Government contractors that hold a facility security clearance (FCL) must have a written program in place no later than November 30, 2016, to begin implementing insider threat requirements published by the Department of Defense (DoD) in Change 2 to DoD 5220.22-M, National Industrial Security Program Operating Manual (NISPOM). In particular, on May 18, 2016, the DoD published Change 2 to the NISPOM, which requires contractors who have been granted an FCL "to establish and maintain an insider threat program to detect, deter and mitigate insider threats."

Where before it was a good approach to have such a program in place, contractors are now required to have such a program in place to detect threats of the theft of classified information from within its organization.

Change 2 comes on the heels of the very public case of Edward Snowden, who worked for a government contractor and was charged under the Espionage Act for releasing classified information. The need for an insider threat program is further bolstered by the recent arrest of another government contractor employee, Harold Thomas Martin, III, who is accused of stealing government property and of removing and retaining classified documents or materials without authorization.