NIST 800-53 r5 · Controls catalogue · Family PM

PM-12Insider Threat Program

Implement an insider threat program that includes a cross-discipline insider threat incident handling team.

Last updated: 09 May 2026 03:25 UTC

Implementations targeting this control (0)

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE	Name	CVEs	Why this control addresses it
`CWE-862`	Missing Authorization	8,680	Dedicated team detects missing authorization checks being bypassed by insiders through monitoring and response procedures.
`CWE-284`	Improper Access Control	4,832	Program provides ongoing monitoring and handling of access-control violations that insiders could otherwise exploit undetected.
`CWE-863`	Incorrect Authorization	3,234	Insider threat processes catch and remediate incorrect authorization decisions before or after exploitation occurs.
`CWE-269`	Improper Privilege Management	2,907	Cross-discipline incident team detects and responds to improper privilege assignments or escalations by insiders.
`CWE-732`	Incorrect Permission Assignment for Critical Resource	1,824	Program reviews and corrects overly permissive resource assignments that insiders could exploit for unauthorized access.
`CWE-285`	Improper Authorization	1,230	Incident handling team identifies and mitigates authorization failures that allow insiders to perform unauthorized actions.
`CWE-250`	Execution with Unnecessary Privileges	305	Insider threat program enforces least-privilege reviews and monitors privileged actions, directly reducing abuse of unnecessary rights.

CVE	Risk	CVSS	EPSS	Match
No CVEs annotated to this control yet — the per-CVE backfill is in progress.