National Counterintelligence and Security Center


NCSC is transforming its workforce and capabilities through strategic hiring and implementation of its professional development strategy. Through these efforts, NCSC will retain current talent and acquire new skills necessary to lead the nation's counterintelligence and security efforts to counter the foreign intelligence threat. NCSC has rotational opportunities for current federal civilian personnel that are interested in working in our dynamic and diverse organization.

Assessment Icon  NITTF Assessments


Executive Order (E.O.) 13587 and the National Insider Threat Policy directs the NITTF to conduct ‘’independent assessments of the adequacy of agency programs to implement established policies and minimum standards’’ and to report the results to the Steering Committee. It directs U.S. executive branch departments and agencies (D/As) to ‘‘provide information and access…to enable independent assessments.’’ The National Insider Threat Policy also requires the NITTF to conduct assessments to determine the level of organizational compliance with the Policy and Minimum Standards. All executive branch D/As that possess national security information or own or operate a classified network are subject to independent assessments.


An independent assessment is an integral part of the NITTF’s mission to assist D/As in establishing their insider threat programs. It provides a D/A with an outside view of its progress in implementing the Insider Threat Minimum Standards, identifies best practices the D/A has incorporated into its insider threat program, and makes recommendations in the areas where the NITTF assesses there is still work to be done to meet a Minimum Standard. These recommendations provide a guide for the D/A to focus its efforts towards reaching full operating capability—implementing all of the Minimum Standards. Recommendations in an independent assessment also provide a roadmap for the NITTF to provide tailored assistance to the D/A. Individual D/A independent assessment reports are shared only with D/A insider threat officials; for DoD components, the individual assessment reports are also shared with USD(I), as the Department’s Designated Senior Official.


If you are a Designated Senior Official or Program Manager for your Insider Threat Program, you may contact the NITTF to discuss scheduling an assessment.


Insider Threat Program Maturity Levels:

 NITTF Program Maturity Levels


Insider Threat Minimum Standards by Category:

 NITTF Minimum Standards Category


 NITTF Minimum Standards Category

Traits of Fully Operational Insider Threat Program


NITTF Logo Long Thin

Assistance Icon  NITTF Outreach


Executive Order (E.O.) 13587 and the National Insider Threat Policy direct the NITTF to assist departments and agencies (D/A) in developing, implementing, and improving their Insider Threat Programs. The assistance effort is a collaborative process between the NITTF and the individual D/A. Through the assistance program, NITTF subject matter experts provide expertise, guidance, and advice on how best to achieve the Minimum Standards required for all insider threat programs. All components of the NITTF help facilitate the assistance mission in order to aid the executive branch D/As in meeting the requirements of E.O. 13587.


The NITTF Liaison Team is a critical part of the assistance program. Liaison Team members work directly with individual Federal Partners and select Department of Defense components. They provide direct assistance to insider threat program managers and personnel and help identify common solutions to common problems that are present across the enterprise. The Liaison Team also serves as an intermediary between D/As and the NITTF, helping identify task force resources, such as training or technical assistance, that may be beneficial to insider threat programs.


The NITTF Technical Team is a vital component of the NITTF through its infusion of specialized expertise into other NITTF teams/work-streams as well as its development of effective and cost-effective technical solutions for the insider threat community. The Technical Team provides tailored assistance to inside threat programs spanning the IC, DoD, and NT-50 Federal Partners focusing on User Activity Monitoring (UAM), insider threat data integration and analysis, automated case management, Enterprise Audit Management (EAM), and other technical capabilities. The Technical Team also brokers classified network provider/subscriber relationships across the USG, maintains awareness of the vendor marketplace to identify tools and best practices, provides input to national-level policy frameworks, and explores solutions for emerging technical trends and vulnerabilities.


NITTF Logo Long Thin

News Events Icon   NITTF News & Events


As a collaboration service to the Insider Threat Community, this section serves a bulletin board for upcoming NITTF and other D/A events of interest. Please check here periodically for newly posted information that may be of assistance.  The NITTF is open to post information about events of interest to the Insider Threat community that other agencies sponsor to ensure maximum visibility.


The NITTF News and Events section contains open source content on insider threat and its related topics such as continuous evaluation, espionage, unauthorized disclosures, and user activity monitoring amount others.  Providing this open source information is neither an endorsement by nor reflection of the opinions of the NITTF.


Upcoming Events:




Contact the NITTF at This email address is being protected from spambots. You need JavaScript enabled to view it. if you have any questions.


NITTF Logo Long Thin

Products Services Icon NITTF Resource Library


As part of its assistance mission, the NITTF works within the Insider Threat community to identify best practices, policy templates, and guidance to assist in the development of Insider Threat Programs and Insider Threat Training.  Please check here periodically for newly posted information that may be of assistance.


As needed, the NITTF publishes advisories and directives, the former serve to inform, instruct, or guide and the latter to establish a policy, assign responsibilities or define objectives to be followed. In addition, NITTF has fostered the development and publication of policy and programmatic tools such as the Insider Threat Program Cost Model, the Insider Threat Security Classification Guide, and the Guide to Accompany the National Insider Threat Policy and Minimum Standards.


NITTF Produced Guides & Templates:


NITTF Directives & Advisories:

  • NITTF Advisory 2017-01: Insider Threat Competency Resource Guide (Unclassified)
  • NITTF Clarification of Enterprise Audit Management (EAM), User Activity Monitoring (UAM), Continuous Monitoring, and Continuous Evaluation Memorandum*
  • NITTF Insider Threat Awareness Training Directive*
  • NITTF Computer Banner Language Advisory*
  • NITTF Data Mining Reporting Advisory*
  • NITTF Legal Guidance Advisory*
  • NITTF Records Management Advisory*


NITTF Collaboration Efforts:

As part of the NITTF’s focus on assisting the executive branch with meeting the minimum standards, the NITTF has partnered with D/As to develop solutions to visualize complex data at no cost, provide a GOTS case management tool to D/As insider threat programs, and have assisted classified network providers with developing written data sharing agreements to meet minimum standard requirements.


        * This material is For Official Use Only, and has not been approved for public release.  Please contact the NITTF if you have an official need for this item.


NITTF Logo Long Thin

National Counterintelligence and Security Center