Firewatch
Threat Solutions
Protect your organization from the inside out. Firewatch Threat Solutions provides trusted Insider Threat analysis and program support to U.S. government agencies and contractors. We leverage decades of federal security experience to deter, detect, and mitigate insider risks before they become incidents.
About Us
Intelligence Enabled,
Insider Risk Focused
Firewatch Threat Solutions is a mission-driven cybersecurity firm dedicated to safeguarding organizations from the growing risks of insider threats and cyber vulnerabilities. We specialize in insider threat detection, prevention, and mitigation. Our team consists of seasoned professionals with a range of certifications including CISSP, CEH, CCTIP-A & -F among others. We have extensive backgrounds in cybersecurity operations, risk assessment, and intelligence analysis; all to ensure that our clients receive the highest level of expertise, reliability, and strategic insight.Founded by Army veterans, our company is built on the same principles of vigilance, discipline, and unwavering attention to detail that define military and civil service. The name "Firewatch" comes from the overnight guard duty assignment in the Army, where soldiers patrol the barracks to prevent security incidents. Just as a firewatch requires constant awareness and proactive protection, our approach to cybersecurity ensures that threats are identified and mitigated before they can cause harm.We leverage this expertise to provide tailored solutions that address the unique threat landscapes of our clients, ensuring federal compliance along the way. Firewatch Threat Solutions is a small business specializing in Insider Threat Program support and analysis for government clients. Our mission is to help federal agencies and contractors safeguard sensitive information and personnel by identifying and neutralizing insider risks before harm occurs.
Core Services
User Activity Monitoring (UAM)
User Activity Monitoring allows for reliable detection of threats to your organization. Mandated by Executive Order 13587 for government organizations, our analyst can take their expertise to ensure your organization is fully compliant
User and Entity Behavioral Analytics (UEBA)
Save thousands of analyst hours by integrating Machine Learning algorithms to normalize user activity and triaging the most anomalous activity for priority review,
Saving both your data and budget.
Threat Intelligence
Integrating the most recent intelligence to ensure your detection and prevention incorporates the latest threats for your peace of mind
Program Development
Firewatch staff have a weallth of experience in bringing agency InT & InR programs from pre-program establishment to Full Operating Capacity (FOC) as defined by NITTF
Risk Assessments & Analytics
Do you have exploitable gaps in your Information Systems? We can provide assessments in support of policy and ruleset ("Trigger") development based upon open-source resources and best practices through our engineering team to ensure you are monitoring effectively while minimizing noise and false-positives.
Training & Workforce Awareness
We leverage real-world examples and translate the deluge of requirements and regulations into digestible statistics and actionable steps for your employees to ensure "left of boom" reporting
Firewatch Guide to Compliance
We ensure our solutions are up-to-date with all applicable regulatory standards, and informed by the industry's best practices. Firewatch is the most effective and efficient source for integrating these resources into your organization. This includes, but is not limited to:
Procurement ready & eager to suppport!
SDVOB PENDING
UEI: CBPQNEMTYE33
DUNS: 118481435
CAGE: 10B29
Have a RFI or RFP? Contact us:
Firewatch Guide to Compliance
Public Best Practice Guides
● CDSE Insider Threat Job Aids
● NITTF Insider Threat Guide, 2017
● NITTF Insider Threat Guide to accompany Minimum Standards, 2024
● NITTF Maturity Framework, 2018
● CERT Common Sense Guide to Mitigating Insider Threats, 7th Edition
● CISA Insider Threat Mitigation Guide, 2020
● NCSC Government Best Practice Guide, 2024
● GAO Insider Threat Study on Information Sharing
● DCSA Assessment Guide
● DSS Assessment Manual
Firewatch Guide to Compliance
Public Education Resources & Certifications
● Insider Threat Awareness, CDSE
● Insider Threat Curricula and Toolkit, CDSE
● Insider Threat Video for Senior Leaders, CDSE
● Certified Counter-Insider Threat Professional (CCITP) Program, OUSD I&S Certifications for Fundamentals and Analysis
● Insider Threat Analyst Course, Carnegie Mellon Software Engineering Institute (CM-SEI)
● Insider Threat Program Manager (ITPM) Certificate, CM-SEI
● CERT Insider Risk Management Measures of Effectiveness Certificate, CM-SEI
Firewatch Guide to Compliance
Regulations, References, and Requirements
Insider Threat Governance● E.O. 13587 Established National Insider Threat Program & NITTF
● CNSSD 504 Established requirements for these programs
● National Insider Threat Policy & Minimum Standards, Presidential memorandum addressing these standards
● DoDD 5205.16 Established Requirements of Insider Threat Programs
● ICD 750, Established separate CI and InT Programs for the IC
● DODI 5240.26 Established an InT/CI Working Group
● DODI 5205.83 Established DITMAC
● National Defense Authorization Act for F.Y. 2018 Strengthened Insider Threat Programs and Continuous Vetting Capabilities
● National Defense Authorization Act for F.Y. 2017 §951 Established DoD Enhanced Security Program (DESP)
● National Defense Authorization Act for F.Y. 2016 §1086 Reformed and Improved Personnel Security, Insider Threat Detection and Prevention, and Physical Security
● National Industrial Security Program Operating Manual (NISPOM) 32 CFR Part 117 sets requirements for industry insider threat programsUser Protections & Rights● Privacy Act of 1974, 5 U.S.C. §552a Established SORN and PIA requirements
● Health Insurance Portability and Accountability Act of 1996 (HIPAA) Public Law 104–191 set standards for protecting health information
● Whistleblower Protection Act of 1989, Public Law 101–12 addressed federal employee whistleblower protections
● Whistleblower Protection Enhancement Act of 2012
● DODD 7050.06 Military Whistleblower Protection (Military Whistleblower Act of 1988)
● Intelligence Community Whistleblower Protection Act of 1998Title VII of Pub. L. 105–272, allows IC employees to report urgent concerns to Congress
● DODI 1325.06 Handling Protest, Extremist, and Criminal Gang Activities Among Members of the Armed Forces
● DODR 5400.11-R Department of Defense Privacy Program
● DODR 6025.18-R DoD Health Information Privacy Regulation
● DoD Insider Threat “Prevention, Assistance, and Response” (PAR) Program DITMAC-hosted workplace violence prevention and threat management initiativeData & Personnel Security Protections● ITAR – 22 CFR Parts 120-130 Prohibits foreign export of weapons technologies, relevant to UAM
● NIST 800.53 Privacy and Security Controls
● E.O.13526 Addresses Classified National Security Information
● E.O. 13556 Controlled Unclassified Information
● E.O. 12829 Established the National Industrial Security Program & requires government contractors establish internal InT Programs
● FOIA/DoDD 5400.07, DoD Freedom of Information Act Program
● E.O. 12968 Set uniform criteria for granting and maintaining security clearances
● E.O. 13467 Reforms Processes Related to Suitability
● SEAD-6 Continuous Evaluation
● ICD 700 Protection of National Intelligence
● ICD 701 Unauthorized Disclosures
● FISMA Act of 2014 Public Law 113–283, federal information security management
● OMB Circular A-130 Manages Information as a Strategic Resource
● NIST Cybersecurity Framework Framework for Improving Critical Infrastructure Cybersecurity
● NIST S.P. 800-37 Risk Management Framework
● NIST Special Publication 800-61 Computer Security Incident Handling GuideReporting Requirements● DITMAC Reporting Thresholds
● DODD 5240.06 Addresses Counterintelligence Awareness and Reporting
● SEAD 3 Addresses Reporting Requirements for Personnel With Access to Classified Information
● SEAD-4 National Security Adjudicative Guidelines
● Intelligence Authorization Act for FY 1995 (Section 811) –Established requirements for notification to the FBI
Firewatch Guide to Compliance
Regulations, References, and Requirements
● DHS Instruction 262-05-002 PIA for the Information Sharing and Safeguarding: Insider Threat Program
● DOE Order 470.5 Establishes DOE Insider Threat Program to include national labs
● Department of Justice Order 0901 (2014) DOJ Insider Threat Prevention and Detection Program – Establishes DOJ’s Insider Threat program
● Department of Homeland Security Directive 262-05Expands DHS insider threat program beyond classified networks to encompass all employees (cleared or not) with access to DHS information
● Department of the Treasury Order 105-20 Established the Treasury's Insider Threat Program and creates an advisory board
● Department of State – The Foreign Affairs Manual (12 FAM 500) Section 513.4-4 specifically addresses insider threat program requirements (e.g. training, monitoring, and reporting of anomalies) for State Department personnel. Listed under 12 FAM 513.4-4 Insider Threat Program
● Army Regulation 381-12 (2016) Threat Awareness and Reporting Program (TARP) – Acts as an InT Reporting Mechanism requiring soldiers and Army civilians to report insider threat indicators to Army Counterintelligence.
● SECNAV Instruction 5510.37 Established the Navy Insider Threat Hub, governance structure, and procedures for monitoring, analysis, and response to insider risks across the Navy and Marine Corps.