CISA – Insider Threat Mitigation Resources – July 11, 2019


Insider Threat Mitigation Resources

As of July 11, 2019

Soft Targets and Crowded Places Task Force (ST-CP TF):

The ST-CP TF provides guidance to public and private sector partners to identify innovative means to increase security and mitigate risks the nation faces from terrorists or other violent extremist actors to soft targets and crowded places.  The term ST-CP is typically defined as locations or environments that are easily accessible, attract large numbers of people on a predictable or semi-predictable basis, and may be vulnerable to attacks using simple tactics and readily available weapons.  The Insider Threat Mitigation program is coordinated and consistent with standards set forth by the Department of Defense, Office of Director of National Intelligence – National Insider Threat Task Force (NITTF) and Carnegie Mellon University Software Engineering Institute.   

  1. Insider Threat (InT) Mitigation Web Site

The InT Mitigation web site provides a comprehensive step-by-step guide to developing an InT program, options for consideration for protecting assets, how to recognize and report an InT as well as assessing and responding to enhance security in the area of workplace violence, cyber and physical threats. This resource is available at: or

  1. Understanding the Insider Threat video and trailer

The Insider Threat trailer (1 minute) and video (30 minutes) conveys the importance of a comprehensive InT program.  The video uses security and behavior experts to discuss how insider threats manifest in a variety of ways including terrorism, workplace violence, and breaches of cybersecurity. Understanding how to recognize and respond to these various types of insider threats, whether non-violent or violent, increases an organization’s ability to protect both its people and sensitive information. This resource is available at:

  1. Pathway to Violence Video

The Pathway to Violence video provides information regarding the behavioral indicators that assailants often demonstrate before a violent act. Behavioral experts reference research conducted by Frederick Calhoun and Steve Weston’s on threat management and further describes the six progressive steps that may be observable by colleagues. The video also includes law enforcement expert interviews that discuss engagement strategies and recommended responses to someone potentially on a pathway to violence.  This resource is available at: 

  1.  Pathway to Violence Action Guide

The Guide explains warning signs that may lead to violence and what individuals can do to mitigate a potential incident.  This resource is available at:

  1. Insider Threat Fact Sheet

This fact sheet describes some of the Department of Homeland Security resources to assist organizations design a comprehensive program that protects against workplace violence, physical and cyber insider threats. This resource is available at:

  1. Insider Threat Management Team Workshop (Pilot Phase)

The workshop is currently being piloted with the regions and will be released in the coming months.  It is intended to serve as an in-person, field-delivered workshop focused on scenario-based training to assist organizations as they build multi-disciplinary teams to assess suspicious behavior and recommend appropriate actions to mitigate potential insider threats. 

  • Options for Consideration Active Shooter Preparedness Video

The Options for Consideration video demonstrates possible actions that individuals can take if confronted with an active shooter scenario. This instructive video reviews the choices of running, hiding, or as an option of last resort, fighting the shooter. The video also shows how to assist authorities once law enforcement arrives.  This resource is available at:

  1. On-line Training: FEMA Emergency Management Institute Independent Study Courses.  The below on-line training produced in coordination with CISA ST-CP TF which includes Insider Threat security and awareness, are available at:
  1. IS-906: Workplace Security Awareness
  2. IS-914: Surveillance Awareness: What You Can Do
  3. IS-915: Protecting Critical Infrastructure Against Insider Threats

Interagency Security Committee (ISC):

The ISC provides guidance to the federal facility security community on how to integrate Insider Threat activities within the organization and facility’s overall security programs. This guidance is coordinated and consistent with the federal National Insider Threat Task Force.

  1. Violence in the Federal Workplace: A Guide for Prevention and Response 2019

The importance of synchronizing a Workplace Violence program with an Insider Threat program is detailed in this guide which provides comprehensive information to assist in the creation of an effective workplace violence prevention and response program. This resource is available at:

  1. (FOUO) Design Basis Threat (DBT) Report

Insider Threat is 1 of 33 Undesirable Events (UEs) included and updated annually in the ISC’s DBT which establishes a profile of the types, composition, and capabilities of adversaries and is an estimate of the threat Federal facilities face across a range of UEs based on the best intelligence information, Intelligence Community (IC) reports, assessments, and crime statistics available.  This resource is available on HSIN-CI:

Infrastructure Security Compliance Division (ISCD):

How does CFATS address Insider Threat? High-risk chemical facilities must comply with 18 Risk-Based Performance Standards (RBPS) to satisfy security requirements under CFATS.  These non-prescriptive standards allow regulated facilities the flexibility to achieve security measures through a variety of methods at the discretion of the facility.  CFATS facilities abide by a variety of cyber security policies, dependent on the level in which cyber systems are utilized at the facility. Cyber security programs and training that can help identify potential insider threat and assist in the prevention of insider threat.  Resources are available at:

CFATS Fact Sheets

The below publically available fact sheets highlight some of the 18 Risk-Based Performance Standards (RBPS) that satisfy security requirements under CFATS and employ some elements or concepts of Insider Threat mitigation strategies. 

  1. Fact Sheet:  CFATS Detect and Delay

This fact sheet covers two overarching security objectives—detection and delay—which include the first seven RBPS, and address a facility’s ability to deter, detect, and delay an attack. All security measures contained in this fact sheet are possible, nonexclusive examples for facilities to consider as part of their overall strategy to address RBPS under the CFATS program. This resource is available at:

  1. Fact Sheet:  RBPS 8 – Cyber

Cybersecurity typically involves policies and procedures that protect a facility’s critical systems. This fact sheet covers the importance of cybersecurity at CFATS-covered facilities, how DHS evaluates cybersecurity measures under CFATS, and additional references and resources related to cybersecurity.  This resource is available at:

  1. Fact Sheet: RBPS 12(iv) – Screening for Terrorist Ties

Under RBPS 12, personnel surety, vetting facility personnel and unescorted visitors who have or are seeking access to restricted areas and critical assets at high-risk facilities, is a key aspect of chemical security. This resource is available at:

  1. Fact Sheet:  RBPS 15 and 16 – Reporting Significant Security Incidents

RBPS 15 and 16 complement each other and address the importance of high-risk chemical facilities promptly and adequately identifying, investigating, and reporting all significant security incidents and suspicious activities to the appropriate facility personnel, local law enforcement, and/or DHS. This resource is available at: