Audit of the National Reconnaissance Office Insider Threat Program (Project Number 2015-002 A), 30 April 2015

Background

The Intelligence Community (IC) defines the term insider threat as an insider using her/his authorized access, wittingly or unwittingly, to do harm to the security of the United States. As recently experienced by the IC and the Department of Defense, this harm can take many forms, including industrial espionage, unauthorized disclosure of classified information, or even violent acts. This is an organization-wide risk that is not limited to information technology or counterintelligence (CI).

To address the magnitude of this risk, in October 2011, the President released an Executive Order (E.0.)1 requiring departments and agencies to establish an insider threat program. The President subsequently issued several additional memoranda that established the National Insider Threat Policy clarifying his expectations for protecting federal entities.

Under Presidential direction, the National Insider Threat Task Force (NIITF) issued guidance on how to comply with the National Insider Threat Policy and specified what must be included in an insider threat program. It prescribed a coordinated effort across multiple disciplines. Examples ofthese disciplines include Personnel Security, Law Enforcement, Privacy and Civil Liberties, Human Resources, Information Assurance, CI, and Office of Inspector General (OIG). These interrelated disciplines are supposed to form an agency-wide safety net, including government and contractors, to deter, detect, and mitigate actions by employees who may represent a threat to national security.

Continue scrolling for more...

Accepting that an insider threat program takes time to mature, the President provided a timeline for agencies to reach initial operating capability with their respective Insider Threat Programs. The NITTF, with White House concurrence, clarified that by 20 May 2013, all agencies must

1. (U) designate an insider threat senior official(s ),
2. (U) issue an insider threat policy signed by the department or agency head, and
3. (U) submit to department or agency leadership an insider threat program
implementation plan that addresses how the organization intends to meet the
requirements set forth in the minimum standards.

The Investigation

 Audit of the National Reconnaissance Office Insider Threat Program (Project Number 2015-002 A), 30 April 2015 [9 Pages, 1.8MB]

https://documents.theblackvault.com/documents/nro/F-2017-00045.pdf

 

Follow The Black Vault on Social Media:

This post was published on June 22, 2017 1:24 am

John Greenewald

Recent Posts

The DoD Inspector General’s Evaluation of the DoD’s Actions Regarding Unidentified Aerial Phenomena

This article was originally written in August 2024. However, additional document releases related to these…

July 15, 2025

Do Not Respond: Pentagon Staff Instructed to Ignore The Black Vault’s UAP Inquiry

The Department of Defense (DoD) has released 151 pages of internal records related to the…

July 15, 2025

U.S. Government Confirms Multiple Drone Incursions Over Pantex Nuclear Facility; Newly Released Documents Reveal Previously Unreported Security Events

The U.S. Department of Energy (DOE) has released a series of previously undisclosed documents confirming…

July 12, 2025

Air Force Confirms Drone Swarms Over Wright-Patterson AFB Led to Airspace Shutdown; Videos and Reports Released

Newly released Air Force records confirm that Wright-Patterson Air Force Base (WPAFB) in Ohio experienced…

July 11, 2025

Navy Withheld Nearly 500 Pages About UAP Video Release Decision, Records Show FOIA Pressure Drove Disclosure

Newly released documents obtained through the Freedom of Information Act (FOIA) reveal that the U.S.…

July 9, 2025

CIA Mishandles UFO Files Again: Intelligence on Soviet UFO Reports Lost Forever

The CIA’s history of losing or mismanaging UFO-related records continues with yet another example, this…

July 7, 2025