Office of the Chief Information Officer

United States Department of Agriculture

Departmental Regulation 4600-003

Author: 
Office of Homeland Security and Emergency Coordination (OHSEC)

USDA Insider Threat Program

1. PURPOSE

The purpose of this directive is to set forth the U.S. Department of Agriculture’s (USDA) roles and responsibilities for an Insider Threat Program, as directed by Executive Order (EO) 13587 dated October 7, 2011, titled, Structural Reforms to Improve the Security of Classified Networks and Responsible Sharing and Safeguarding of Classified Information and the National Insider Threat Policy and the Minimum Standards issued in November 2012.

2. BACKGROUND

The Secretary of Agriculture, under EO 13587, is mandated to develop and implement an Insider Threat Program with the primary mission to prevent, deter and detect compromises of classified information by malicious insiders.

Although EO 13587 applies only to the safeguarding and sharing of classified national security information, the National Insider Threat Task Force (NITTF) recognizes that an agency may possess information that it considers sensitive but that is not classified. As stated in the NITTF’s Guide to Accompany the National Insider Threat Policy and Minimum Standards, issued in November 2013, the policies and standards under EO 13587 can be applied generally to protect the sensitive but unclassified environment.

The National Insider Threat Policy and Minimum Standards require that the USDA addresses key components to be implemented:

a. Establish a program for deterring, detecting, and mitigating insider threat;, security, information assurance, and other relevant functions and resources to identify and counter the insider threat;

b. Establish an integrated capability to monitor and audit information for insider threat detection and mitigation. Critical program requirements include but are not limited to: (1) monitoring user activity on classified computer networks controlled by the Federal Government; (2) evaluation of personnel security information; (3) employee awareness training of the insider threat and employees' reporting responsibilities; and (4) gathering information for a centralized analysis, reporting, and response capability.

c. Develop and implement sharing policies and procedures whereby the organization's insider threat program accesses, shares, and integrates information and data derived from offices across the organization, including security, information assurance, and human resources offices.

d. Designate a senior official(s) with authority to provide management, accountability, and oversight of the organization's insider threat program and make resource recommendations to the appropriate agency official.

e. Consult with records management, legal counsel, and civil liberties and privacy officials to ensure any legal, privacy, civil rights, or civil liberties issues (including use of personally identifiable information) are appropriately addressed.

f. Promulgate additional department and agency guidance, if needed, to reflect unique mission requirements, but not inhibit meeting the minimum standards issued by the NITTF pursuant to this policy.

g. Perform self-assessments of compliance with insider threat policies and standards; the results of which shall be reported to the Senior Information Sharing and Safeguarding Steering Committee (hereinafter Steering Committee).

h. Enable independent assessments, in accordance with Section 2.1 (d) of Executive Order 13587, of compliance with established insider threat policy and standards by providing information and access to personnel of the NITTF.

 

Downloads: