Back to Standards Hub
Capability Mapping

IRCF™ vs CISA Insider Threat Guidance

CISA's insider threat guidance helps organizations understand foundational mitigation concepts, baseline program practices, and stakeholder education. The Insider Risk Capability Framework™ (IRCF™) is a comprehensive, structured capability model for insider risk maturity. Together, they support a defensible program architecture that moves from baseline program questions to capability ownership and measurable exposure reduction.

Use CISA guidance for

  • Program foundations and stakeholder education
  • Holistic insider threat mitigation concepts
  • Baseline program maturity self-evaluation using CISA's Insider Risk Mitigation Program Evaluation (IRMPE)
  • Public-sector-aligned language and scalable practices
Focuses on broad outcomes & static requirements

Use IRCF™ for

  • Structured operational capability maturity by component
  • Applied linkages across use cases, procedures, tools, metrics, and risk personas
  • Designing tailored internal roadmaps and identifying program capability gaps
Focuses on specific insider-risk capability maturity

How They Work Together

Use CISA guidance to explain why a multidisciplinary insider risk program matters. Use IRCF™ to organize the capabilities that make the program operational.

Compliance & Advisory Context

This page is educational and is not legal, regulatory, audit, or certification advice.

Comparison Clarifications

Perform a Mapping Assessment

Use RiskTKO® or an ITMG® Guided Exposure Assessment to convert maturity insights into prioritized insider risk exposure actions.