STIGViewer Trial workspace — loading your subscription…

NIST 800-171 v2

110 security requirements available

3.2.3Derived Requirement

Awareness and Training

Security Requirement

Provide security awareness training on recognizing and reporting potential indicators of insider threat.

Discussion

Potential indicators and possible precursors of insider threat include behaviors such as: inordinate, long-term job dissatisfaction; attempts to gain access to information that is not required for job performance; unexplained access to financial resources; bullying or sexual harassment of fellow employees; workplace violence; and other serious violations of the policies, procedures, directives, rules, or practices of organizations. Security awareness training includes how to communicate employee and management concerns regarding potential indicators of insider threat through appropriate organizational channels in accordance with established organizational policies and procedures. Organizations may consider tailoring insider threat awareness topics to the role (e.g., training for managers may be focused on specific changes in behavior of team members, while training for employees may be focused on more general observations).

Framework
NIST SP 800-171 Rev 2
Family
Awareness and Training
Requirement Type
derived

Related Frameworks

2 paths across 2 frameworks
NIST 800-531 mapping
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-002055
1.00
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
  • DISA · 2025-01-23 · disa_cci_list · equivalent

Related STIGs

No STIGs in the current catalog reference any CCI mapped to this control.