AT.L2-3.2.3—Insider Threat Awareness
Level 2
800-171: 3.2.3
>Control Description
Provide security awareness training on recognizing and reporting potential indicators of insider threat.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your insider threat awareness program policy?
- •How do you identify indicators of insider threat to include in training?
- •What is your process for updating insider threat training content?
- •How do you govern the insider threat program and reporting procedures?
Technical Implementation:
- •What platforms deliver insider threat awareness training?
- •How do you track completion of insider threat training?
- •What technical mechanisms support insider threat training delivery?
- •How is insider threat content integrated into general awareness training?
- •What tools verify all users complete insider threat training?
Evidence & Documentation:
- •What training materials and curricula can you provide?
- •What training completion records and certificates demonstrate compliance?
- •What training attendance rosters and sign-in sheets can you show?
- •What LMS reports show training assignment and completion?
- •What documentation shows training content is current and role-appropriate?
- •What evidence demonstrates initial and refresher training?
Ask AI
Configure your API key to use AI features.