ACCORDING to CISA, the agency published guidance on assembling a Multi-Disciplinary Insider Threat Management Team to help critical infrastructure stakeholders, including private sector entities across sectors, implement an insider threat mitigation programme that blends physical security, cybersecurity, personnel awareness, and community partnerships. Central to the guidance is the POEM framework—Plan, Organize, Execute, and Maintain—which structures the lifecycle of the threat management team.
In the planning phase, organisations are encouraged to define the team’s purpose, identify critical assets and priorities, determine risk tolerance, and set reporting pipelines. The organising phase emphasises raising employee awareness, fostering a reporting culture, and coordinating with relevant departments so they can identify potential insider threat activity, with CISA noting that a trusted staff with varied expertise will better synthesise data.
The execution phase covers programme operation, including mandatory training, information integration, an analysis hub, and legal guidance, while the maintenance phase focuses on ongoing training, policy updates, and external resources to adapt to emerging threats. The guidance was published on 28 January 2026.