by NITTF.  For additional information please contact NITTF.


  • NITTF Advisory 2017-01: Insider Threat Competency Resource Guide (Unclassified) (PDF)
  • NITTF Clarification of Enterprise Audit Management (EAM), User Activity Monitoring (UAM), Continuous Monitoring, and Continuous Evaluation Memorandum*
  • NITTF Insider Threat Awareness Training Directive*
  • NITTF Computer Banner Language Advisory*
  • NITTF Data Mining Reporting Advisory*
  • NITTF Legal Guidance Advisory*
  • NITTF Records Management Advisory*

This section of the resource library provides guidance developed and produced by the NITTF, including the Any Given Day Video and the 2017 Insider Threat Guide.  For additional information please contact This email address is being protected from spambots. You need JavaScript enabled to view it..



NITTF Insider Threat Guide:

Note: The NITTF Insider Threat Guide was recently updated to correct reference errors from the original version. Click on the cover page to download. If you downloaded the original version, please refer to the Errata. The Errata shows the corrected reference errors from the original version.

insider threat guide

Protect Your Organization Guide:

NITTF Government Best Practice

Click document to download a copy

Any Given Day video:

Any Given Day Video

Any Given Day (VIDEO) is an 8-minute video that was produced to enhance insider threat education and awareness.  It highlights the balance between collecting information and privacy concerns, and presents a side of insider threat programs that is not often considered: protecting national security at the human level.  Executive Order 13587 focuses on safeguarding classified networks and classified information, but it's not just about information;  it's also about protecting people.  NITTF encourages inclusion of this video in your existing training plan for your workforce.

NITTF Technical


The NITTF Technical Team is a vital component of the NITTF through its infusion of specialized expertise into other NITTF teams/work-streams as well as its development of effective and cost-effective technical solutions for the insider threat community. The Technical Team provides tailored assistance to inside threat programs spanning the IC, DoD, and NT-50 Federal Partners focusing on User Activity Monitoring (UAM), insider threat data integration and analysis, automated case management, Enterprise Audit Management (EAM), and other technical capabilities. The Technical Team also brokers classified network provider/subscriber relationships across the USG, maintains awareness of the vendor marketplace to identify tools and best practices, provides input to national-level policy frameworks, and explores solutions for emerging technical trends and vulnerabilities.

National Counterintelligence and Security Center