Professional Lifecycle and Performance risk indicators focus on problems with an employee's work performance, conduct, or professional standing. These fall into three categories:

• Performance Concerns: Declining or poor performance ratings
• Disciplinary Actions: Reprimands, HR complaints, suspensions, unauthorized absences
• Employment Status: Demotions, separations (voluntary or involuntary, pending or completed), negative references from previous jobs

Foreign Considerations risk indicators focus on potential security risks based on an individual's foreign connections; these connections include:

• Citizenship: Having citizenship in a country viewed as a national security concern or having a spouse or family member with such citizenship
• Foreign Activities: Traveling to countries of concern, traveling frequently abroad (excluding official travel), serving in a foreign military or government
• Foreign Ties/Finance: Possessing a foreign passport, voting in foreign elections, having foreign assets or business interests, residing abroad, or receiving benefits from a foreign nation
• Foreign Contacts: Living with someone who is a foreign national, having foreign national contacts, or engaging in unauthorized contact with foreign intelligence agents
• Aiding Foreign Intelligence: Actions that enable or facilitate the activities of foreign intelligence entities

Security and Compliance Incidents risk indicators focus on an individual's trustworthiness and adherence to security protocols. These behaviors fall under the following categories:

• Improper Access and Data Security: Accessing classified information, physical facilities, or computer systems without authorization or proper need-to-know
• Financial Misconduct: Misusing government issued credit cards, expense violations, or time entry violations
• Security Lapses: Violations of security protocols, physical access anomalies (unusual physical access patterns), or virtual access anomalies (unusual computer access patterns)
• Non-compliance/Personal Conduct Issues: Failing to complete required training, neglecting to report necessary security clearance information, or engaging in outside employment that conflicts with security regulations
• Security Clearance Issues: Having a security clearance denied, suspended, or revoked
• Misuse of Privileges: Abusing access granted for official duties
• Security Issues: Security infractions, security violations, non-compliance with training, physical or virtual access anomalies, accessing facilities or systems outside of authorized hours.

Technical Activity risk indicators focus on identifying unauthorized or abnormal data movement and access attempts within a system. Technical Activity risk indicators include:

• Email Activities: Suspicious recipient, keywords, PII, large attachment, irregular volume (small/medium)
• Removable Media: Unauthorized USB, irregular data transfer (USB)
• Optical Drive: Unauthorized burning, irregular data transfer (optical drive)
• File Transfer: FTP, unauthorized file hosting, irregular volume (approved/unapproved)
• Printing/Faxing/Scanning/Copying: Irregular volume, irregular, and suspicious recipient
• Data Tampering: Erasing, modifying, tampering with records
• User Activity: Excessive screenshots, abnormal intranet browsing and suspicious websites, unexplained encrypted data storage, irregular data upload, excessive uploads, and large downloads
• Software: Unauthorized software, modifying registry/system files, starting/stopping services, modifying configuration files, disabling antivirus, firewall changes, introducing malicious code, outdated security software
• Network Activity: Network scans, unauthorized encryption software, and violating web policy

Unauthorized Disclosure is any communication or physical transfer of classified or controlled unclassified information (CUI) to an unauthorized recipient.

• Public Domain: Includes and is not limited to podcasts, print articles, internet-based articles, books, journals, speeches, television broadcasts, blogs, and postings
• Technology: Release and/or enabled theft of information relating to any defense operation, system, or technology determined to be classified and/or controlled unclassified information
• Unauthorized Recipient: Information wherein individual disclosed classified information and/or controlled unclassified information to unauthorized person or persons

Criminal, Violent, and Abusive Conduct potential risk indicators relate to violent behavior, criminal activity, and concerning personal situations, which include:

• Violent Behavior: Criminal violent behavior, sexual assault, domestic violence, threats of violence, exhibiting violence at work
• Criminal Activity: criminal behavior (other than violent), voluntary admission of crime, substantiated report, arrest, criminal proceedings (charges/convictions)
• Weapons: Possessing unauthorized weapon, weapon mishandling, criminal behavior involving weapons
• Legal Issues: Failure to follow court order, parole, probation, violation of parole/probation
• Criminal Associations: Criminal affiliations

Financial Considerations risk indicators focus on financial concerns, including criminal activity (theft, fraud), major financial difficulties (bankruptcy, foreclosure), and unresolved issues (delinquent debts, high debt ratio, tax issues). It also includes signs of suspicious wealth (unexplained affluence) and potential addictions (a gambling problem).

• Criminal Activity: Financial crimes, admissions of wrongdoing, and legal proceedings related to finances
• Debt Issues: Bankruptcy filings, foreclosures, defaults, liens, and excessive debt compared to income
• Tax Problems: Failure to file tax returns or wage garnishments due to unpaid taxes
• Suspicious Activity: Unexplained wealth alongside signs of gambling problems

Substance Abuse and Addictive Behavior risk indicators focus on substance abuse, including illegal and legal substances (alcohol and prescription drugs). It considers situations where abuse is discovered through self-admission, workplace incidents, failed drug tests, reports, arrests, or involvement in the criminal justice system. Additionally, it includes voluntary or involuntary treatment for substance abuse issues.

• Illegal drug use
• Drug trafficking
• Substance, alcohol, and prescription drug abuse
• Drug test failure
• Substance dependence
• Rehabilitation

Judgment, Character, and Psychological Conditions risk indicators focus on behaviors and characteristics that could raise concerns about an individual's suitability for a position, particularly those requiring security clearance or a high degree of trust. These concerns fall under several categories:

• Deception/Dishonestly: Falsifying information, past untruthfulness
• Disloyalty: Expressing ill-will towards the government or employer
• Mental Health Concerns: Self-harm, suicidal ideation, suicide attempt