Contractors that have a facility clearance through the Department of Defense’s Defense Security Service (DSS) must have a written plan in place for the implementation of an insider threat program that is designed to detect, deter and mitigate insider threats.
The overall goal of the program is to gather, integrate and report relevant and available information about activities of individuals that indicate a potential or actual insider threat. Tailored to the size and complexity of the cleared contractor’s business must include:
- Formal appointment of an insider threat program senior official.
- A written plan defining insider threat information; procedures for accessing, sharing, compiling, identifying and reporting that information.
- Written procedures for deterring and mitigating the risk and detecting insider threats.
- Reporting “relevant and credible information”.
- Information security controls.
Cleared contractors are required to self-certify to the DSS that a written program is implemented and current.