scope:

Purpose.

This AFI establishes the following framework to integrate policies and procedures to detect, deter, and mitigate insider threats to national security and Air Force assets and establishes implementing guidance to:

Ensure existing and emerging counter-insider threat training and awareness programs are developed, implemented and managed accordingly.

Continuously evaluate personnel by enhancing technical capabilities to monitor and audit user activity within the confines of the DoD banner and all applicable laws on information systems.

Leverage legally applicable antiterrorism, counterintelligence, human resources, law enforcement, security (e.g. cyber, information, industrial, personnel, physical, and operations), medical, and other authorities to improve existing insider threat detection and mitigation efforts.

Detect, mitigate, and respond to insider threats through integrated and standardized processes and procedures while ensuring civil liberties and privacy rights are safeguarded.

Ensure the Air Force counter-insider threat analysis center, referred to as the AF C-InT Hub, shares reportable insider threat information and post-processed results of system monitoring, as appropriate, in accordance with thresholds published by the Office of the Under Secretary of Defense, Intelligence and Security with the DITMAC.

Establish the requirement for the AF C-InT Hub to deliver to the DITMAC postprocessed results of user activity monitoring and information system monitoring, as appropriate, in accordance with thresholds published by the Office of the Under Secretary of Defense, Intelligence and Security.

Establish the requirement for Air Force commands to report insider threat information to the AF C-InT Hub.