Defense Contractor


NISPOM Compliance

The National Industrial Security Program Operating Manual (“NISPOM”), a key component of the National Industrial Security Program, provides rules for contractors handling classified government information. 

All government contractors that fall under NISPOM guidelines must have a full insider threat program at their companies.

The insider threat program must detail a contractor’s system for gathering, integrating, reviewing, assessing, and responding to information indicative of a potential or actual insider threat. 

A contractor’s insider threat program must include monitoring of classified computer networks and systems, including monitoring of users.

Where are the Biggest Concerns?

where are the biggest concerns

The Cost of Inaction Could be Disaster

The FBI has detailed behavioral indicators of insider threat, including:

  • inappropriately seeking proprietary or classified information
  • taking confidential materials home
  • remote access to computer network at odd times
  • disregard of company policies regarding software or hardware
  • unreported foreign contacts or travel

Information that an employee has demonstrated any of these indicators – especially if combined with a potentially damaging motivation – should be shared among the Legal, HR and Information Security representatives, and likely reported to DSS.

The Truth About the Lack of Prevention


Of those surveyed, 2/3 consider malicious insider attacks or accidental breaches more likely than external attacks.


56% indicate regular employees are the biggest security risk to their organization, followed by privileged IT users at 55%


51% estimate the damages stemming from an insider attack to be greater than $100,000.