Governance & Program Info

Personnel Security & Insider Threat — Governance

Cross-builder institution context and per-item ownership, due dates, status, and next actions for the governance-relevant checklist items in this builder.

← Back to checklist
Institution context
Program info
Applies across every builder in the app. Stored locally; nothing leaves the browser.
Checklist governance
Items (0 of 15 marked complete)
Annotate ownership, due date, status, and next action. Items on the left come from the builder's governance / compliance phases.
05 · Governance & Compliance
E.O. 13587 program charter on file
required
Written program charter mapping program structure, authorities, and roles to E.O. 13587 requirements.
05 · Governance & Compliance
NITTF minimum-standards self-assessment (current)
required
Self-assessment against NITTF minimum standards refreshed on the NITTF-defined cadence.
05 · Governance & Compliance
DoDD 5205.16 / DITMAC referral integration (DoD)
recommended
For DoD components, confirm DITMAC referral mechanism under DoDI 5205.83.
05 · Governance & Compliance
CNSSD 504 compliance for NSS
required
For programs on National Security Systems, confirm CNSSD 504 technical monitoring requirements are implemented.
05 · Governance & Compliance
32 CFR Part 117 NISPOM compliance (cleared contractors)
required
Cleared-contractor insider-threat programs operate under 32 CFR Part 117 (replaced DoD 5220.22-M) with CSA oversight.
05 · Governance & Compliance
CDSE Insider Threat training for program personnel
required
Insider Threat Hub personnel and designated Insider Threat Program Senior Officials complete CDSE curriculum.
05 · Governance & Compliance
Annual insider-threat awareness training for all cleared personnel
required
NITTF minimum standard; also a 32 CFR Part 117 requirement for cleared contractors.
05 · Governance & Compliance
CSA / DCSA liaison and reporting
required
Designated liaison for Cognizant Security Agency interface, adverse-information reporting, and CV interaction.
05 · Governance & Compliance
Analyst separation-of-duties
recommended
The person who triages an indicator is not the person who makes the adjudicative recommendation.
05 · Governance & Compliance
Model documentation package
required
Purpose, data lineage, authorities-to-collect per feature, assumptions, limitations, known failure modes, fairness results.
05 · Governance & Compliance
Independent model validation
required
Team independent of model developers validates logic, data, assumptions, and disparate-impact results.
05 · Governance & Compliance
Civil-liberties / privacy officer sign-off per release
required
Every material model or feature change requires sign-off from the component privacy / civil-liberties officer.
05 · Governance & Compliance
Change management and model versioning
requiredtrinidy
Who approves model updates, what testing is required, how changes are versioned and rolled back.
05 · Governance & Compliance
Annual program report to leadership
recommended
Referral volume, confirmed cases, false-referral rate, disparate-impact results, and open corrective actions reported to program senior official.
05 · Governance & Compliance
Validate model against publicly studied historical cases
recommended
Stress-test the analytic against the publicly documented indicators from Snowden, Manning, and Reality Winner where features apply.