CMMC Practice AT.3.058
Provide security awareness training on recognizing and reporting potential indicators of insider threat.
Bold Coast Security Guidance
Do not over complicate this practice! As stated in the example, ensure that your annual training contains references to recognizing and reporting suspected insider threats. You may wish to have them contact the Help Desk, but define alternate methods for users to report these concerns, such as key people in the organization who can be contacted in confidentiality, like their Human Resource representative.
DRAFT NIST SP 800-171 R2
Potential indicators and possible precursors of insider threat include behaviors such as: inordinate, long-term job dissatisfaction; attempts to gain access to information that is not required for job performance; unexplained access to financial resources; bullying or sexual harassment of fellow employees; workplace violence; and other serious violations of the policies, procedures, directives, rules, or practices of organizations. Security awareness training includes how to communicate employee and management concerns regarding potential indicators of insider threat through appropriate organizational channels in accordance with established organizational policies and procedures . Organizations may consider tailoring insider threat awareness topics to the role (e.g., training for managers may be focused on specific changes in behavior of team members, while training for employees may be focused on more general observations).