I would like to do an assessment on our control environment to mitigate risk associated with insider threats.
Can someone recommend a control framework to use for this or have a template they are willing to share?
Not knowing your industry, I might suggest that you start with the following resources:
Lots of information that will hopefully assist you.
dcontesti pointed to what I would consider an excellent resource from CISA.
The below I found useful, but the 'meat and potatoes', so to speak, can be found starting on page 28 I believe.