In May 2016, the Under Secretary of Defense for Intelligence issued a requirement for cleared government contractors to establish an “insider threat program” (ITP) to better protect national security networks from cybersecurity threats.
NISPOM Change 2 required the implementation, certification and maintenance of an ITP by all cleared government contractors. It also required the appointment of an Insider Threat Program Senior Official (ITPSO) and awareness training of all cleared personnel.
The deadline for completing ITP awareness training of previously cleared personnel is May 31, 2017.
In addition to your initial implementation, make sure your organization completes its ITP awareness training by the deadline. Be mindful of upcoming end-of-school and summer vacation schedules to avoid conflicts or delays in completing the required ITP training by May 31.
Over the last year, the DSS has hosted workshops and posted guidance to their website to help with ITP implementation, including training materials. To save time and resources, consider using training materials available from the DSS.
Additional information and training materials are available on the DSS website.
The DSS recently published a summary on the creation and implementation of ITPs in 2016, reporting that there were 259 ITP plans certified, 3,943 ITPSO’s appointed, and 28,978 awareness training programs completed.
There is time remaining to add your training to the DSS statistics -- and more importantly to help diminish the cybersecurity risk to your systems and national security infrastructure through Insider Threat Protection awareness training.
Bradley Cybersecurity and Privacy Team
Cybersecurity and privacy are ongoing and pressing concerns for today’s businesses. Information is value. Technology is value. Both can present large risks. The protection and management of information and technology infrastructure are key. Legal decisions are becoming increasingly complex and affect a variety of significant regulatory, transactional, civil liability, and reputational matters. Bradley's Cybersecurity and Privacy Team has over 25 years of experience in this space and works with clients to protect against, plan for, respond to, and recover from a variety of cyberthreats. Bradley's multidisciplinary team has industry-specific groups, including a group that specializes in the unique challenges faced by government contractors in complying with rapidly changing cybersecurity requirements and reporting obligations. Bradley’s government contracts partners have broad experience in cybersecurity for both defense and civilian government contractors, positioning us to provide essential legal counsel on protecting sensitive information and avoiding exposure to the serious legal, financial, and reputational risks that accompany cyber incidents.