About the Certified Counter-Insider Threat Professional (CCITP) Program
CCITP Program History and Purpose
With the rise of classified information being released into the public domain and causing great damage to the interests and activities of U.S. and Allied forces across the world, the President of the United States signed Executive Order (EO) 13587 in 2011. The EO created a mandate that every Executive Level Department and Agency have a Counter-Insider Threat (C-InT) Program capable of deterring, detecting and mitigating against actions by employees who present a threat to national security. The EO also established the National Insider Threat Task Force (NITTF) as the government-wide means for assisting Departments and Agencies as they develop and implement their own C-InT programs. Since the signing of the EO, responses from the Executive Level Departments and Agencies across the U.S. federal government have varied. In 2017, the NITTF began partnering with the Office of the Under Secretary of Defense for Intelligence and Security (OUSD(I&S)) as part of an ongoing effort to bring all Departments and Agencies into compliance with the EO as well as to standardize and professionalize the C-InT workforce across the federal government.
On October 30, 2018, the OUSD(I&S), along with the NITTF, facilitated the first meeting of C-InT professionals from across the federal government to discuss the vision and scope of what would become the CCITP Program. This group would eventually evolve to become the CCITP Governance Council (CCITP GC). The goal of the CCITP GC is to create a certification program that will establish workforce credibility, foster a professional identity, and catalyze professional development.
The CCITP Program is the first certification program within the U.S. federal government to be developed jointly by representatives from both the Department of Defense (DoD) and the broader U.S. Government (USG). Because of this joint effort, the scope and applicability of the CCITP Program applies to all C-InT programs within Departments and Agencies across the U.S. federal government. This effort was made possible by the partnership between the Under Secretary of Defense for Intelligence and Security (USD(I&S)) and the Director of the National Counterintelligence and Security Center (NCSC) (a senior agency who manages the NITTF and reports to the Office of the Director of National Intelligence (ODNI)). Together the USD(I&S) and the Director of NCSC serve as the joint conferral authorities for the CCITP Program.
Currently the CCITP Program offers two certifications:
- CCITP – Fundamentals (CCITP-F)
- CCITP – Analysis (CCITP-A)
The CCITP Program was developed with extensive input from the C-InT workforce, including from individuals working within the various Components of the DoD and numerous other federal departments and agencies. First, the program conducted a practice analysis to identify the CCITP-Essential Body of Work (CCITP-EBW) and CCITP-Essential Body of Knowledge (CCITP-EBK). The CCITP-EBW reflects broad accountabilities (or functions) needed to ensure successful execution of the C-InT mission. The CCITP-EBK reflects the knowledge needed to execute accountabilities specified in the CCITP-EBW. Both the CCITP-EBK and CCITP-EBW leverage the Insider Threat Competency Resource Guide, published by the NITTF in August 2017.
After gaining community concurrence with these products, the CCITP Program executed the criterion-referenced test development (CRTD) process. This includes 1) leveraging community Subject Matter Experts (SMEs) to develop, review, and validate exam questions; 2) compiling, formatting, and publishing exam questions in pilot exam forms; 3) recruiting C-InT workforce volunteers to take the pilot exams; 4) conducting a psychometric analysis to score each exam, identify the best exam questions, and generate final exam forms; and 5) working with community SMEs to establish each exam’s passing score.
Finally, after executing the CRTD process, the CCITP Program engaged with community SMEs to establish the CCITP Program’s certification requirements. This includes working with SMEs to establish the following certification requirements:
- Eligibility (i.e., Who can participate in the CCITP Program?)
- Pre-requisites (i.e., What must candidates do prior to sitting for the exam?)
- Maintenance Cycle (i.e., How long is the certification valid?)
- Maintenance Requirements (i.e., What must individuals do to keep their certification valid?)
The CCITP-F measures and assesses whether an individual has the requisite knowledge and skills annotated in the CCITP-Essential Body of Knowledge to perform the tasks outlined in the CCITP-Essential Body of Work. The CCITP-F was designed with a target population of those personnel working directly in a C-InT program; however, because each program is unique with different needs and constraints, the CCITP-F is open to anyone who works within or is affiliated with a C-InT Program, as determined by each organization’s Program Manager. The examination measures acceptable performance across five (5) topic areas:
- Topic Area 1: Policy and Directives - 25%
- Topic Area 2: Social and Behavior Science - 10%
- Topic Area 3: Researching - 30%
- Topic Areas 4 & 5: Synthesis & Tools and Methods - 35%
The CCITP-A establishes a common standard of analytic tradecraft of all who serve and support the Counter-Insider Threat (C-InT) capability; it focuses on the analysis of C-InT information and development of mitigation recommendations. The CCITP-A measures and assesses whether an individual has the requisite knowledge and skills annotated in the CCITP-Essential Body of Knowledge to perform the tasks outlined in the CCITP-Essential Body of Work. The CCITP-A was designed for the target population of those personnel working directly in a C-InT program and performing analysis functions. The examination measures acceptable performance across six (6) topic areas:
- Topic Area 1: Policy and Directives - 20%
- Topic Area 2:Social and Behavior Science - 10%
- Topic Area 3: Researching - 20%
- Topic Areas 4 & 5: Synthesis & Tools and Methods - 35%
- Topic Area 6: Vulnerabilities Assessment and Management - 15%
The table below displays the exam and program statistics for CCITP-F and CCITP-A. These statistics are current as of October 2022.
|Total Number of Attempts
|Total Number of Active Certificants
The Counter-Insider Threat Professional Certification Program (CCITP) is operated by the CCITP Program Management Office (CCITP PMO) under the oversight of the Office of the Under Secretary of Defense for Intelligence and Security Human Capital Management Office (OUSD(I&S)/HCMO). The CCITP PMO coordinates activities and execution of the program with the National Insider Threat Task Force (NITTF).