Editor’s Note: The following is an excerpt from Appendix II, Minimum Standards for Executive Branch Insider-Threat Programs of GAO-15-144, Insider Threats: DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems. The report is available here.
From: GAO
MONITORING USER ACTIVITY ON NETWORKS:
Agency heads shall ensure insider threat programs include:
- Either internally or via agreement with external agencies, the technical capability, subject to appropriate approvals, to monitor user activity on all classified networks in order to detect activity indicative of insider threat behavior. When necessary, Service Level Agreements (SLAs) shall be executed with all other agencies that operate or provide classified network connectivity or systems. SLAs shall outline the capabilities the provider will employ to identify suspicious user behavior and how that information shall be reported to the subscriber’s insider threat personnel.
- Policies and procedures for properly protecting, interpreting, storing, and limiting access to user activity monitoring methods and results to authorized personnel.
- Agreements signed by all cleared employees acknowledging that their activity on any agency classified or unclassified network, to include portable electronic devices, is subject to monitoring and could be used against them in a criminal, security, or administrative proceeding. Agreement language shall be approved by the Senior Official(s) in consultation with legal counsel.
- Classified and unclassified network banners informing users that their activity on the network is being monitored for lawful United States Government-authorized purposes and can result in criminal or administrative actions against the user. Banner language shall be approved by the Senior Official(s) in consultation with legal counsel.
Leave a Reply