Insider Threat Training Now Required for Federal Contractors
The mandate is part of NISPOM Change 2.
As the Defense Department and other government agencies begin to recognize the benefits of working with smaller, innovative technology companies, the potential for insider threats and cyber attacks grows. And now, all federal contractors face a deadline to implement a step to protect against these outside cybersecurity risks and threats from the inside.
Beginning today, all cleared government contractors must complete insider threat employee awareness training prior to being granted access to classified information and every year thereafter. The mandate is part of NISPOM Change 2, a U.S. government regulation that requires insider threat programs for cleared federal contractors.
Information on the employee awareness training requirements can be found in NISPOM 3-103b and in ISL 2016-02; and information on industry insider threat programs is available here.
Training is also available through the Center for Development of Security Excellence, in the CDSE catalog under Insider Threat.