How We Work

How We Work

This sections provides additional resources that have been developed by our various partners that provide additional information and resources to the Insider Threat Community. Resources include external links, briefings, and documentation.  NITTF would like to thank our partners for sharing their information with the Insider Threat Community.

 

Please click "Name of Resource" to view documents or website. 

 

Name of ResourceAuthor of ResourceResource Type
EPRM United States Air Force (USAF) PowerPoint Briefing

NOTE: Presentation was made during the NITTF Spring Forum in May 2018.

 

Name of ResourceAuthor of ResourceResource Type
Insider Threat Mitigation Department of Homeland Security (DHS) Website

NOTE: This website was developed by the department of Homeland Security to discuss the importance of mitigating insider threats.

 

Name of ResourceAuthor of ResourceResource Type
Planning and Response to an Active Shooter: An Interagency Security Committee Policy and Best Practices Guide Interagency Security Committee (DHS ISC) PDF Guide

NOTE: This guidance is designed to be applicable to all buildings and facilities in the United States occupied by Federal employees. Due to the nature of an active shooter event, this document contains guidance for all who might be involved, including law enforcement agencies, facility tenants, and the public.

 

Name of ResourceAuthor of ResourceResource Type

Insider Threat Awareness Course

Additional Training: http://www.cdse.edu/catalog/insider-threat.html

Defense Security Service (DSS) Center for Development of Security Excellence (CDSE) Online Training

NOTE: For agencies without "in house" training for their workforce, the NITTF issued a directive in 2014 for federal agencies to use the Defense Security Service (DSS) Center for Development of Security Excellence (CDSE) web-based Insider Threat Awareness course. The DSS CDSE site is open to all government D/As, and certificates are available after course completion.

 

* Materials listed below is for Official Use only and  has not been approved for public release. Please contact the NITTF if you have an official need for this item.

 

Name of ResourceAuthor of ResourceResource Type
*Civil Liberties and Privacy Training Federal Bureau of Investigation (FBI) Briefing

NOTE: The FBI Office of the General Counsel, Privacy and Civil Liberties Unit, prepared these slides to aid federal departments and agencies (D/As) in training insider threat personnel on civil liberties and privacy laws. NOTE: This training presentation, in and of itself, does not meet the minimum standards.  D/As may incorporate these into their own civil liberties and privacy training with added D/A-specific material from, and with the concurrence of, their general counsel.

 

Name of ResourceAuthor of ResourceResource Type
*OMBs Role in Federal Cybersecurity Risk Management Office of Management and Budget (OMB) Briefing

NOTE:Presentation was made during the NITTF Fall Forum in November 2017.

 

Name of ResourceAuthor of ResourceResource Type
*DVE Pilots Summary Department of Defense Briefing

NOTE:Presentation was made during the NITTF Spring Forum in May 2018.

 

Name of ResourceAuthor of ResourceResource Type
*Risky Business Threats as Opportunity for Innovation Pacific Northwest National Laboratory (PNNL) Briefing

NOTE:Presentation was made during the NITTF Fall Forum in November 2017.

This section includes learning modules that have developed and shared by NITTF Partners and provides additional insider threat information and training to the Insider Threat Community.  For additional information please contact This email address is being protected from spambots. You need JavaScript enabled to view it..

 

20180516 Insider Threat Module

One of our Intelligence Community partners developed this training to address a variety of insider threat matters such as leaks, spills, espionage, sabotage, and targeted violence. Click on the image to access the module.

 

20180516 Mental Wellness Module

 

This mental wellness training was developed by the Office of Intelligence Community Equal Employment Opportunity and Diversity to explain challenges our workforce may endure if they are experiencing mental health issues. While there are times when behaviors of security concern overlap with mental disorders and require further review, the overwhelming reason for an employee to visit an agency’s Employee Assistance Program (EAP) is to have an objective, trained professional help sort out generally temporary and minor emotional problems. Click on the image to access the module.

 

NITTF Endorsed Workforce Training:

In addition to training tailored for your insider threat professionals, the Minimum Standards also require insider threat awareness training for the federal workforce. Many D/As have taken the initiative to develop their own training in line with the standards. For agencies without "in house" training for their workforce, the NITTF issued a directive in 2014 for federal agencies to use the Defense Security Service (DSS) Center for Development of Security Excellence (CDSE) web-based Insider Threat Awareness course. The DSS CDSE site is open to all government D/As, and certificates are available after course completion. Additional DSS CDSE training can be found at http://www.cdse.edu/catalog/insider-threat.html

This section of the resource library provides guidance developed and produced by the NITTF, including the Any Given Day Video and the 2017 Insider Threat Guide.  For additional information please contact This email address is being protected from spambots. You need JavaScript enabled to view it..

 

NITTF Guides and Multimedia:

2017 NITTF Insider Threat Guide Protect Your Organization Guide
2017 Insider Threat Guide NITTF Government Best Practice
2017 Insider Threat Guide: A Compendium of best practices to accompany the National Insider Threat Minimum Standards Errata
Protect Your Organization from the Inside Out: Government Best Practices (PDF)

 

Any Given Day Video
Any Given Day Video
Click the image to view the video

Any Given Day (VIDEO) is an 8-minute video that was produced to enhance insider threat education and awareness.  It highlights the balance between collecting information and privacy concerns, and presents a side of insider threat programs that is not often considered: protecting national security at the human level.  Executive Order 13587 focuses on safeguarding classified networks and classified information, but it's not just about information;  it's also about protecting people.  NITTF encourages inclusion of this video in your existing training plan for your workforce.

 

NITTF Technical Bulletins

NITTF has developed Technical Bulletins that identify key technical issues in developing an Insider Threat program.  Please click on the NITTF Technical page to review these bulletins.

 

Additional NITTF Guides and Templates

  • Insider Threat Program Inquiries Handbook*
  • Insider Threat Cost Model Template*
  • NITTF 2014 Guide to Accompany the National Insider Threat Policy and Minimum Standards*

* This material is For Official Use Only, and has not been approved for public release. Please contact the NITTF if you have an official need for this item.

 

For Additional guidance on Assessment Information please refer to the NITTF Assessment Page.

 

This section of the resource library provides the Executive order that establishes the NITTF as well as additional information on key insider threat topics developed by NITTF.  For additional information please contact NITTF.

 

As needed, the NITTF publishes advisories and directives, the former serve to inform, instruct, or guide and the latter to establish a policy, assign responsibilities or define objectives to be followed. In addition, NITTF has fostered the development and publication of policy and programmatic tools such as the Insider Threat Program Cost Model, the Insider Threat Security Classification Guide, and the Guide to Accompany the National Insider Threat Policy and Minimum Standards.

 

Directives and Advisories: 

  • NITTF Advisory 2017-01: Insider Threat Competency Resource Guide (Unclassified) (PDF)
  • NITTF Clarification of Enterprise Audit Management (EAM), User Activity Monitoring (UAM), Continuous Monitoring, and Continuous Evaluation Memorandum*
  • NITTF Insider Threat Awareness Training Directive*
  • NITTF Computer Banner Language Advisory*
  • NITTF Data Mining Reporting Advisory*
  • NITTF Legal Guidance Advisory*
  • NITTF Records Management Advisory*


NOTE:
  Materials in the NITTF Resource Library marked with asterisk (*) is For Official Use Only, and has not been approved for public release.  Please contact the NITTF (Hyperlink to email This email address is being protected from spambots. You need JavaScript enabled to view it.) if you have an official need for this item.

 

For additional information on the National Insider Threat Policy, click on the NITTF Policy & Legal Page.

NITTF Technical

 

The NITTF Technical Team is a vital component of the NITTF through its infusion of specialized expertise into other NITTF teams/work-streams as well as its development of effective and cost-effective technical solutions for the insider threat community. The Technical Team provides tailored assistance to inside threat programs spanning the IC, DoD, and NT-50 Federal Partners focusing on User Activity Monitoring (UAM), insider threat data integration and analysis, automated case management, Enterprise Audit Management (EAM), and other technical capabilities. The Technical Team also brokers classified network provider/subscriber relationships across the USG, maintains awareness of the vendor marketplace to identify tools and best practices, provides input to national-level policy frameworks, and explores solutions for emerging technical trends and vulnerabilities. 

     

The NITTF Technical Team developed technical bulletins to provide the insider threat community additional information on key technological issues departments and agencies face when implementing insider threat programs. Bulletins are arraigned by the date of bulletins with the most recent on top. As new bulletins become available, they will be identified as new and placed on the top of the list. Click on the title to view the technical bulletin. For additional information contact the NITTF Technical Team.

 

TitleDate of Bulletin
How CNSSD 504 Defines UAM 5/27/2018

Abstract : This Tech Bulletin considers the definition of user activity monitoring (UAM) provided by CNSSD 504, and it notes the technical functionality that a UAM solution must have to meet the Directive’s requirements.

 

TitleDate of Bulletin
How CNSSD 1015 Defines EAM 4/27/2018

Abstract : This Tech Bulletin considers the definition of enterprise audit management (EAM) provided by CNSSD 1015. According to CNSSD 1015, EAM is the “the identification, collection, correlation, analysis, storage, and reporting of audit information, and monitoring and maintenance of this capability.”

 

TitleDate of Bulletin
Security Information and Event Management for Insider Threat Programs 3/22/2018

Abstract : Security information and event management (SIEM) refers to a cyber tool for the collection and analysis of security events and threat management.

 

TitleDate of Bulletin
Data Quality for Insider Threat Programs 1/5/2018

Abstract : Executive branch departments and agencies should not overlook the importance of data quality to their insider threat programs. Inaccurate or ‘poor-quality’ data can hinder a program’s ability to identify theta behaviors and conduct an effective inquiry.

......................................................................................................

Provided below are additional technical bulletins that are not available for public release. Please contact NITTF if you have an official need for this item.

 

TitleDate of Bulletin
Continuous Monitoring and Continuous Evaluation and Their Value for insider Threat Programs 3/31/2018

Abstract : No abstract information available.

 

TitleDate of Bulletin
Clarification of User Activity Monitoring (UAM) Requirements 2/25/2018

Abstract : No abstract information available.

 

TitleDate of Bulletin
User (Entity) Behavior Analytics for insider Threat Programs 2/14/2018

Abstract : Executive branch departments and agencies may want to implement a UBA/UEBA tool to enhance their ability to find, track, and mitigate anomalous activity.

 

TitleDate of Bulletin
The Provider/Subscriber Relationship 2/10/2018

Abstract : No abstract information available.

 

TitleDate of Bulletin
UAM Solutions for insider Threat Programs 2/10/2018

Abstract : No abstract information available.

 

TitleDate of Bulletin
Commercial Data Aggregators for Insider Threat Programs 1/30/2018

Abstract : No abstract information available.

 

TitleDate of Bulletin
Cross Domain Solutions for Insider Threat Programs 1/14/2018

Abstract : Executive branch departments and agencies that operate multiple classified networks may want to employ a Cross Domain Solution (CDS) with their UAM solution(s) to transfer information between two or  more differing security domains.

National Counterintelligence and Security Center