Insider Threat
Detect and mitigate threats from internal personnel through monitoring and behavioral analysis.
9 of 9 frameworks cover this control
Framework Mappings
How Insider Threat maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | DE.CM-03 DE.AE-01 |
| ISO 27001 | Covered | A.5.7 A.6.1 A.8.15 |
| CIS v8 | Covered | CIS 6.1 CIS 6.2 CIS 8.6 |
| SOC 2 | Covered | CC6.2 CC6.3 CC7.2 |
| PCI DSS | Covered | 7.2.1 10.2.1 10.6.1 |
| CMMC | Covered | AC.L2-3.1.1 AU.L2-3.3.1 PS.L2-3.9.2 |
| 800-53 | Covered | PM-12 AC-6 AU-12 |
| HIPAA | Covered | §164.308(a)(3)(ii)(A) §164.308(a)(4) |
| GDPR | Covered | Art.29 Art.32(1)(b) Art.32(4) |
About Insider Threat
Insider Threat is a cybersecurity control in the Detect domain. Detect and mitigate threats from internal personnel through monitoring and behavioral analysis. Insider threat programs address the risk posed by employees, contractors, and business partners who have authorized access to organizational systems and may intentionally or accidentally cause harm. Detection approaches include user and entity behavior analytics (UEBA), monitoring for unusual data access patterns, tracking large file downloads or transfers, and correlating physical access logs with logical access activity. A comprehensive insider threat program also incorporates human resources processes such as background checks, separation of duties, exit interviews, and prompt access revocation upon termination to reduce both malicious and negligent insider risks.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.