Marine Corps Looks for Insider Threat Monitoring Capability

Glynnis Jones/

And another Marine Corps application addressing a specific kind of insider threat—suicidal ideation—will be established as a system of records.

The Marine Corps is looking for a user monitoring and auditing capability for its enterprise networks in support of a pilot program meant to foster a better understanding of unauthorized disclosures and exfiltration of sensitive data on Defense Department networks. 

The Marine Corps needs a capability that can find and assess anomalous activity on both classified and unclassified enterprise networks, according to a sources sought notice posted Thursday to At a minimum, five technical requirements must be met: the capability must include keystroke monitoring, full application content such as email and chat, screen capture, file shadowing, and the ability to attribute data to a specific user. 

The performance work statement included with the notice defined seven breach methods on which the capability must focus: connect to network, privilege elevation, connect to target system, establish file shares, access sensitive information, copy to file share, and copy data to outside entities.

The cross-domain solution must include hardware and software, with maintenance support for the life of the contract, and provide administrators with centralized control that can be scaled to add more networks or clients, according to the notice. The capability must be a Protection Level 4, commercial-off-the-shelf solution usable on existing workstation hardware. It must be remotely accessible. 

“Logging, monitoring, and auditing of information system activities can lead to early discovery and mitigation of behavior indicative of an insider threat,” the performance work statement reads. “[User activity monitoring] also plays a key role in prevention, assistance, and response (PAR) to insider threats. As such, UAM development will include consideration of potential acts of violence against organizational resources, including suicidal ideation.”

This sources sought notice comes as another Marine Corps capability built to address that last point—suicidal ideation—comes online. The Command Individual Risk and Resiliency Assessment System application, known as CIRRAS, is set to be established as a System of Record, according to a document filed on the Federal Register Friday. The document will be published Feb. 22. 

“The intensity or accumulation of multiple stressors is linked to a greater likelihood of harmful reactions including death by suicide,” the document reads. “The CIRRAS application is a networked, web-based application that captures risk, resiliency and critical stressor factors for all United States Marines and United States Armed Forces Service Members assigned to the USMC to provide Force Preservation information to the unit commander.” 

CIRRAS holds a host of biographical information to help commanders understand overall wellness and troop readiness, according to notice. 

“CIRRAS is a system built by the Marine Corps for the Marine,” Mary Feltis, the project officer for CIRRAS, said in a Feb. 11 news release. “The Marine Corps’ chain of command is responsible for supporting the overall well-being and combat readiness of their Marines. CIRRAS assists them in accomplishing this mission.”

The application was developed after an “unprecedented amount of suicides among Marines in 2009,” according to the release. In response, USMC created a monthly review by commanders to monitor well-being. But until CIRRAS, information about force well-being was stored in spreadsheets and word processing applications, which lacked adequate security, according to the release. 

To solve this problem, CIRRAS was created. The application became operational in September 2020 and is hosted on Amazon Web Services’ GovCloud, according to the release and the Federal Register document.