NITTF Technical

NITTFlogo

The NITTF Technical Team is a vital component of the NITTF through its infusion of specialized expertise into other NITTF teams/work-streams as well as its development of effective and cost-effective technical solutions for the insider threat community. The Technical Team provides tailored assistance to inside threat programs spanning the IC, DoD, and NT-50 Federal Partners focusing on User Activity Monitoring (UAM), insider threat data integration and analysis, automated case management, Enterprise Audit Management (EAM), and other technical capabilities. The Technical Team also brokers classified network provider/subscriber relationships across the USG, maintains awareness of the vendor marketplace to identify tools and best practices, provides input to national-level policy frameworks, and explores solutions for emerging technical trends and vulnerabilities.

The NITTF Technical Team developed technical bulletins to provide the insider threat community additional information on key technological issues departments and agencies face when implementing insider threat programs. Bulletins are arraigned by the date of bulletins with the most recent on top. As new bulletins become available, they will be identified as new and placed on the top of the list. Click on the title to view the technical bulletin. For additional information contact the NITTF Technical Team.

Title	Date of Bulletin
How CNSSD 504 Defines UAM	5/27/2018

Abstract: This Tech Bulletin considers the definition of user activity monitoring (UAM) provided by CNSSD 504, and it notes the technical functionality that a UAM solution must have to meet the Directive’s requirements.

Title	Date of Bulletin
How CNSSD 1015 Defines EAM	4/27/2018

Abstract: This Tech Bulletin considers the definition of enterprise audit management (EAM) provided by CNSSD 1015. According to CNSSD 1015, EAM is the "the identification, collection, correlation, analysis, storage, and reporting of audit information, and monitoring and maintenance of this capability."

Title	Date of Bulletin
Security Information and Event Management for Insider Threat Programs	3/22/2018

Abstract: Security information and event management (SIEM) refers to a cyber tool for the collection and analysis of security events and threat management.

Title	Date of Bulletin
Data Quality for Insider Threat Programs	1/5/2018

Abstract: Executive branch departments and agencies should not overlook the importance of data quality to their insider threat programs. Inaccurate or ‘poor-quality’ data can hinder a program’s ability to identify theta behaviors and conduct an effective inquiry.

......................................................................................................

Provided below are additional technical bulletins that are not available for public release. Please contact NITTF if you have an official need for this item.

Title	Date of Bulletin
Directive on Protecting National Security Systems from Insider Threat (CNSSD 504 w/ Annex C)	09/15/2016

Abstract: This is the latest version of CNSSD 504 which adds Annex C, Privileged User and Privileged Access Controls

Title	Date of Bulletin
Continuous Monitoring and Continuous Evaluation and Their Value for insider Threat Programs	3/31/2018