AT.L2-3.2.3 — Provide security awareness training on recognizing and reporting potential indicators of insider threat.
What this control requires
Provide security awareness training on recognizing and reporting potential indicators of insider threat.
Source: CMMC L2 v2.13 AT.L2-3.2.3 / NIST SP 800-171 R2 3.2.3 (official control text).
Why this matters
Insider threats — whether malicious, negligent, or compromised — represent one of the hardest attack vectors to detect because the adversary already has legitimate access. Unlike external attackers, insiders know where sensitive data lives, how security controls operate, and how to evade detection. This control requires the organization to train personnel to spot behavioral, technical, and procedural red flags that may indicate an employee, contractor, or partner poses a risk. Early detection and clear reporting channels enable timely intervention before data exfiltration, sabotage, or reputational damage occurs. Effective insider threat awareness turns the workforce into a human sensor network that complements technical controls.
What evidence assessors expect
Assessors typically look for: PDF, CSV export, training certificate. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.
Related controls
See your live posture on AT.L2-3.2.3.
FORCE shows where you stand on this control and walks you through closing it.
Start a free trial tenant →