TREASURY DIRECTIVE 15-70

DATE:  September 15, 2021

SUBJECT:  Delegation of Treasury Counterintelligence and Insider Threat Functions and Programs

  1. PURPOSE.  This Directive establishes policies and assigns responsibilities in regard to oversight of counterintelligence (CI) and insider threat programs. This Directive authorizes Treasury Directive Publication (TD P) 15-70, Treasury CI and Insider Threat Manual.
  2. SCOPE.  This Directive applies to all bureaus, offices, and organizations in the Department of the Treasury, with the exception of the Offices of Inspector General. The provisions of this Directive shall not be construed to interfere with or impede the authorities or independence of the Offices of Inspector General.
  3. DELEGATION.  This Directive delegates the authority of the Under Secretary for TFI with respect to Treasury CI and insider threat functions and programs pursuant to 31 U.S.C. 312 and Treasury Order (TO) 105-20 to the Deputy Assistant Secretary (DAS) for Security and Counterintelligence (S&CI). It also delegates certain authorities (specified below) of the Assistant Secretary for Intelligence and Analysis for oversight of CI and insider threat programs, pursuant to 31 U.S.C. 311 and TO 105-20, respectively, to the DAS S&CI, the Director, Office of Counterintelligence (OCI), and the Director, Insider Risk Management Office (IRMO).
  4. REDELEGATION.  The DAS S&CI, Director, OCI, and Director, IRMO may re-delegate authority with respect to certain CI and insider threat programs and functions in writing, as appropriate.
    Any re-delegation to the bureau level for responsibility for CI or insider threat functions and programs shall be made in writing and based on bureaus having the resources, capability, experience, and training to operate their own program based on Treasury and government-wide requirements (including safeguards to protect sensitive personnel files and national security information).
  5. RESPONSIBILITIES.
    1. The Under Secretary for Terrorism and Financial Intelligence:
      1. 1) Is responsible for providing oversight of the Treasury Insider Threat Program in accordance with the authorities set out in 31 U.S.C. 312, Executive Order (EO)13587, and Treasury Order 105-20, “Insider Threat Program.”
      2. 2) Is responsible for issuing a final decision on any request for reconsideration of the Treasury Executive Advisory Board for Insider Threat’s resolution of any dispute regarding the Senior Official’s access to information, as contemplated under TO 105-20.
    2. The Assistant Secretary for Intelligence and Analysis:
      1. 1) Is the Senior Official responsible for establishing and implementing Treasury-wide CI functions and programs, in accordance with the authorities set out in 31 U.S.C. 311.
      2. 2) Is the Senior Official responsible for managing and implementing the Treasury Insider Threat Program in accordance with the authorities set out in EO 13587 and TO 105-20.
      3. 3) Is the Senior Official responsible for managing and implementing interagency agreements and arrangements related to Treasury CI and/or Insider Threat programs, including but not limited to the National Counterintelligence and Security Center (NCSC) and the National Counterintelligence Task Force.
    3. The DAS for Security and Counterintelligence:
      1. 1) Is responsible for overseeing all Treasury CI and insider threat functions and programs for the Department, including those not otherwise delegated in this Directive.
      2. 2) Is the principal advisor to the Under Secretary, TFI, Assistant Secretary, Office of Intelligence and Analysis, and other senior officials with respect to Treasury CI and insider threat programs and functions.
      3. 3) Shall ensure that the CI program is part of any Departmental effort to defend Treasury unclassified and classified information and information systems to identify and counter cyber threats.
      4. 4) Is responsible for submission of damage assessments of the compromise of Department resources to the Office of the Director of National Intelligence, the Federal Bureau of Investigation, and other relevant entities.
      5. 5) Shall ensure that the CI program is integrated into Departmental acquisition and procurement risk management efforts to safeguard Treasury’s supply chains.
      6. 6) Shall ensure compliance with insider threat policy guidelines, as well as applicable legal, privacy, and civil liberty protections.
      7. 7) Oversees the production and implementation of TD P 15-70.
    4. The Director, Office of Counterintelligence:
      1. 1) Is responsible for managing and implementing the Department’s receipt, analysis, collation, and dissemination of foreign CI information under 31 U.S.C. 311.
      2. 2) Is responsible for managing all aspects of Treasury’s CI program, to include the principal responsibility for implementation of Intelligence Community Directives (ICD) 750, 731 and 701.
      3. 3) Is the principal advisor to the DAS S&CI in conducting all applicable CI responsibilities under executive orders, presidential decision Directives, IC Directives and guidance, and similar issuances.
      4. 4) Represents the Department at national-level events for CI community senior leaders and directs OCI’s engagement and collaboration with interagency partners.
      5. 5) Ensures that CI personnel have knowledge of foreign intelligence threats and tradecraft, including cyber threats and threats to the supply chain, in accordance with standards on CI competencies issued in ICD 610.
      6. 6) Under the oversight of the Assistant Secretary for Intelligence and Analysis and the DAS S&CI, is responsible for publishing CI policies and the Treasury CI and Insider Threat Manual (TD P 15-70), to be maintained on an unclassified system.
      7. 7) Ensures that all Treasury employees with access to classified information or who occupy a sensitive position receive initial CI awareness training within 30 days of entering on duty and annually thereafter.
      8. 8) Is responsible for notification to the NCSC, or its successor organization, upon commencement of a damage assessment relating to the perceived significant loss or compromise of intelligence information, operations, or assets, and provide copies of Congressional notifications that relate to CI to the NCSC at the time they are provided to Congress and the Office of the Director of National Intelligence’s (ODNI) Office of Legislative Affairs pursuant to ICD 112.
      9. 9) Shall manage and implement any other CI activities as directed and authorized by applicable statute or presidential Directive.
    5. The Director, Insider Risk Management Office:
      1. 1) Shall serve as the program manager of the Department’s Insider Threat Program, as stated in TO 105-20.
      2. 2) Is responsible for managing all aspects of Treasury’s Insider Threat Program, to include establishing and managing a centralized capability for reporting, analyzing, and responding to insider threat information.
      3. 3) Shall prepare and submit an annual report to the Assistant Secretary for Intelligence and Analysis that shall document annual accomplishments, resources allocated, insider threat risks to the agency, recommendations and goals for program improvement, and major impediments or challenges.
      4. 4) Is the principal advisor to the DAS S&CI in conducting all applicable insider threat responsibilities under executive orders, presidential decision Directives, IC Directives and guidance, and similar issuances.
      5. 5) Represents the Department at national-level events for insider threat community senior leaders and directs IRMO’s engagement and collaboration with interagency partners.
      6. 6) Ensures that insider threat personnel shall have knowledge of insider threat competencies, in accordance with standards and guidance issued in the Minimum Standards for Executive Branch Insider Threat Programs and the Insider Threat Competency Resource Guide published by the ODNI.
      7. 7) Under the oversight of the Senior Official and the DAS S&CI, is responsible for publishing policies and guidance pertaining to insider threat to the Treasury CI and Insider Threat Manual (TD P 15-70), to be maintained on an unclassified system.
      8. 8) Ensures that all Treasury employees receive initial insider threat awareness training within 30 days of entering on duty and annually thereafter.
      9. 9) Shall oversee any other insider threat activities as directed and authorized by applicable statute or presidential Directive.
  6. OFFICES OF PRIMARY INTEREST.  Office of the Under Secretary for Terrorism and Financial Intelligence, Office of the Assistant Secretary for Intelligence and Analysis, Office of the DAS for Security and Counterintelligence, Office of Counterintelligence, and Insider Risk Management Office.

 

/S/
Michael Neufeld
Acting Assistant Secretary for Intelligence and Analysis