Insider Threat

An insider threat is a security risk that comes from within your organization — employees, contractors, or business partners who have legitimate access to your systems and data. Insider threats can be malicious (intentional data theft, sabotage) or unintentional (accidental data exposure, falling for phishing, negligent handling of CUI).

Insider threats are particularly dangerous because insiders already have authorized access, making their activities harder to detect than external attacks. An effective insider threat program combines technical monitoring (user activity monitoring, DLP) with organizational measures (background checks, security awareness, reporting mechanisms).

Why It Matters

The DoD considers insider threat a significant risk to CUI protection. CMMC includes requirements for personnel security, awareness training, and monitoring that address insider threat. Having an insider threat program demonstrates mature security governance.

Related Resources

CMMC: AT.L2-3.2.3
NIST 800-171: 3.2.3
NIST 800-53: AT-2(2)
NIST 800-53: IR-4(6)
NIST 800-53: IR-4(7)
NIST 800-53: PM-12