AT.L2-3.2.3 Insider Threat Awareness

CMMC Practice AT.L2-3.2.3 – Insider Threat Awareness: Provide security awareness training on recognizing and reporting potential indicators of insider threat.

Links to Publicly Available Resources


An insider threat is an employee or contractor that is authorized for computing or network activities, but conducts malicious activity with that access. The insider threat security awareness training focuses on recognizing employee behaviors and characteristics that might be indicators of an insider threat and knowing the guidelines and procedures on how to handle and report it. Training for managers will provide guidance on observing team members to identify all potential threat indicators, while training for general employees will be slightly different and provide guidance for focusing on a smaller number of indicators. While all the indicators are important, general employees may be on different teams and knowledge of their job dissatisfaction or requests for information not required for adequate job performance is unknown. In other words, it is important to tailor the training for specific roles rather than having the same training program for everyone.