Approved for release by ODNI on 7-21-2017, FOIA Case DF-2017-00003. l:lf4eLASSIFIE 8ן'; 'f8t:16 I F ח GUIDE TO ACCOMPANY THE NATIONAL INSIDER THREAT POLICY AND MINIMUM STANDARDS NOVEMBER 2013 • , • ~( י .'י ",,'י ~ ,. ~ 14eI!ABBI sןIE&;)Fe ~ e דhls document Is not approved for pub זlc release. CO חtact the N זדוF ם (b)(3) for questfons Approved for release by ODNI on 7-21-2017, FOIA Case DF-2017-00003. vl~ "LA!!II'I IלfI~ ,סUס (U) Table of Contents (U) INTRODUCTION ................................................................................................................................................ 1 (U ) HELPFUL REFERENCES .. ...............................................................................................................................3 (U ו TO BEGIN •.. DEVELOPING AN INSIDER THREAT POL.ICY AND IMPLEMENTATION PLAN ....... .............5 (U ו Step 1: Designate the Senior Official .. ............................................................................................................5 (U) Step 2: Obtain Visible Support from the Agency Head ................................................................................... 5 (U) Step 3: Form Working Group/Periodic Feedback to the Community .............................................................. 5 (U) Figure 1: Insider Threat Program: Enterprise Vlew ................................................................................... 6 (U) Step 4: Review Current Requirements and Guidance ................................................................................... 9 (U) Step 5: Seek Legal Input ............................................................................................................................. 11 (U ) Step 6 : זPotect Privacy and Civil Liberties by Apply iוg Appropriate Safeguards .... ..............................................11 (U ) Step 7: Idenlify Classi וfed and Other Critical Assets ... ................................................................................12 (U ו Step 8: Wrile Agency Policy and Implementation Plan ..... ............................................................................13 (U) Step 9: Obtain Approval. Establish Program Office. Implement Plan ........................................................... 14 (U) Step 10: Conduct Scheduled Self-assessments .......................................................................................... 15 (U ו IMPLEMENTING THE POLICY AND STANDARDS ......................... ...............................................................17 (U) Responsibilities of Senior Official(s) ............................................................................................................ 17 (U) Information Inlegration. Analysis. and Response ......................................................................................... 20 (U) Insider Threat Program Personnel ................................................................................................................ 27 (U) Access to Information ................................................................................................................................... 31 (U ו Employee זraining and Awareness .... ..........................................................................................................34 (tJllf'el!!le) Implementing a Host-Based User Activity Monitoring (UAM) Capability ........................................... 35 (~;יייe~ e) Flgure 2: User Activity Monitoring (UAM ) .. ...................................................................................36 ............................................................... ····· .. ···· .. ·.. ······ .. ·.. ····· .. ·.. ········· .. ·.. 8 .. ··· .. ·.. ···· ................................................................................................... .. UPI6b?G G I ןiil ili'\ ; 'ןii6 , ' 6 ... Approved for release by ODNI on 7-21-2017, FOIA Case DF-2017-00003. tsl4Cl!1 ;!!J וו 1("') 1 OtsO (U) Step 1: Review Policies ................................................................................................................................ 40 (U) Step 2: Evaluate the Current Underlying Information Technology Environment ........................................... 40 (U) Step 3: Evaluate the Future Underlying Information Technology Environment ............................................ 41 (U) Step 4: Establish the UAM Capability ............................................................... ,. ......................................... 41 (U) Step 5: Identify, Evaluate, and Prioritize Conceming Insider Threat Conducl ............................................. 43 (I !I ווf81!181 Figure 3: Malicious 8ehavior. ...... ...................................................................................................44 (U) Step 6: Oevelop an Information-Gathering Plan ...........................................................................................4 4 (U) Step 7: Tesl and Oeploy the Capabilily ......................................................................................................... 46 ( iS;\'f8iS8 ו Btep 8: Send Data 10 Ihe Program Hub ... ..........................................................................................47 (U) Step 9: Oversight ......................................................................................................................................... 48 (U) Appendix A: Guidelines for Media Interface .................................................................................................... 51 (U כ Appendix B: Agency Policy Template .................................................................. ............................................54 (U) Appendlx C: Agency Implemenlation Plan Template .......................................................................................5 9 (U ) Appendlx D: Inslder זhreal Priority Area Questionnalre ............................................ ......................................65 (U) Appendlx E: 811 Referral Template ................................................................................................................. 68 (U) Appendlx F: Insider Threat Classification Guide (to be published) ................................................................. 69 (U) Notes ................................................................................................................................................................. 70 ............................................................. ··· .. ·······················. . ·· .. ·. . ···············8 ··· .............................................................................................................. . t; ' 18 1בA9 8IFIE ,Bי/' F81:18 Approved for release by ODNI on 7-21-2017, FOIA Case DF-2017-00003. ~ r!8LP,66IFIEB (ל,F 8 ~ 8 (U) INTRODUCTION capability; ensuring access by Program personnel to insider threat-related information and data drawn from (U ) Executive Order (E.O.) 13587, Structuraן Reforms across the agency; establishing a centralized capability זo ןmprove the $ecurity of Cן assified Nefworks and the to 'analyze that information and to direct appropriate Responsibן e Sharing and Safeguarding of Cן assified agency responses to insider concems; ensuring legal, ןnformation, in conjunction with the White House privacy, civil rights, and civilliberty issues are addressed; Memorandum on Nafionaן ןnsider זhreat Poן icy and p€rforming agency self-assessments of compliance with Minimum Standards for Executive Branch ןnsider Threat the Policy and Standards; reporting results of agency Programs (hereinafter "Policy and Standards"), direct all insider threat efforts to a Senior Information Sharing and executive branch departments and agencies (hereinafter Safeguarding Steering Committee (SC), as established by "a gency, agencies") that have access to classified E.O. 13587; and enabling independent assessments of information to implement an insider threat detection and agency compliance. prevention program (hereinafter "Program. )" זhe purpose of the Program is to deter, detect, and mitigate insider ( U) E.O. 13587 applies only to the safeguarding and threats . זhis Guide provides instructions, ideas, and sharing of classified national security information possible options to assist agencies as they establish and and information that is classi וfed under the Atomic tailor a Program to meet their particular needs. Energy Act of 1954. זhe National Insider זhreat זask Force (NI חF) recognizes, however, that an (U ) זhe Program requirements contained in the agency may possess information that it considers E.O. 13587 and the Policy and Standards extend sensitive but that is not classified. While the principles beyond the safeguarding of information on computer and practices discussed herein are writlen to networks and systems. 8y the definition contained in help agencies execute E.O. 13587 and the Policy the Policy and Standards, insider threat requires the and Standards, they can be applied generally 10 establishment of capabilities that apply to classified protecl a sensilive but unclassified environment. information in all its forms, including information stored electronically or contained on systems as well as to ( U) זo ensure that Program activities are conducted the activities of p€rsons who use that information. For within le9al authorities, this Guide emphasizes the that reason, an agency Program will be required to value of close collaboration with agency counsel implement standards that apply to computer usage and and agency privacy and civil liberties officials. זhe system access, and encompass detection, prevention , acquisition and use of personal information to detect and reporting capabilities that cover information that and prevent insider threats is permitted under the resides outside the network environment . E.O. 13587 and other national policies. Collected information is subject to oversight by civil liberties (U) Agency heads are responsible for approving the and privacy authorities to ensure that personally agency's insider threat policy; establishing a Program, identifiable information is only gathered and used for and promulgating additional agency guidance. if legitimate and authorized purposes; such information needed; designating a Senior Official responsible for must be strictly controlled within the Program . the Program; establishing a user activity monitoring ............................................................................................................. ······0 ··············································· ..................................................................... .. ~'18L n,88IFI1!8;\'F8~8 1. ~ Approved for release by ODNI on 7-21-2017, FOIA Case DF-2017-00003. I!4PJ8t:':88IFIE8;\'F81!48 ................................................................................................................................................................... ................ . , (U כ ןn establishing their Programs, agencies are threat program for agencies that have not yet instituted expected to implement the Policy and Standards . their Programs. Finally, each minimum standard is AII minimum standards must be met, but that does discussed (see fmpfementing the Po ןicy and Standards , not mean that Programs should necessarily remain page 17) with a view toward providing helpful tools static or that a solution that works for one agency and techniques that an agency can employ to deter, will necessarily work well for another. A "one size detect, and mitigate malicious Insider activity. וfts all" model for the federal government is not required. Agencies are provided a great deal of (U) Some redundancy and repetition has been latitude to develop a Program tailored to their unique intentionally woven into the Guide to reinforce important organization and mission, capabilities, resources , themes as they appear in different contexts throughout and, most importantly, its perception of the threat from the Guide. For example, a point-such as the need for malicious insiders. As an agency sets its own patlך collaboration among various agency stakeholders-may toward compliance, it should bear in mind that the be pertinent in the context of the Policy and Standards, Policy and Standards are only minimums. Agencies may play a role in the analysis of information, may be significant from the perspective of protecting the will want to peri6dically evaluate and reassess tl ךeir insider threat posture. זhis may result in an agency's privacy of personal information, is certainly an important determination that they should raise their standards , consideralion for an agency insider threat working group even above those set in the minimum standards. to consider, and may be important to an agency's insider threat training program. Collaboration, then, (U) There is no single right solution to insider as a theme is discussed in each of those contexts. threat detection and prevention: each agency must determine its own pathway to accommodate (U ) Questions about the classification of insider threat its specific environment and resource priorities, materials are anticipated . זo assist, the NITTF is while implementing the Policy and Standards. preparing a classification guide for insider threat-related activities and materials that will answer questions about (U כ זhis Guide begins with a compilation of useful the proper classi וfcation of insider threat information . references (see He ןpfu ןReferences, page 3), followed Upon completion, it will be disseminated to all agencies bya discussion of the steps (see To 8egin ... Deve ןoping that handle classified information and added as an an Insider Threaf Po/icy and ןmplemenfalion Pfan , appendix to this document. page 5) needed to implement a functional insider .............................................................................................................. ·····8····························· .. ··················. ................................................................. . " " Qk9QQ ןpן E8;\'pס ' ' ס A Approved for release by ODNI on 7-21-2017, FOIA Case DF-2017-00003. Urj8L:.eeIFI1!8,','F8~8 (U) HELPFUL REFERENCES The references provide a ready resource for agency cou חsel, privacy and civilliberties coordinalors , (U) Several useful references warrant menlioning, Program perso חnel, and ageח cy leaders , (U ) First, the basic requirements for insider threat (U ) Fourth, although the structure a חd purposes of a programs are contained in E.O. 13587, Structural Program can be applied readily to seח sitive i חformation Reforms זo ןmprove the Security of CJasslfled that is חot classified, the focus of E,O, 13587 is on Networks and the Responsible Sharing and improving the safeguards associated with classified Safeguarding of Classified Information; White House information, To galח a better understanding of the basic Memorandum on Nationaן Insider Threat Policy and requirements that gover ח a חindividual's access 10 Minimum Standards for Executive Branch Insider classified material-iח cludi חg access by the government זhreat Programs, 21 November 2012; and White to personal informatiO -חrefer to E.O. 12968, Access House Memorandum on Compו iance with Presldenf's to Cfassified fnformation, 4 August 1995 a חd to וnsider Threat Po וicy, 19 July 2013. These national section 3 of E.O. 13467, Reforming Processes policies' direct a וI executive branch departments and Related fo Suitability for Government Employment, agencies (hereinafter "agency, agencies·) to implement Fifness for Contracfor Empfoyees, and Eligiblllfy for insider threat detection prevent programs. Access to Classified Nationaf Security Jnformatfon , 30 June 2008 . (U ) Second, an age חcy must understand that it already possesses the authority tס investigate any (U ) Fifth, the process for classifying and declassifying information that comes to its attention that indicates information, along with agency responsibilities within retaini חg any officer or employee of the agency may those processes, are covered in E.O. 13526, Classifled not be cO חsistent with national security interests . Nafional Security Informafion. Similar information This investigative authס rity is cO חtai חed in E.O • pertaining to classified nuclear information can be found 10450, Security Requfrements for Government in the Atom;c Energy Act of 1954 at w.»w w .חrc.govן Emp ןoyment, as amended, and provides authority about-nrclgoveming-Iaws (unclassified to conduct inquires both prior to an actual hirlng and (U ) Sixth, the guidelines that address classified after an individual has been hired by the agency, information requirements pertaining to the agency (U ) Third, the FBI Otfice of General Counsel has contractor workforce are discussed in E.O . 12829, assembled a Summary of Federal Citations for Nationa ןfndustriaf Security Program, 6 January 1993, the National ןnsider Threat Task Force. This Modifications to the National Industrial Security document provides extensive authorities, derived Program are presently being drafted within the from U.S. law and policy, that pertain to insider executive branch to speclfically apply the Policy and threat activities. Reference materials have been Standards to the cleared contractor workforce . extracted from the U חited States Code, executive orders, Code of Federal Regulations, presidential (U ) Seventh, the NIח F encourages agencies that do not yet have counterintelligence (CI) capabilities national security and homela חd security directives, to develop those capabilities concurrentJy with their Intelligence community directives and sta חdards. Program. The two will be mutually reinforcing. This .............................. , .......... , ............ , .................................. , ...................................................................................................................................................... י. ........................., . .................., ........ ........, .•• , .......... ..................., .. .............·.,.0...... ............... ,..... .......................................................................................................... ~' ,»»" .. »" '»." •. ».» .. , .... ,."." .. ,»"., •• , ... ,.,', .. ".,»,,»»,»1" ',··"" "" .. ,»····,· .. »,·. ... ,», .. , ..· .. " .. ·, .. " .., .. , ..» ........... , ......... , ...... ,., ...... » .., .." .... , ... , .... , ..... ,» ..... ,' t; f4eLAS91 FI E8/iFe~e Approved for release by ODNI on 7-21-2017, FOIA Case DF-2017-00003. UrJCLAS נIFIEBliFFSI;S suggestion is consistent with E.O. 13587, which ( U) Eleventh, behavioral science specialists may serve requires that each Insider Threat Program develop as a valuable resource in defining conduct indicative of policies, objeclives, and priorilies for CI capabilities and insider threat concern. Additional information on practices. CI capabllitles are outlined in the Defensive deployment of behavioral science expertise may be found Counterinteו וigence Program B וueprint- 2010. An on the ONCIX classified website (b)(3) important component of any CI capability is Ihe agency Two other publications of note are the University of commitment 10 periodically assess the risks posed by Nebraska's Behavioraf Science Guidefines for adversaries to agency cri ןical assets. The Office of the Assessing ןnsider Threats, which was published in National Counterintelligence Executive (ONCIX) has 2008 for the Oepartment of Oefense (000), and published an instructional manual, Counterinteו וlgence! ONCIX's Counterproductive Work Behavior and Security Risk Assessment Framework for Federaf Resiו ience, August 2012 . Partners, March 2012, which agencies should find useful in conducting a CI risk assessment. ( U) Twelfth. NI חF recommends the employment of security, information security, and counterintelligence skills (U ) Eighth, in Oecember 2012, Carnegie Mellon prominently within an agency's Program. The Intelligence University Software Engineering Institute's CERT Community (IC) and the 000 have done considerable Program published a useful unclassified reference work to outline the competencies in these skill areas . document on insider threat entitled A Common Sense Agencies, regardless of whether they are part of the IC, Guide to Mitigating וnsider Threats, 4th Edition. The may find useful the skill descriptions developed in the guide provides nineteen positive practices drawn from following documents: CERז יs experience working insider threat situations over the past decade. The practices, supplemented by Office of the Oirector of National Intelligence's case studies and examples, can help agencies ( OONI ) ןnte וfigence Community Standard (fCS) formulate their own programs and provide materials for 610-13, Competency Directory for Security, the insider threat awareness training component of their 4 October 2010; Program. Also in 2012, CERT published its unclassified ONCIX's Fundamenta וEו ements of the CERT Guide To וnslder Threats (available from CERT Counterinte ווlgence Discip וine, Technica ו at http :ןןwww.cert.org ןinsider_threat), which provides Competencies for Counterintefו igence numerous case studies of malicious insider activities Functions, Vo וume 2,8 1 August 2007 ; drawn largely from private sector examples . OONl's וCS 610-9, Competency Directory ( U) Ninth, there are two recent documents that deal for וnformation Technoו ogy (Mission and speciו fcally with the components of insider threat Enterprise), amended 4 October 2010 ; programs. First is the National lnsider Threat Working Group's U.S. Government וnsider Threat Detection OoO's Department of Defense Manua ו8570.1-M , Guide, 2011;a its contents c!osely parallel the Policy and וnformatlon Assurance Workforce וmproveme"t Standards and this Guide. Second is ONCIX's וnsider Program, Change 3, 24 January 2012 . Threat Concept of סperations (C סN סPS) ,2011.8 ( U) Most of these references are retrievable through ( U) זenth, most agencies possess a document or links provided in the electronic version this Guide . charter, issued at the time the agency was initially Eventually these and other materials will be available organized, that estabiished the mission and its on classified and unclassified websites that the operational parameters . זhis charter should be reviewed for possible guidance and authorities that an NI זזF is constructing. AII of the materials may agency can incorporate into its Program . also be requested by contacting the NIז זF via e-mail at (b )(3) ; a This is classiffed docurnenl. i 1; I1 I! .............................................................. ··· .. · .. · .. ········· .. ·. ... ··························0 ····· ............................................................................................................... " PIQhOGGlliillili? ;! ';ןQ' 'Q :1 Approved for release by ODNI on 7-21-2017, FOIA Case DF-2017-00003. ,!; t8LASSIFIE8);'F8 1ביt8 (U) TO BEGIN ... DEVELOPING of insider threats is a security concern, making Ihe association between the Program and the agency's AN INSIDER THREAT POLICY AND security structure natural and mutually reinforcing. IMPLEMENTATION PLAN (U ) זhe following ten sleps should be implemented when (U) Step 2: Obtain Visible Support developing a functional insider threat program. זhe steps from the Agency Head cover the insider threat minimum standards contained In the president's memorandum of 21 November 2012 . (U IIFOUO) Along with the designation of the Senior זhese steps are comprehensive and designed tor Official, the agency head should demonstrate s זtong , agencies that have not yet instituted an Insider זhreat personal, and visible support for the new Program and Program. Figure 1: Insider זhreat Program: Enlerprise its senior responsible official . View (see page 6) illustrates the primary roles, E.O.s, (U ) זhe agency head may already have various internal policy, systems and data sources that are needed for an communications methods to inform the workforce of Jnsider זhreat Program . the importance of the insider threat risks. "A וI hands" meetings, community forums, newsletters, and blogs, (U) Step 1: Designate the Senior OfficiaJ for example, may already be in use by the agency head and can be effective communication vehicles through ( l:Jf/FOI:JO) Agencies are required to designale a Senior which the agency head can frame and emphasize the Official responsible to the agency head for implementing agency insider threat discussion , and overseeing the Program. Recommend only one official be designated to manage and oversee the (U ) Agency heads who are vlsibly involved in Program Program; however, If an agency appoints more than awareness provide a valuable leve וof emphasis to the one Senior Official (such as in the case where an workforce. leadership endorsement of the Program is agency has many subordinate elements or multiple also greatty enhanced when agency heads lend their geographically separated facilities), a coordination name and/or image in workforce communications about process should be eslablished so that the Program the Program . speaks with one voice . זhe Senior Official should have direct access 10 the agency head for matters of insider ( U) Step 3: Form Working Groupן Periodic threat concern. 1I Is recommended that the Senior Feedback to the Community Official's performance plan reflect this responsibility. In a number of agencies with maturing. Programs, the (e J)'fr8!!!J8) Once deslgnated, the Senior Official may responsibility for the Program is vested in a senior wish to assemble an ad hoc cross-agency working executive who is also responsible for the agency's group that wi ןן meet regularly over the months ahead security and/or counterintelligence activities. זhough to develop the Program and implement the Policy not required, this does seem to be a natural fit, since and Standards . זhe Senior Official should consider many of the capabilities that will be important to the providing in-person periodic updates to the agency Program may already be resident within the CI or head and leadership on Ihe group's progress , זhis security structure of the agency. Additionally, the pursuit interaction will serve 10 reinforce senior leadership • ...•...•.•......•...., . ............................................................................................................................................, ............ ................." ... ......................." ... .......י• ...• .... .... •... ..................•.•...•. י........ .............................' , ..י... .. ..............................................................................................י... ..................... ,...... ................... 0...... ..............." ... .,... .. ...י... •.•.•.•.....•..••.•.•.•.....,. .... ..............,. ....... , ...... ... ,.".....,. ..•. ..•.•.•.•...•.•,... .•. ......•.......•.•.~. .... ....•.......•...•...•.......•...•.•.•.•.......•.............•......,," . il " וrib2Qil ;ןIIiB;\'FQ' 'Q ~ Approved for release by ODNI on 7-21-2017, FOIA Case DF-2017-00003. ~ fI8 ;ו: !!:I FI!!B)) F8e9B ........................................................................................................................................................................................ NI F (U ) Figure 1: Insider זhreat Program: Enterprise View ~ ח T$ י" gRpI>c is (1IfoiFQ' ~ Ault וonl ios, D,ivers . . • ~ ~ ~ ~ ~ ~ ~ ~ ~ FISMA DlA Dן A E.O . E.O. EO. E.O. Na[ona\ Minimum ImplementaUon Porcy 13567 10450 12333 12966 PoIicy Slandilfds Plan Agoncy Hoad/Senlor Loadershfp Non-811 R.r.,,,,I• •" d M•ltlg. llon Eflorta • •• . •• A r.n Counterו nteו lIgence & N.tו on .וSecurity • • rוiD .. .. , 1" R.f.rraן ) Action IA HR 4 EAP ......1 ---....... ~ A. A.. Scc IG nw., LE Senlor Officlal Soc& kוn 81101 {ואtJ(t. .~ jg.nctAutbc זito tlonAa Afso _ .. ן~9 1nJi,* WotkJng G rסuו> r ___ _______________________________f.,_F_Y_ 1_9_95_ ____________י ! <iו. t2j ~ t~ ~ .נ • t Rtpcw\S • fn"'s1Iga , Analysis and . --------- ~? ן ~.. ~. ..י.. י~ .~. R.por1ing F_ ~ ~ ~ ~ '"~ •. p ,_ td Ti ימning and Aw גtr ll.ness Man נ~r ~ A rוalוי:l /An''Y ~ "" -, iIii+ iiiii ןן ~~' .nd -'_ _ , a'P " --- 1,. Tools ג ~ $:: c."ttalz.d HUB e"IO pו'lso Aud ,ןlng CIO (EA ) Priv'te Endavo Daו a Stotage Sem~Auto""''''d PushoslP.II. Oaa וGae חוling c l.tו. .r td Nttvo"", P• •d l ( Inc:lucfו ng Extemany Controllod Oal8 Sourcu) ',. S ARsכS US ןכfclous AdM!Y Rcports. ; I (ו'"5 9 ' 'Q כXhe rg וure is an overvievl allhe enlerprlse eוvel of the interre)a slוlioח ips among lhe varfous I components o( a lypicaו insider Ihreat program discussed in Ihis Guide . ! ! .. ........•••••••....•.•••••••••.•.••••••.•••••••••••••••••••.•.••••••••••••.•..••.•.•....••••, ................. ..............................................י•••••••• י••••••• , •••••••••• ••••••••••••••••••••.••••••••••••••••••••••••••.•••• ...................................................... .......................... ............................................................................................................................................................. r , - I I ......................................... ,. .... ,. .............................. ,. ......................"..."..."... ··.··.8 "".··,··,··"····.··.··. . . ························ .. ·········................................................_.............._.. j Approved for release by ODNI on 7-21-2017, FOIA Case DF-2017-00003. IJ' IQ I!.ינ ההBOIFII!B;;'FBIJ8 ..................................................................................................................................................................................... .. ............................................................................................................ : : : : awareness of and suppor1 for the Program and a ווow . ~ ( זז'F Iii 1 ) 'iג uestions for the .::::; the agency head to incorporate the positive results of ~~ Insider זhreat Working Group the Program development effor1 into his/her portrayal (w כ; 18 6 8) The working group should consider the of the agency's status and posture , זhe working group can also help 10 develop relationships between followlng during its discussion components!offices, leading to better informalion What are we trying to protect ? sharing and cooperation , זhis also will serve to • How will the Program be Implemented and over what minimize the possibility of unwanled surprises from period of time ? Program developmenl efforts and should provide early notice 10 the leadership team of the need to restructure Who wi" write the pollcy and implementation plan ? current funding a ווocations to support Ihe new Program . • When can we reach Inltlal operating capabiי l1y (יOC /) fu ווoperatJng capability (FOC ?) (U כ זhe working group should consist of representatives What capabilities are i חplace within the agency that from all stakeholder offices wlthln the agency, A will contribute 10 the Program ? "s takeholder,' in this context, is an agency office whose business activities place them in a position 10 receive What capabilities are mlssing? What is needed ? and retain information pertinent to the background , • What Information resources In the age חcy will be useful conduct. and activities of agency employees. As a to the Program? Where do they reside in the agency ? rule of thumb. stakeholders would certainly Inc!ude Are the "keepers· of that Iח formation involved ןחthe working group ? 1: representatives from the security!counlerinlelligence staff. the Office of the Inspector General (OIG). the What possible vehicles does the agency have to law enforcement elements of the agency. the Human promulgate a Program policy ? Resources (HR) offJce. the Information Assurance • How will the Program deal with subordinate elements (I A) Office. and the Office of the Chief Information snd/or eי ements that are geographicalJy removed from Officer (CIO). However. any office within the agency the age חcy headquarters? WilJ there be a need for several ·se חior responsible officials " ? that possesses information about the activities of agency employees could be consldered a stakeholder • How Y/ill the agency fund and staff a Program office to for purposes of the working group. In short. tailor the implement the agency's insider threat policy? working group 10 your agency, • How and where y וil1 the sgency's "hub" or centralized analysis and response capability be established ? וWII (U ) Critically. the Office of the General Counsel (OGC ). there need to be several "hubs· to servlce the agency's Solicitor General. or Corporation Counsel should be needs? How wi!1 their iח formstion interconnect? included as a working group member in order to heip What action can and should the agency undertake to sort through questions that may arise about authoritles apply Its insider Ihreat policy to its contractor workforce and personnellocated in remote locations ? and legal impediments הCivil liberties and privacy office(s) should also be represented, As the agency • Determine what safeguards should be Included develops a Program that provides a more in-depth ,:! in the Program 10 ensure the protection of insider iook into the professional and personal activities of threat information and t.he civil iiberties and privacy agency employees. legaJ advice and particlpation of individuals. :.. . ...............................................................................................................: at every stage of the working group effort will be essential, (See Summary of Federa ןCitations for r. the Nationaf ןnsider Threat Task Force, page 3 ). ......................... '. ...., . ..... ", ............. ,. ....... ,. .......... ,. .. ,.. ....... ,. ... ,. .., . ., .. ,. ...· ···,·8,··,·················,,··,,·················,,···, ............... ,. .. ,. ..." . .. ,. . ". .. ,. ...................., .. ... . 1י יIOI י55IFli8כ I'FGIIG ~
Description: