>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

AT-2(2)Literacy Training and Awareness | Insider Threat

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Provide literacy training on recognizing and reporting potential indicators of insider threat.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Potential indicators and possible precursors of insider threat can include behaviors such as inordinate, long-term job dissatisfaction; attempts to gain access to information not required for job performance; unexplained access to financial resources; bullying or harassment of fellow employees; workplace violence; and other serious violations of policies, procedures, directives, regulations, rules, or practices. Literacy training includes how to communicate the concerns of employees and management regarding potential indicators of insider threat through channels established by the organization and in accordance with established policies and procedures. Organizations may consider tailoring insider threat awareness topics to the role.

For example, training for managers may be focused on changes in the behavior of team members, while training for employees may be focused on more general observations.

>Related Controls

PM-12

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of AT-2(2) (Insider Threat)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring AT-2(2)?
  • How frequently is the AT-2(2) policy reviewed and updated, and what triggers policy changes?
  • What training or awareness programs ensure personnel understand their responsibilities related to AT-2(2)?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce AT-2(2) requirements.
  • What automated tools, systems, or technologies are deployed to implement AT-2(2)?
  • How is AT-2(2) integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce AT-2(2) requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of AT-2(2)?
  • What audit logs, records, reports, or monitoring data validate AT-2(2) compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of AT-2(2) effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate AT-2(2) compliance?

Ask AI

Configure your API key to use AI features.