Skip to Content
Press Enter

Insider Threat Assessment Using NIST Cybersecurity Framework

February 18, 2026

Copyright Notice All content is protected by international copyright laws. You may reference or quote small portions of this document with proper attribution to The IIA, but unauthorized reproduction, distribution, or use beyond that, other than for your own personal use, is strictly prohibited and may constitute a violation of copyright law, resulting in civil and criminal penalties. Contact copyright@theiia.org for permission to use our materials.
IIA Audit Tool: Insider Threat Assessment Using NIST Cybersecurity Framework

As a starting point for building a work program, internal auditors may use an existing risk and control framework. This tool replicates NIST’s Cybersecurity Framework 2.0 as the criteria against which an insider threat program may be evaluated.

Additional resources to use with this IIA Audit Tool

Auditing Insider Threat Programs
Insider Threat Leading Practices

Members Only

This is for members only. To access it and other valuable resources, become a member today or log in!

Learn about IIA programs and partners.

We are continually searching for innovative products and services to enhance our members' ability to meet their rising stakeholder demands.