[House Hearing, 113 Congress]
[From the U.S. Government Publishing Office]
THE INSIDER THREAT TO HOMELAND SECURITY:
EXAMINING OUR NATION'S SECURITY CLEAR-
ANCE PROCESSES
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON COUNTERTERRORISM
AND INTELLIGENCE
OF THE
COMMITTEE ON HOMELAND SECURITY
HOUSE OF REPRESENTATIVES
ONE HUNDRED THIRTEENTH CONGRESS
FIRST SESSION
__________
NOVEMBER 13, 2013
__________
Serial No. 113-42
__________
Printed for the use of the Committee on Homeland Security
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.gpo.gov/fdsys/
__________
U.S. GOVERNMENT PRINTING OFFICE
87-372 PDF WASHINGTON : 2014
___________________________________________________________________________
For sale by the Superintendent of Documents, U.S. Government Printing Office,
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202-512-1800, or 866-512-1800 (toll-free). E-mail, [email protected].
COMMITTEE ON HOMELAND SECURITY
Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas Bennie G. Thompson, Mississippi
Peter T. King, New York Loretta Sanchez, California
Mike Rogers, Alabama Sheila Jackson Lee, Texas
Paul C. Broun, Georgia Yvette D. Clarke, New York
Candice S. Miller, Michigan, Vice Brian Higgins, New York
Chair Cedric L. Richmond, Louisiana
Patrick Meehan, Pennsylvania William R. Keating, Massachusetts
Jeff Duncan, South Carolina Ron Barber, Arizona
Tom Marino, Pennsylvania Dondald M. Payne, Jr., New Jersey
Jason Chaffetz, Utah Beto O'Rourke, Texas
Steven M. Palazzo, Mississippi Tulsi Gabbard, Hawaii
Lou Barletta, Pennsylvania Filemon Vela, Texas
Chris Stewart, Utah Steven A. Horsford, Nevada
Richard Hudson, North Carolina Eric Swalwell, California
Steve Daines, Montana
Susan W. Brooks, Indiana
Scott Perry, Pennsylvania
Mark Sanford, South Carolina
Greg Hill, Chief of Staff
Michael Geffroy, Deputy Chief of Staff/Chief Counsel
Michael S. Twinchek, Chief Clerk
I. Lanier Avant, Minority Staff Director
------
SUBCOMMITTEE ON COUNTERTERRORISM AND INTELLIGENCE
Peter T. King, New York, Chairman
Paul C. Broun, Georgia Brian Higgins, New York
Patrick Meehan, Pennsylvania, Vice Loretta Sanchez, California
Chair William R. Keating, Massachusetts
Jason Chaffetz, Utah Bennie G. Thompson, Mississippi
Chris Stewart, Utah (ex officio)
Michael T. McCaul, Texas (ex
officio)
Kerry Ann Watkins, Subcommittee Staff Director
Dennis Terry, Subcommittee Clerk
Hope Goins, Minority Staff Director
C O N T E N T S
----------
Page
Statements
The Honorable Peter T. King, a Representative in Congress From
the State of New York, and Chairman, Subcommittee on
Counterterrorism and Intelligence:
Oral Statement................................................. 1
Prepared Statement............................................. 2
The Honorable Brian Higgins, a Representative in Congress From
the State of New York, and Ranking Member, Subcommittee on
Counterterrorism and Intelligence:
Oral Statement................................................. 3
Prepared Statement............................................. 4
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Ranking Member, Committee on
Homeland Security:
Prepared Statement............................................. 5
Witnesses
Mr. Merton W. Miller, Associate Director of Investigations,
Federal Investigative Services, U.S. Office of Personnel
Management:
Oral Statement................................................. 7
Prepared Statement............................................. 9
Mr. Gregory Marshall, Chief Security Officer, U.S. Department of
Homeland Security:
Oral Statement................................................. 11
Prepared Statement............................................. 13
Mr. Brian A. Prioletti, Assistant Director, Special Security
Directorate, National Counterintelligence Executive, Office of
Director of National Intelligence:
Oral Statement................................................. 15
Prepared Statement............................................. 18
Ms. Brenda S. Farrell, Director, Defense Capabilities and
Management, Military and DOD Civilian Personnel Issues, U.S.
Government Accountability Office:
Oral Statement................................................. 20
Prepared Statement............................................. 21
Appendix
Questions From Honorable Peter T. King for Merton W. Miller...... 47
Questions From Honorable Peter T. King for Gregory Marshall...... 47
Questions From Honorable Peter T. King for Brian A. Prioletti.... 49
Questions From Honorable Peter T. King for Brenda S. Farrell..... 50
THE INSIDER THREAT TO HOMELAND SECURITY: EXAMINING OUR NATION'S
SECURITY CLEARANCE PROCESSES
----------
Wednesday, November 13, 2013
U.S. House of Representatives,
Committee on Homeland Security,
Subcommittee on Counterterrorism and Intelligence,
Washington, DC.
The subcommittee met, pursuant to call, at 2:29 p.m., in
Room 311, Cannon House Office Building, Hon. Peter T. King
[Chairman of the subcommittee] presiding.
Present: Representatives King, Higgins, and Keating.
Mr. King. This Monday, our Nation celebrated Veteran's Day
to honor the men and women who have fought, and continue to
fight, for our country. In addition to these brave individuals,
other Federal employees from the Department of Homeland
Security, FBI, CIA, the NSA, and many other agencies work every
day to protect Americans and U.S. interests from threats. These
patriots deserve our gratitude for their tireless work.
The unfortunate reality is that they must also guard
against internal threats. Appalling events over recent years
involving trusted individuals who have damaged National
security or committed tragic acts of violence have put a
spotlight on the need for reforms and rigorous oversight over
the security clearance process and programs to detect insider
threats.
PFC Bradley Manning is serving a 35-year sentence for
leaking Classified information to WikiLeaks. The next step is
to prosecute Julian Assange who published the documents.
In May, media outlets reported that former CIA analyst and
current NSA contractor Edward Snowden had fled to Hong Kong and
released a large amount of data on Classified NSA surveillance
programs.
On September 16, barely 2 months ago, Aaron Alexis, a DOD
contractor, shot his way into the Washington, DC Navy Yard and
killed 12 people.
All of these individuals were trusted, vetted U.S. security
professionals who abused that trust and committed heinous acts.
It is vital that more be done to identify potential insider
threats.
While none of these examples involve DHS or DHS personnel,
the Department of Homeland Security has over 120,000 employees
with a security clearance. It is vital that we continually
evaluate the internal processes and procedures for how those
clearances are investigated, adjudicated, and reviewed.
In addition to our review of DHS security practices,
today's witnesses will be asked to evaluate the quality and
standards for security clearance investigations and
adjudications, as well as address potential problems limiting
information sharing between agencies on employees with
clearances.
For example, in the Snowden case the after-action review
completed by the ODNI disclosed that the 2011 background check
was incomplete. According to press reports, the investigation
did not verify Snowden's account of a security violation while
at the CIA, review travel to India Snowden failed to disclose,
and include interviews with anyone outside of his mother and
girlfriend. If the investigation had been done properly it
could have impacted Snowden's clearance. This also raises
serious questions about what standards are used in reviewing
the background investigation and adjudicating a case, and why
one wasn't sent back to the investigator for a more thorough
review.
There were nearly 5 million U.S. Government employees or
contractors with security clearances, including over 1.4
million with a Top Secret clearance.
Now is the time to reinforce the message that a security
clearance is a privilege granted so that individuals can
protect the United States from threats. Not only can a
clearance be revoked for cause, but violations must be
prosecuted to the fullest extent of the law.
There are a number of reviews underway in the aftermath of
the Manning, Snowden, and Alexis incidents. It is vital that
necessary reforms are implemented expeditiously to detect and
disrupt future insider threat situations.
These reforms must include an update to the Federal
guidance for background investigations. in a post-9/11 world,
security clearances must address evolving threats such as
radical Islam and cyber crime. Had investigators looked
differently into Snowden's background they might have
identified disturbing trends that made him unfit to hold a
clearance of any kind and a potential insider threat to U.S.
National security.
I look forward to hearing more from the witnesses on these
efforts, including whether or not the 5-year reinvestigation
for Top Secret clearance-holders is appropriate, what
additional periodic or continuous monitoring capability exists,
and what more can be done to safeguard our Classified
information technology systems from abuse.
I want to thank all the witnesses for being here today and
for your work to detect and prevent insider threats.
[The statement of Chairman King follows:]
Statement of Chairman Peter T. King
This Monday our Nation celebrated Veteran's Day to honor the men
and women who have fought, and continue to fight, for our country. In
addition to these brave individuals, other Federal employees from the
Department of Homeland Security, FBI, CIA, the NSA, and many other
agencies work every day to protect Americans and U.S. interests from
threats. These patriots deserve our gratitude for their tireless work.
The unfortunate reality is that they must also guard against
internal threats. Appalling events over recent years involving trusted
individuals who have damaged National security or committed tragic acts
of violence have put a spotlight on the need for reforms and rigorous
oversight over the security clearance process and programs to detect
insider threats.
PFC Bradley Manning is serving a 35-year sentence for
leaking Classified information to WikiLeaks. The next step is
to prosecute Julian Assange who published the documents.
In May, media outlets reported that former CIA analyst and
current NSA contractor Edward Snowden had fled to Hong Kong and
released a large amount of data on Classified NSA surveillance
programs.
On September 16, just shy of 2 months ago, Aaron Alexis--a
DOD contractor shot his way into the Washington, DC Navy Yard
and killed 12 people.
All of these individuals were vetted, trusted U.S. security
professionals who abused that trust and committed heinous acts. It is
vital that more is done to identify potential insider threats.
While none of those examples involved DHS or DHS personnel, the
Department of Homeland Security has over 120,000 employees with a
security clearance. It is vital that we continually evaluate the
internal processes and procedures for how those clearances are
investigated, adjudicated, and reviewed.
In addition to our review of DHS security practices, today's
witnesses will be asked to evaluate the quality and standards for
security clearance investigations and adjudications, as well as address
potential problems limiting information sharing between agencies on
employees with clearances. For example, in the Snowden case the after-
action review completed by the Office of the Director of National
Intelligence (ODNI) disclosed that the 2011 background check was
incomplete. According to the Wall Street Journal, the investigation did
not verify Snowden's account of a security violation while at the CIA,
review travel to India Snowden failed to disclose, and include
interviews with anyone outside of his mother and girlfriend. If the
investigation had been done properly it could have impacted Snowden's
clearance. This also raises serious questions about what standards are
used in reviewing the background investigation and adjudicating a case,
and why this one wasn't sent back to the investigator for a more
thorough review.
There are nearly 5 million U.S. Government employees or contractors
with security clearances, including over 1.4 million with a Top Secret.
Now is the time to reinforce the message that a security clearance
is a privilege granted so that individuals can protect the United
States from threats. Not only can a clearance be revoked for cause, but
violations must be prosecuted to the fullest extent of the law.
There are a number of reviews underway in the aftermath of the
Manning, Snowden, and Alexis incidents. It is vital that necessary
reforms are implemented expeditiously to detect and disrupt future
insider threat situations.
These reforms must include an update to the Federal guidance for
background investigations. In a post-9/11 world, security clearances
must address evolving threats such as radical Islam and cyber crime.
Had investigators looked differently into Edward Snowden's background
they might have identified disturbing trends that made him unfit to
hold a clearance of any kind and a potential insider threat to U.S.
National security.
I look forward to hearing more from the witnesses on these efforts,
including whether or not the 5-year reinvestigation for Top Secret
clearance holders is appropriate, what additional periodic or
continuous monitoring capability exists, and what more can be done to
safeguard our classified information technology (IT) systems from
abuse.
Mr. King. I now recognize the Ranking Member, Mr. Higgins,
for his opening statement, and thank him and his staff for
their cooperation in preparing for this subcommittee hearing.
Mr. Higgins. Thank you, Mr. Chairman.
I would like to thank Chairman King for holding today's
hearing. I would also like to thank the witnesses for their
testimony and for their public service.
This summer the public became very concerned about the
surveillance tactics the National Security Agency currently
takes in the interest of security. Former National Security
Agency contractor Edward Snowden revealed details about the
National Security Agency surveillance program that collects
phone calls and monitors records of millions of Americans.
This prompted Americans to become very interested in
whether the right to privacy trumps the need for National
security. Finding this balance is difficult, and according to
the director of the National Security Agency, General Keith
Alexander, these Classified programs have been successful.
According to Alexander, people like Snowden, who reveal
sensitive information about this country, can cause a grave
damage to the Nation.
The widespread questions remain, however: How could Snowden
have this type of access to National security secrets? Was
there anything in his background that showed a lack of
integrity? What does it take to get a security clearance?
As Congress and the Executive branch were searching for
answers, a few blocks from the U.S. Capitol Aaron Alexis, a
lone gunman, took up arms against fellow employees at the Navy
Yard. Alexis, a contractor, not only had a security clearance,
but also had a history of arrests and gun infractions.
As we have pervasive incidents such as these, it is
imperative that we look at the security clearance process.
According to the Office of Personnel Management, 4.9 million
Federal workers and contractors are eligible to hold security
clearance. At Department of Homeland Security, approximately
124,000 employees hold clearances.
These vast numbers grow year by year. It lends to the
conversation of how these clearances are determined and given.
In its report to the Ranking Member of the full committee,
the Government Accountability Office found that the Office of
Director of National Intelligence has not provided agencies
with a clearly-defined guidance and procedures to determine if
a position requires a security clearance. The GAO also noted
that since the 1990s, quality in the security clearance
investigations has not been a priority. These are just two
detrimental flaws in the security clearance process.
I am pleased to hear that the Office of Management and
Budget is heading a 120-day review of the Federal clearance
process. However, it seems a little bit too little, too late.
The intelligence community has grown greatly since September 11
and there are examples of their outstanding work.
In August the efforts of the intelligence community, along
with Royal Canadian Mounted Police, disrupted a terrorist plot
in Western New York. Unfortunately, the lack of consistency and
quality in the security clearance process can place the
international community in great danger from an insider threat.
We expect quality performance from our Federal employees.
Holding a security clearance should be a privilege. It is my
hope that this hearing can yield solutions that can be included
in the restoration of the security clearance process.
I look forward to the witnesses' testimony.
With that I yield back.
[The statement of Ranking Member Higgins follows:]
Statement of Ranking Member Brian Higgins
November 13, 2013
This summer, the public became very concerned about surveillance
tactics that the National Security Agency currently takes in the
interest of security. Former National Security Agency contractor,
Edward Snowden, revealed details about National Security Agency
surveillance programs that collect phone calls and monitor records of
millions of Americans.
This prompted Americans to become very interested in whether the
right to privacy trumps the needs of the country. Finding this balance
is difficult and according to the director of the National Security
Agency, General Keith Alexander, these Classified programs have been
successful. According to Alexander, people like Snowden who reveal
sensitive information about this country can cause grave damage to the
Nation.
The widespread questions remain, however: How could Snowden have
this type of access to National security secrets? Was there anything in
his background that showed a lack of integrity? What does it take to
get a security clearance?
As Congress and the Executive branch were searching for answers, a
few blocks from the U.S. Capitol, Aaron Alexis, a lone gunman took up
arms against fellow employees at the Navy Yard. Alexis, a contractor,
not only had a security clearance, but also had a history of arrests
and gun infractions. As we have pervasive incidents such as these, it
is imperative that we look at the security clearance process.
According to the Office of Personnel Management 4.9 million Federal
workers and contractors are eligible to hold a security clearance. At
the Department of Homeland Security, approximately 124,000 employees
hold clearances.
These vast numbers grow year by year. It lends to the conversation
of how these clearances are determined and given. In its report to the
Ranking Member of the Full committee, the Government Accountability
Office found that the Office of the Director of National Intelligence
has not provided agencies with clearly-defined guidance and procedures
to determine if a position requires a security clearance.
GAO has also noted that since the 1990s quality in the security
clearance investigations has not been a priority. These are just two
detrimental flaws in the security clearance process. I am pleased to
hear that the Office of Management and Budget is heading a 120-day
review of the Federal clearance process. However, it seems as if this
is a ``better late than never'' opportunity.
The intelligence community has grown greatly since September 11 and
there are examples of their outstanding work. In August, the efforts of
the intelligence community, along with the Royal Canadian Mounted
Police, disrupted a terrorist plot in Western New York.
Unfortunately, the lack of consistency and quality in the security
clearance process can place the IC in grave danger from an insider
threat. We expect quality performance from our Federal employees.
Holding a security clearance should be a privilege. It is my hope that
this hearing can yield solutions that can be included in the
restoration of the security clearance process.
Mr. King. I thank the Ranking Member, Mr. Higgins, for his
statement.
Other Members of the committee, whether here or not, are
reminded that opening statements may be submitted for the
record.
[The statement of Ranking Member Thompson follows:]
Statement of Ranking Member Bennie G. Thompson
November 13, 2013
My years in leadership on this committee have given me great
insight into the American public's evolving interest in homeland
security. Matters such as aviation security and emergency preparedness
usually remain at the forefront of the minds of vast majority of
Americans, while employment matters may usually strike those who are
affected. After September 11, the public wanted to know what could be
done to make sure that another devastating attack did not take place.
The public also wanted to know how they could help this country
through either military or civilian service. As the Government began to
develop solutions, the Department of Homeland Security was established
to secure the Nation from the many threats it faces. Other Executive
Orders increased the Government's ability to track Americans who
engaged with people overseas.
A sweeping change came to the Federal workforce. The 9/11
Commissioners recommended that the United States improve its
intelligence-gathering and information-sharing activities. More and
more civilians began to be employed in positions that allowed access to
Classified information that required them to have security clearances.
Ten years after September 11, the sheer volume of Americans holding
security clearances was astonishing. According to the Government
Accountability Office, in 2011, the Office of the Director of National
Intelligence, the Nation's executive security agent, reported that over
4.9 million Federal contractors and Government workers held or were
eligible to hold a security clearance. Many people contact Congress and
inquire about the clearance process. For some, successful completion of
the clearance process is a badge of honor. For others, due to various
circumstances, obtaining a clearance was a hurdle to employment. Some
questioned why clearances were necessary to perform certain duties that
may not involve access to Classified material.
Some long-time Federal employees were concerned that they might be
required to redo the process when they switch employment at different
agencies within the Federal Government. The volume of security
clearances gave me pause. Last summer, I asked the Government
Accountability Office to conduct an investigation into security
clearances. GAO found that throughout the Federal Government that there
are essentially no agreed-upon standards for requiring security
clearances for Federal jobs. The lack of clear criteria and commonly-
accepted standards may contribute to the exponential growth in Federal
jobs requiring a security clearance. GAO also found that security
clearance requirements for Federal jobs that do not involve handling
National security information may hinder transparency and openness in
Government. The security clearance issue was at the forefront of my
mind and the minds of employment-seekers the past few years; however,
May 2013 changed the game.
An overwhelming number of Americans became concerned when former
NSA contractor Edward Snowden leaked the details of classified programs
to the British newspaper The Guardian. Snowden's security clearance was
vetted by an outside contractor and, in hindsight, many still wonder if
Snowden should have had access to such sensitive information. There are
several reports that Snowden may have omitted or embellished
information on his personnel background form.
The same firm that vetted outside contractor Edward Snowden vetted
Navy Yard shooter Aaron Alexis. On September 16, Alexis, a civilian
contractor, opened fire at Navy Yard here in Washington, DC. After the
Navy Yard shooting, it was discovered that Alexis failed to disclose
information about felony charges, and a Federal personnel report had no
information about a his previous arrests.
It is difficult to believe that the Executive branch spends over $1
billion dollars on background investigations for suitability and
security clearances, but could not yield Alexis's felony gun charges.
Despite GAO's insistence, it took leaks and a horrific lone gunman to
get an Executive branch review. I look forward to the panel's review
and remind them that access to National security information is a
privilege that should be regarded with the highest integrity.
There needs to be uniformity with how security clearances are given
and in how they are revoked. If revocation or suspension is the rule
for leaking information, it needs to be applied across the board.
Mr. King. Right now we are pleased to have a very
distinguished panel of witnesses before us today on this vital
topic.
Mr. Merton Miller serves as the associate director of
investigations for the Office of Personnel Management Federal
Investigative Services. OPM's Federal Investigative Services is
the Federal Government's largest provider of background
investigations and services, supporting more than 100 Federal
agencies' personnel security programs. He is responsible for
FIS operations, policy development, and contract oversight of
OPM's investigations program, which completes over 2 million
investigations annually.
Before joining OPM FIS, Mr. Miller served in the United
States Air Force, reaching the rank of full colonel before his
retirement in 2005. During his career, Colonel Miller served
with the Air Force Office of Special Investigations,
specializing in criminal counterintelligence, counterterrorism,
and security investigations and operations. Upon his retirement
from the military Colonel Miller joined the Department of
Defense's counterintelligence field activity, directing DOD's
counterintelligence programs.
Mr. Gregory Marshall is the chief security officer for the
Department of Homeland Security. In this capacity Mr. Marshall
is responsible for security-related issues affecting the
Department's personnel security, physical security, special
security, special access programs, and security training and
awareness.
Mr. Marshall began his Federal career as a police officer
with the United States Capitol Police in 1984 and later
transferred to the Howard County, Maryland Police Department,
where he retired in 2007. He returned to Federal service when
he joined DHS as the deputy chief of physical security and was
later promoted to deputy chief security officer.
Mr. Brian Prioletti is the assistant director for the
Special Security Directorate and the National
counterintelligence executive in the Office of the Director of
National Intelligence. Mr. Prioletti is responsible for the
policies and procedures governing the conduct of investigations
as well as assisting the DNI on determining which agencies
conduct background investigations and determine eligibility for
access to Classified information. Prior to joining the ODNI,
Mr. Prioletti worked at the Central Intelligence Agency from
1981 until 2013.
Ms. Brenda Farrell is a director in the Government
Accountability Office's Defense Capabilities and Management, a
position she has held since 2007. Her work focuses on military
and civilian personnel issues, including personnel security
clearance process concerns.
Ms. Farrell began her career with GAO in 1981 and has
served in a number of issue areas associated with National
security. Prior to her appointment as director, she served as
an acting director for GAO's strategic issues team, where she
was responsible for overseeing three major bodies of work
related to strategic human capital management, Government
regulation, and decennial census issues.
I want to thank all of the witnesses for being here today.
We will begin with Mr. Miller, who is recognized for 5
minutes. Thank you.
STATEMENT OF MERTON W. MILLER, ASSOCIATE DIRECTOR OF
INVESTIGATIONS, FEDERAL INVESTIGATIVE SERVICES, U.S. OFFICE OF
PERSONNEL MANAGEMENT
Mr. Miller. Thank you, Chairman King, Ranking Member
Higgins. I want to thank you for letting me testify here today.
I share your commitment and that of my colleagues here to
examine the processes and procedures for determining who shall
be allowed access to our Nation's secrets, granted the
privilege of serving in a position of public trust, and given
routine physical and logical access to our Federal facilities.
Presently, there is a series of steps that must be taken to
determine whether an individual should be granted a security
clearance. The process begins when a Federal agency determines
whether the duties of a particular Federal civilian position,
military position, or contract position requires access to
Classified information to perform their duties.
Once an agency determines that an individual will perform
work requiring access to Classified information and also has
determined the level of access--either Confidential, Secret, or
Top Secret--the agency submits a request to OPM to perform a
background investigation. The background investigation we
conduct must conform to Government-wide rules that meet
investigative standards, adjudicative guidelines, and
reciprocity mandates.
The Federal Investigative Standards outline the required
elements of the investigation. These elements include the
completion of a questionnaire by the applicant and specify
investigative leads to be performed by OPM depending on the
level of clearance sought.
The completion of a background investigation is dependent
in part on the voluntary cooperation of sources and of record
providers. In some instances, essential personnel are not
available for an interview; members of the public, such as
former employers or educational institutions are unwilling to
provide interviews to investigators or to complete forms or
make records available. For OPM investigators who have
performed work on the investigative process, they are required
to perform and complete a detailed summary of the work they
accomplished.
Once the investigator completes his or her work and the
results are reviewed for completeness and delivered to the
customer agency, OPM's role in the process is complete.
Following investigative phase of the process, the agency which
requested the investigation moves into the adjudicative phase.
It is during this adjudicative phase when a determination is
made on whether an individual is eligible for access to
Classified information.
The decision that an individual shall receive access to
Classified information is the responsibility of the head of the
agency employing the individual or his or her designee. The
agency for which the work is to be performed makes the decision
to grant eligibility based in part upon the background
investigation and in part upon other information that may be
available to the agency, such as the results of a polygraph
examination if that is required for the position.
Although there are considerable processes and procedures in
place today to vet individuals for a security clearance, the
recent tragic events of the Navy Yard and the high-profile
security breaches highlights the need to be ever-vigilant in
assuring that individuals entrusted with access to Classified
information and individuals with physical and logical access to
Federal facilities do not present a risk of harm to National
security or to the safety of our employees.
At the President's direction and under the leadership of
OMB, OPM is presently working with its colleagues to identify
potential improvements in suitability fitness, clearance
determination procedures, and anything that might help enhance
employee safety and National security.
I want to thank you again for the opportunity to testify
regarding this important issue. I look forward to answering any
questions you might have.
[The prepared statement of Mr. Miller follows:]
Prepared Statement of Merton W. Miller
November 13, 2013
Chairman King, Ranking Member Higgins, and Members of the
subcommittee, thank you for asking me to be here today.
To that end, this subcommittee has asked the Office of Personnel
Management (OPM) questions about security clearances. I appreciate the
opportunity to give you a better understanding of OPM's role in the
security clearance process.
1. the security clearance program
There is a series of steps that must be taken to determine whether
an individual should be granted a security clearance. The process
begins when a Federal agency determines whether the duties of a
particular Federal civilian position or position in the military will
require the incumbent to have access to Classified information, or that
an employee of a contractor will require access to Classified
information in order to perform work under a Government contract. If
such a determination is made, and if there is no prior eligibility
determination that is sufficient, under applicable directives, to meet
that need, the agency will need to determine such eligibility itself.
OPM conducts 95 percent of the Government background
investigations. Once an agency determines that the subject will perform
work that requires a demonstrated, foreseeable need for access to
Classified information, and that an investigation is required, the
agency submits a request to OPM that it perform the background
investigation. OPM performs the investigation on a reimbursable basis
in accordance with established investigative standards and then
delivers the report of investigation to the requesting agency.
I want to emphasize that OPM is not charged with deciding whether
an individual should or will be found eligible for access to Classified
information or even with making any recommendation with respect to that
decision. The decision that an individual should receive access to
Classified information is ultimately, pursuant to Executive Order
12968, the exclusive responsibility of the head of the agency employing
the individual, or his or her designee, following a National security
adjudication (either by that agency or by a central adjudicative
facility working on its behalf). The agency for which the work is to be
performed makes the decision to grant eligibility, based, in part, upon
the background investigation, and, in part upon other information that
may be available to the agency, such as a polygraph if required for the
position. Further, the agency can reopen the investigation or order
additional investigative work from OPM if it does not have enough
information to make a determination.
The security clearance process must conform with Government-wide
rules that include investigative standards (which may vary, based on
the level of Classified information to which the individual will have
access), adjudicative guidelines, and reciprocity mandates. The
standards outline the required elements of the investigation. These
elements include the completion of a questionnaire by the applicant and
specified record and other checks to be performed by OPM depending on
the level of clearance sought.
Background investigations are dependent on the voluntary
cooperation of sources and of records providers, as well as the
availability and accessibility of references and records. In some
instances, essential personnel are not available for an interview (for
example, when members of the Armed Forces are deployed in dangerous
locations overseas); members of the public are unwilling to provide
interviews to investigators or to complete inquiry forms; or records
are not made available (for example, Federal, State, and local records
may not be accessible to our investigators for a variety of reasons).
Each OPM investigator who has performed work on the investigation
prepares a report of investigation that details all work attempted and
all work completed. These reports of investigation are combined with
the results of records checks that OPM conducts of record repositories
specified in the investigative standards. Further, OPM uses ``issue
codes'' to alert the sponsoring agency of areas of potential
adjudicative concern. Once the investigator completes his or her work,
OPM reviews the results package for completeness (and, when efforts to
complete items were unsuccessful, reporting those efforts) and delivers
it to the customer agency. The delivery is generally accomplished by
electronic means to support electronic adjudication processes in place
at Federal agencies. Once OPM has completed its work and transmitted
the final investigation file to the customer agency, OPM's role in the
investigation concludes.
2. staffing and oversight of investigations
Adapting to change within the background investigation program is
not new to the investigative community. For example, during the Clinton
administration, the decision was made to move large amounts of the
background investigations work performed by OPM to a contractor
workforce. The decision was made that OPM should absorb a background
investigations function performed by the Department of Defense (DoD)
(with a Federal workforce) into the OPM workforce, leaving OPM with a
blended workforce of investigators. Today, OPM continues to use a
combination of Federal employees and contractors to complete background
investigations. The background investigation workforce has dealt with
factors that have driven down the need for background investigations--
for example, declines in the size of the Federal workforce that have
limited hiring, and thus the need for new background investigations to
factors that have dramatically driven up the need for background
investigations--for example, background investigation security needs
following September 11, 2001. OPM and its partners in the background
investigation community are aware of shifting demands for the
investigation workforce, and working with a blend of contractors and
Federal employees allows OPM to adjust its needs according to the
demands of its customers.
OPM's contract investigators must conduct investigations to the
same Federal investigative standards as their Federal counterparts. The
training curriculum is the same for both. OPM employs a professional
Federal cadre of certified instructors and instructional system
specialists to develop and provide an accredited Background
Investigator Training program, recognized by the Executive branch as
the National training standard. All of OPM's trainers and a number of
the other agencies' trainers for the contract investigators attend
courses at OPM's Federal Investigative Services' National Training
Center and then administer the same courses to the employees of the
contractors. OPM conducts oversight to ensure all the terms of the
contract are being met, including review of contract quality control
plans, audits, and inspections, including ``check rides'' to observe
investigators during the investigation process. OPM is vigilant about
the potential for fraud and falsification both by Government employees
and by employees of contractors. OPM has taken affirmative steps to
detect and root out abuses. When instances of fraud or falsification
are found, OPM takes all appropriate steps to address them. We also
work closely with our Inspector General and the Department of Justice
to cooperate with any subsequent investigations. We have taken steps in
recent years to prevent and detect fraud and falsification both through
improved workforce training and through additional levels of reviews to
ensure the integrity of background security clearance investigations.
The agencies for which work is being performed control who has
access to their buildings and systems, not OPM, and if an agency has
concerns relating to a particular employee of a contractor, there are
avenues available for that agency to take action. The agency may revoke
the individual's credential and, if appropriate, direct the contractor
to remove that individual from work on the contract. The agency also
may request that OPM conduct a reimbursable investigation. And, of
course, there are avenues for agencies to alert oversight or other law
enforcement entities if there are potential criminal conduct concerns.
3. steps going forward
During the last 5 years, the Office of Management and Budget (OMB),
OPM, DoD, and the Office of the Director of National Intelligence
(ODNI) have worked together on a reform effort to ensure that there is
an efficient, aligned system for assessing suitability or fitness for
Federal employment, eligibility for logical and physical access to
Federal systems and facilities, eligibility for access to Classified
information, or fitness to perform work under a Federal contract (where
required by the contract) through background investigations and
appropriate adjudications. At the direction of Executive Order 13467,
the Performance Accountability Council (PAC), including OPM, OMB, and
ODNI, was established to ensure that the work of security clearance
reform be accomplished in this context and throughout the Executive
branch.
Our work together with the PAC has done much to improve reciprocity
so that agencies can place individuals who have already been vetted
into new positions without delay and without further expense. In the
last 3 years, we have enhanced OPM's Central Verification System,
established as directed by the Intelligence Reform and Terrorism
Prevention Act to support reciprocity, by expanding the reporting of
credentialing, suitability, and security determinations from agencies,
adding new data fields, and enabling enterprise access for intelligence
community users to search relevant details. We have enhanced and
professionalized the training of investigators and adjudicators to
ensure consistency across the Executive branch and promote confidence
when reciprocity is applied. And our work to create an aligned system
for investigations will enable greater reciprocity opportunities as we
now begin to implement revised investigative standards.
Pursuant to Executive Order 13467, the Director of National
Intelligence, as the Security Executive Agent, provides guidance and
oversight of the process that Government agencies use to make
determinations of eligibility for access to Classified information and
may amend the current adjudicative criteria (established by the
President) if the need arises. In addition, the Security Executive
Agent is responsible for establishing the criteria governing the
conduct of background investigations related to determinations of
eligibility for access to Classified information.
OPM, DoD, and ODNI co-chair the interagency working group chartered
with establishing the first Federal standards for assessing the quality
of National security and suitability background investigations
Government-wide. The proposed standards are currently under Department
and agency review with a pilot exercise to be initiated in this year to
validate ease and consistency in application of the standards.
At the President's direction, under the leadership of the Director
of OMB, OPM is working with its colleagues on the PAC to review the
oversight, nature, and implementation of National security,
credentialing, and fitness standards for individuals working at Federal
facilities. Our review is focused on steps that can be taken to
strengthen these processes and implementation of solutions identified
during the course of recent reform efforts. In particular, we recognize
that evolution of the security clearance process must include the
ability to obtain and easily share relevant information on a more
frequent or real-time basis.
4. conclusion
Thank you for this opportunity to testify, and I would be happy to
answer any questions you may have.
Mr. King. Thank you, Mr. Miller.
Mr. Marshall, you are recognized. Thank you.
STATEMENT OF GREGORY MARSHALL, CHIEF SECURITY OFFICER, U.S.
DEPARTMENT OF HOMELAND SECURITY
Mr. Marshall. Thank you, Chairman King, Ranking Member
Higgins. Good afternoon.
Thank you for the opportunity to provide testimony on
personnel security vetting for Federal employees and contract
personnel for the U.S. Department of Homeland Security. I am
Greg Marshall, chief security officer of Homeland Security. I
lead the dedicated men and women who make up the Office of the
Chief Security Officer.
I am a career official with nearly 30 years of law
enforcement experience.
The mission of my office is to safeguard the Department's
people, property, and information. Accordingly, I am
responsible for security-related issues affecting more than
235,000 DHS employees that comprise the Department.
The security oversight and guidance authority of my office
applies across the Department. However, DHS operational
components play a significant role in managing their workforce,
including personnel vetting.
The diverse missions and responsibilities of the Department
and the personnel used to meet these missions underscore the
challenges involved with the personnel security discipline. The
tragic events of Monday, September 16 at the Navy Yard have
placed the issues of physical security, access control, and
personnel vetting front and center in the minds of security
professionals across the Federal landscape.
I need to make clear, however, that security aims to manage
risk, not eliminate it. Our job is to do everything we can to
keep our employees safe, and in doing so we have the benefit of
policies and procedures, processes and technologies, both
proven and emerging, to guide and improve our key security
programs.
When we consider the security for a Federal facility,
including access control, we follow the Interagency Security
Committee standards. Facilities are assessed for risk and
appropriate countermeasures are employed. The outcome of these
risk assessments drive the level of protection to include an
appropriate access control posture. A one-size security
solution does not and cannot fit all.
For employees to qualify for access to facilities they must
undergo a background investigation to establish suitability for
employment. These investigations are, for the most part,
conducted by OPM. Contractors are screened in a similar process
to determine fitness to work on a DHS contract and have
facility access.
Background investigations for suitability and fitness
examine character and conduct, and based upon all available
information, we make an adjudicative decision concerning a
person's suitability or fitness for employment or access to
Classified information.
It is important to note that any background investigation,
no matter how rigorous, is no guarantee that all relevant
information is known, available, or has been included. Also, a
background investigation may not reliably predict future
behavior. A background investigation is an exercise in risk
management establishing some basic facts, but cannot guarantee
any individual's continuing fitness to carry out their duties
or to behave in a lawful or safe manner.
Recent improvements in our ability to manage these inherent
risks include Homeland Security Presidential Directive 12,
which mandated a Government-wide standard for secure and
reliable credential to be used when accessing Federal
facilities. This credential, known as a PIV card, represents a
marked improvement over legacy identity cards.
The background investigation process itself is undergoing
major Government-wide reform with phased implementation to
begin this fiscal year. The concept of continuous evaluation
has been developed to supplement normal reinvestigation reviews
with a process that examines conduct between normal
reinvestigation time frames. Relevant security information,
like a recent arrest, would become available in near-real time,
helping to ensure that Classified information and/or Federal
facilities are appropriately safeguarded.
Finally, this administration's recent information-sharing
and safeguarding initiative, also known as Insider Threat,
seeks to complement background investigations and continuous
evaluation with continuous monitoring. This program will
incorporate and analyze data in near-real time from a much
broader set of sources. Its focus is the protection of
Classified information but its applicability to suitability and
contractor fitness is evident.
To conclude, suitability and clearance determinations and
access control to Federal facilities remains a work in progress
but are evolving towards dramatic improvement. We have made
progress but managing employee and facility risks will continue
to be a challenge.
Thank you again for the opportunity to testify today and I
look forward to your questions.
[The prepared statement of Mr. Marshall follows:]
Prepared Statement of Gregory Marshall
November 13, 2013
Chairman King, Ranking Member Higgins, Members of the committee,
good morning and thank you for the opportunity to provide testimony on
personnel security.
I am Greg Marshall, chief security officer of the U.S. Department
of Homeland Security (DHS). I lead the dedicated men and women who make
up the Office of the Chief Security Officer. My office is an element of
the Department's Management Directorate, and I report to the under
secretary for management.
The mission of our office is to safeguard the Department's people,
property, information, and systems. Accordingly, the DHS chief security
officer is responsible for security-related issues affecting the more
than 235,000 DHS employees that compose the Department. I exercise DHS-
wide security program authorities in the areas of personnel security,
physical security, administrative security, special security, identity
management, special access programs, and security training and
awareness. I also support the chief information officer in the area of
IT security policy and the under secretary for intelligence and
analysis in the protection of intelligence sources and methods, and
accreditations of Classified facilities.
The security oversight and guidance authority of my office applies
across the Department. However, Operational components play a
significant role in managing the facilities which they inhabit,
including access to those facilities. The diverse missions and
responsibilities of the Department underscore the challenges involved
within the physical security and access control disciplines.
The tragic events of Monday, September 16 at the Washington Navy
Yard have placed the issue of physical security, access control, and
personnel vetting front and center in the minds of security
professionals across the Federal landscape.
Shortly after the Navy yard incident, I convened a meeting of the
Department's Chief Security Officer Council. Each component chief
security officer (CSO) acknowledged the significance of the Navy Yard
tragedy to access control and the underlying vetting processes and each
CSO commented on the complexities of vetting and access, including the
costs involved. With this in mind, the Department remains committed to
ensuring that only those persons with a legitimate need to access any
given facility are allowed to enter, that those persons possess no
prohibited items, and that the backgrounds of those persons who do
enter have been vetted to an appropriate level of rigor.
I would make clear, however, that security involves risk
management. Our job is to do everything we can to reduce the risk and
keep our employees safe. In pursuit of our mission, please be assured
that DHS security leadership and the professionals we manage have the
benefit of extensive knowledge, training, and experience. We also have
the benefit of comprehensive policies, procedures, processes, and
emerging technologies to help guide and improve our key security
programs.
For example, when we consider the security posture for a Federal
facility, including access control, we at DHS follow Interagency
Security Committee standards. During this process, facilities are
assessed for risk, and appropriate countermeasures are employed to
mitigate the risks. Using a decision matrix involving mission
criticality, the sensitivity of the activities conducted, threats to
the facility, facility population of persons who work and visit there,
and other factors, an appropriate Federal Security Level is assigned to
each facility. Accordingly, the outcomes of these risk assessments
drive the level of protection for each facility, to include an
appropriate access control posture. Simply put, a one-size security
solution does not and cannot fit all facilities.
For our employees to qualify for access to a Federal DHS facility,
an employee must undergo a background investigation to establish his or
her suitability for employment. These investigations are, for the most
part, conducted by OPM on behalf of DHS. Contractors are screened in a
process similar to employees in order to determine their fitness to
work on a DHS contract and have unescorted access to DHS facilities.
Background investigations for suitability and fitness examine character
and conduct behaviors, such as criminal history, alcohol and drug use,
and employment history, among others. Based upon all available
information, a personnel security specialist makes an adjudicative
decision concerning a person's suitability or fitness for employment,
including access to facilities.
It is important to understand that a background investigation for
suitability and one for a security clearance processes with multiple
levels of investigation dependent upon the access required and level of
risk. A security clearance allows access to Classified information,
while a favorable suitability or fitness determination allows
employment and access to facilities. On its own, a background
investigation for suitability does not permit access to Classified
information.
It is also important to note that a background investigation for
either a suitability determination or a security clearance, no matter
how rigorous, is no guarantee that every bit of relevant information
about the individual is available or has been included. For example,
prior criminal convictions and/or arrest information may not be
reported in State and/or Federal repositories, often simply due to data
entry resource constraints. It is these types of checks that are basic
elements of any Federal employment background investigation.
Also, it is important to note that a background investigation may
not be an indicator of future behavior. Even those who have
successfully undergone the most rigorous set of background checks
available--even a comprehensive polygraph examination--may someday
prove untrustworthy. Ultimately, a Federal background investigation
only examines past behavior and is sometimes based on limited available
information.
A Federal background investigation is an exercise in risk
management, establishing some basic facts such as identity,
citizenship, criminal history, etc. However, a background investigation
cannot be characterized, in and of itself, does not guarantee any
single individual's continuing day-to-day fitness to carry out his or
her employment responsibilities or to behave in a lawful and safe
manner.
With these limitations in mind, there have been several recent
improvements to the ability of the Government to manage these inherent
risks.
First, Homeland Security Presidential Directive 12 (HSPD-12)
mandated the development and implementation of a Government-wide
standard for a secure and reliable Personal Identity Verification (PIV)
card for gaining access to Federally-controlled facilities. To date,
DHS Headquarters and components have issued over 250,000 PIV cards to
Federal employees and contractors. For the first time, this process has
effectively linked the completion of a person's background
investigation with the issuance to that person of a unique Federal
identity credential. The PIV card represents a marked improvement over
the various legacy access/identity cards, but is only a part of any
solution. As a result, Federal facility access control processes use
this PIV card and its various authentication mechanisms to verify the
identity of the holder, link the holder to the card, and link the card
itself to a database of valid employees and contractors having
legitimate business at any given facility.
Second, the background investigation process itself is undergoing a
major Government-wide reform effort, to include revised Federal
investigative standards signed jointly by the Director of National
Intelligence and the Director of the Office of Personnel Management in
2012, and phased implementation to begin this fiscal year. With the
Federal investigative standards, the concept of ``continuous
evaluation'' is being developed to supplement the normal re-
investigation reviews of employees which, under the revised standards,
will be in 5-year increments, with a Government-led process that
examines a person's conduct within his or her normal re-investigation
time frames. As such, relevant security information like a recent
arrest or conviction for a crime outside of the Federal system, for
example, would become available on a timelier basis to security
officials responsible for assessing a person's eligibility for access
to Classified information, thereby helping to ensure that Classified
information and/or Federal facilities are appropriately safeguarded.
``Continuous evaluation'' represents a significant process improvement
over current capabilities and will mitigate some of the limitations in
the existing background investigation process discussed above.
Finally, this administration's recent Information Sharing and
Safeguarding initiative, also known as ``Insider Threat,'' seeks to
complement background investigations and continuous evaluation with
continuous monitoring. Continuous monitoring will incorporate data in
near-real time from a much broader set of data sources, as compared to
information that was previously available in the background
investigation process. The initiative focuses on monitoring certain IT
systems and incorporates analysis and collation software to aid in the
identification of behavioral trends that could be indicative of an
insider threat problem. Strict referral protocols are in place to
investigate abnormalities. The aim is the detection and mitigation of
threats to Classified information before any damage can be done. The
focus of this program is the protection of Classified information, but
its applicability to other behavioral issues, including suitability and
contractor fitness, is evident.
In conclusion, the suitability determinations of and access control
to Federal facilities by Federal employees and contractors remains a
work in progress, but is evolving toward dramatic improvement. It is
our responsibility as DHS security leaders, with the support of
Congress, to ensure a safe and secure workplace. We have made important
strides, but assessing and managing employee and facility risks will
continue to be a challenge in the future. We will continue to work
every day to meet these challenges. Thank you again for the opportunity
to testify today.
Mr. King. Thank you, Mr. Marshall.
Mr. Prioletti please, 5 minutes. Again, if you go over 5
minutes don't worry about it. Just a general guideline.
STATEMENT OF BRIAN A. PRIOLETTI, ASSISTANT DIRECTOR, SPECIAL
SECURITY DIRECTORATE, NATIONAL COUNTERINTELLIGENCE EXECUTIVE,
OFFICE OF DIRECTOR OF NATIONAL INTELLIGENCE
Mr. Prioletti. Chairman King, Ranking Member Higgins, and
distinguished Members of the subcommittee, thank you for the
invitation to provide information on the Government's practices
and procedures regarding security clearances and background
investigations. My statement will address the role of the DNI--
Director of National Intelligence, as a security executive
agent, his authorities and responsibilities for oversight of
the security clearance process across the Government, areas in
need of attention in the current process, and initiatives
underway to address those areas.
Pursuant to Executive Order 13467, the DNI, as the security
executive agent, is responsible for the development and
oversight of effective, efficient, uniform policies and
procedures governing the timely conduct of investigations and
adjudications for eligibility to access Classified information
or eligibility to hold a sensitive position. The security
executive agent also serves as the final authority to designate
agencies to conduct background investigations and determine
eligibility for access to Classified information, and ensures
reciprocal recognition of investigations and adjudication
determinations among agencies.
A background check is an essential component of the
security clearance process. It is required prior to making a
determination for eligibility for access to Classified or
eligibility to occupy a sensitive position. The 1997 Federal
Investigative Standards, as amended in 2004, are the current
standards used to conduct background investigations. The scope
of the background investigation is dependent upon the level of
security clearance required.
For example, a Secret clearance includes National agency,
local agency, and credit checks. An interview with an
individual being considered for the clearance is conducted if
necessary to resolve issues resulting from the required checks.
A Top Secret clearance requires the above checks as well as
interviews of the individual being considered for the
clearance, his or her references, coworkers, supervisors,
neighbors, and other individuals.
Regardless of the type of clearance involved, identified
issues must be fully investigated and resolved prior to any
adjudication.
The adjudicative guidelines issued by the White House in
2005 currently serve as the Government-wide guide for most
eligibility decisions. The DNI has issued separate adjudicative
guidelines for sensitive compartmented information, known as
SCI, and Special Access Program access. Adjudicative decisions
are made by utilizing the whole-person concept, which is a
careful weighing of available, reliable information about the
person, past and present, favorable and unfavorable.
Recent events involving individuals with clearances have
further emphasized the importance of a robust security
clearance program and areas in need of attention in the current
security clearance process. Under the direction of the
Performance Accountability Council, known as the PAC, the ODNI,
in collaboration with OMB, OPM, DOD, and other Federal
partners, have been leading security clearance reform efforts
for several years. Although these efforts are still a work in
progress, when mature they will mitigate adjudicative gaps and
enhance the Nation's security posture.
One critical element for a robust security clearance
process is to establish an effective capability to assess an
individual's continuing eligibility on a more frequent basis.
Under current policies and practices, an individual's continued
eligibility for access to Classified information relies heavily
on a periodic reinvestigation--essentially a background
investigation and adjudication conducted every 5 years for a
Top Secret clearance or every 10 years for Secret clearances.
The time interval between periodic reinvestigations leaves
the U.S. Government potentially uninformed as to the behavior
that could pose a security or counterintelligence risk.
Continuous evaluation, known as C.E., is a tool that will
assist in closing this information gap. Per Executive Order
13467 and the revised Federal Investigation Standards, which
were signed in 2012, C.E. allows for a review at any time of an
individual with eligibility or access to Classified information
or in a sensitive position to ensure that that individual
continues to meet the requirements for eligibility.
C.E., as envisioned in the reformed security clearance
process, includes automated record checks of commercial
databases, Government databases, and other information lawfully
available. Manual checks are inefficient and resource-
intensive. The C.E. initiative currently under development will
enable us to more reliably determine an individual's
eligibility to hold a security clearance or a sensitive
position on an on-going basis.
The DNI's C.E. tool must provide an enterprise-wide
solution that will ensure timely sharing of relevant
information across security elements of the Federal Government
as appropriate. There are a number of on-going pilot studies to
assess the feasibility of selected automated record checks and
the utility of publicly-available electronic information to
include social media sites in the personnel security process.
While we fully recognize the value of publicly-available
electronic information and its relevancy from an adjudicative
perspective, there are resource, privacy, and civil liberty
concerns that must be addressed as we incorporate such checks
into our security processes.
In addition to supporting security clearance
determinations, robust C.E. initiatives will also support and
inform the Insider Threat programs. Damage assessments
regarding individuals involved in unauthorized disclosures of
Classified information or acts of workplace violence have
uncovered information that was not discovered during the
existing security clearance process. Timely knowledge of such
information might have prompted a security review or increased
monitoring of that individual.
We must build an enterprise-wide C.E. program that will
promote the sharing of trustworthiness, eligibility, and risk
data within and across agencies to ensure the information is
readily available for analysis and action.
Consistency in the quality of these investigations and
adjudications is another area in need of attention. The revised
Federal Investigative Standards will provide clear guidance on
issue identification and resolution. They will also create an
aligned system for consistent assessment of suitability,
fitness, or eligibility for access to Classified information
for Federal employment or to perform work under a Federal
contract.
These standards will be implemented through a phased
approach beginning in 2014 and continuing through 2017. In
addition, the ODNI, OPM, and DOD are co-chairing a working
group to develop common standards and metrics for evaluating
quality and comprehensiveness for background investigations. In
addition, the DNI has hosted a working group to refine the
adjudicative guidelines, and recommendations regarding these
guidelines are in the policy development stage.
Another initiative supporting a more robust security
clearance process was the development of the National Training
Standards, which were approved in August 2012 by the DNI and
the director of OPM. These training standards create uniform
training criteria for background investigators, National
security adjudicators, and suitability adjudicators. Personnel
mobility makes the application of uniform standards for
conducting a background investigation and rendering an
eligibility determination essential.
The training standards and revised investigative standards
complement each other and, when both begin implementation in
2014, will result in a more robust security clearance process
that supports security clearance reciprocity.
As a final note, OMB, the DNI, and OPM are engaged in two
further initiatives that will enhance security clearance
processing. We are currently revising 5 Code of Federal
Regulation 732, which will be reissued as 1400, to provide
clarifying guidance to departments and agencies when
designating National security-sensitive positions.
Guidance from the reissued regulation will be used to
update OPM's position designation tool. This will assist
departments and agencies in determining position sensitivity
and the type of clearance processing that will be required for
each position.
The DNI is also working with OMB and OPM to revise the
Standard Form 86, which is the questionnaire for National
security positions. This form is completed by individuals
requiring security clearances and is a starting point for the
security background investigation.
In accordance with the President's directive, OMB is
conducting a 120-day review of the security and suitability
processes. In support of that effort, the DNI, as security
executive agent, will work in coordination with OPM, DOD, and
the other agencies to review the policies, procedures, and
processes related to the initiation, investigation, and
adjudication of background investigations for personnel
security, suitability for employment, and fitness for perform
on a contract.
I want to emphasize the DNI's resolve to lead these
initiatives discussed today and to continue the collaborative
efforts established with OMB, DOD, OPM, and our other Federal
partners. Thank you for the opportunity to update the
subcommittee.
[The prepared statement of Mr. Prioletti follows:]
Prepared Statement of Brian A. Prioletti
November 13, 2013
Chairman King, Ranking Member Higgins, and distinguished Members of
the subcommittee, thank you for the invitation to provide information
on the Government's practices and procedures regarding security
clearances and background investigations. My statement will address the
role of the Director of National Intelligence (DNI), as Security
Executive Agent, his authorities and responsibilities for oversight of
the security clearance process across Government, areas in need of
attention in the current process, and initiatives underway to address
those areas.
the dni's role in the security clearance process
Pursuant to Executive Order 13467, the DNI, as the Security
Executive Agent, is responsible for the development and oversight of
effective, efficient, uniform policies and procedures governing the
timely conduct of investigations and adjudications for eligibility for
access to Classified information or eligibility to hold a sensitive
position. The Security Executive Agent also serves as the final
authority to designate agencies to conduct background investigations
and determine eligibility for access to Classified information, and
ensures reciprocal recognition of investigations and adjudication
determinations among agencies.
the relationship between background checks and the security clearance
process
A background check is an essential component of the security
clearance process. It is required prior to making a determination for
eligibility for access to Classified information or eligibility to
occupy a sensitive position. The 1997 Federal Investigative Standards,
as amended in 2004, are the current standards used to conduct
background investigations. The scope of the background investigation is
dependent upon the level of security clearance required. A SECRET
clearance includes National agency, local agency, and credit checks. An
interview with the individual being considered for the clearance is
conducted if necessary to resolve issues resulting from the required
checks. A TOP SECRET clearance requires the above checks as well as
interviews of the individual being considered for the clearance, and
his or her references, co-workers, supervisors, neighbors, and other
individuals. Regardless of the type of clearance involved, identified
issues must be fully investigated and resolved prior to any
adjudication.
the odni's standards and policies for adjudicating security clearance
applications
The Adjudicative Guidelines issued by the White House in 2005,
currently serve as the Government-wide guide for most eligibility
decisions. The DNI has issued separate Adjudicative Guidelines for
Sensitive Compartmented Information (SCI) and Special Access Program
access. Adjudicative decisions are made by utilizing the whole-person
concept, which is the careful weighing of available, reliable
information about the person, past and present, favorable and
unfavorable.
areas of the security clearance process in need of attention and
potential solutions
Recent events involving individuals with clearances have further
emphasized the importance of a robust security clearance program and
areas in need of attention in the current security clearance process.
Under the direction of the Performance Accountability Council, the
ODNI, in collaboration with OMB, OPM, DoD, and other Federal partners,
has been leading security clearance reform efforts for several years.
Although these efforts are still a work in progress, when mature, they
will mitigate adjudicative gaps and enhance the Nation's security
posture.
One critical element for a robust security clearance process is to
establish an effective capability to assess an individual's continuing
eligibility on a more frequent basis. Under current policies and
practices, an individual's continued eligibility for access to
Classified information relies heavily on a periodic reinvestigation;
essentially a background investigation and adjudication conducted every
5 years for Top Secret clearances or every 10 years for Secret
clearances. The time interval between periodic reinvestigations leaves
the U.S. Government potentially uninformed as to behavior that poses a
security or counterintelligence risk.
Continuous Evaluation (CE) is a tool that will assist in closing
this information gap. Per Executive Order 13467 and the revised Federal
Investigative Standards signed in 2012, CE allows for a review at any
time of an individual with eligibility or access to Classified
information, or in a sensitive position, to ensure that the individual
continues to meet the requirements for eligibility.
CE, as envisioned in the reformed security clearance process,
includes automated records checks of commercial databases, Government
databases, and other information lawfully available. Manual checks are
inefficient and resource-intensive. The CE initiative currently under
development will enable us to more reliably determine an individual's
eligibility to hold a security clearance or sensitive position on an
on-going basis. The DNI's CE tool must provide an enterprise-wide
solution that will ensure timely sharing of relevant information across
security elements of the Federal Government, as appropriate. There are
a number of on-going pilot studies to assess the feasibility of select
automated records checks and the utility of publicly available
electronic information, to include social media sites, in the personnel
security process. While we fully recognize the value of publicly-
available electronic information and its relevancy from an adjudicative
perspective, there are resource, privacy, and civil liberty concerns
that must be addressed as we incorporate such checks into our security
processes.
In addition to supporting security clearance determinations, robust
CE initiatives will also support and inform Insider Threat Programs.
Damage assessments regarding individuals involved in unauthorized
disclosures of Classified information or acts of workplace violence
have uncovered information that was not discovered during the existing
security clearance process. Timely knowledge of such information might
have prompted a security review or increased monitoring of the
individual. We must build an enterprise-wide CE program that will
promote the sharing of trustworthiness, eligibility, and risk data
within and across agencies to ensure that information is readily
available for analysis and action.
Consistency in the quality of investigations and adjudications is
another area in need of attention. The revised Federal Investigative
Standards will provide clear guidance on issue identification and
resolution. They will also create an aligned system for consistent
assessment of suitability, fitness, or eligibility for access to
Classified information for Federal employment or to perform work under
a Federal contract. The standards will be implemented through a phased
approach beginning in 2014 and continuing through 2017. In addition,
ODNI, OPM, and DOD are co-chairing a working group to develop common
standards and metrics for evaluating quality and comprehensiveness of
background investigations. Furthermore, ODNI has hosted a working group
to refine the Adjudicative Guidelines; recommendations regarding these
guidelines are in the policy development phase.
Another initiative supporting a more robust security clearance
process was the development of the National Training Standards, which
were approved in August 2012 by the DNI and Director of OPM. These
training standards create uniform training criteria for background
investigators, National security adjudicators, and suitability
adjudicators. Personnel mobility makes the application of uniform
standards for conducting a background investigation and rendering an
eligibility determination essential. The training standards and the
revised investigative standards complement each other and when both
begin implementation in 2014, will result in a more robust security
clearance process that support security clearance reciprocity.
As a final note, OMB, the ODNI, and OPM are engaged in two further
initiatives that will enhance security clearance processing. We are
currently revising 5 Code of Federal Regulation 732, which will be
reissued as 1400, to provide clarifying guidance to departments and
agencies when designating National security sensitive positions.
Guidance from the reissued regulation will be used to update OPM's
Position Designation Tool. This will assist departments and agencies in
determining position sensitivity and the type of security clearance
processing that will be required for each position. ODNI is also
working with OMB and OPM to revise the Standard Form 86, Questionnaire
for National Security Positions. This form is completed by individuals
requiring security clearances and is the starting point for a
background investigation. It is imperative that we collect accurate
information pertinent to today's security and counterintelligence
concerns.
the dni's role in the president's directive for inter-agency review of
the clearance process
In accordance with the President's directive, OMB is conducting a
120-day review of security and suitability processes. In support of
that effort, the DNI, as Security Executive Agent, will work in
coordination with the OPM, DoD, and other agencies to review the
policies, processes, and procedures related to the initiation,
investigation, and adjudication of background investigations for
personnel security, suitability for employment, and fitness to perform
work on a contract.
closing
Over the last 5 years, significant strides have been made in
improving the security clearance process, particularly in the terms of
timeliness and aligned National policies that provide the framework for
consistency across Government. I want to emphasize the DNI's resolve to
lead the initiatives discussed today and to continue the collaborative
efforts established with OMB, DoD, OPM, and our other Federal partners.
I thank you for the opportunity to update the subcommittee at this time
and ODNI looks forward to working with you on these matters.
Mr. King. Thank you, Mr. Prioletti.
Ms. Farrell, you are recognized. Thank you.
STATEMENT OF BRENDA S. FARRELL, DIRECTOR, DEFENSE CAPABILITIES
AND MANAGEMENT, MILITARY AND DOD CIVILIAN PERSONNEL ISSUES,
U.S. GOVERNMENT ACCOUNTABILITY OFFICE
Ms. Farrell. Chairman King, Ranking Member Higgins, thank
you for the opportunity to be here today to discuss the quality
of the Federal Government's personnel security clearance
process. Let me briefly summarize my written statement for the
record.
Personnel security clearances allow for access to
Classified information on a need-to-know basis. Recent events,
such as unauthorized disclosures of Classified information,
have shown that there is much more work to be done by Federal
agencies to help ensure the process functions effectively and
efficiently so that only trustworthy individuals hold security
clearances.
Over the years, GAO has conducted a broad body of work on
personnel security clearance issues that gives us a unique
historical perspective. My remarks today are based on our
reports issued between 2008 and 2013 on DOD's personnel
security clearance program and Government-wide reform efforts.
My main message today is that quality--and importantly, quality
metrics--should be built into every step of the process.
My written statement is divided into three parts. The first
addresses the roles and responsibilities of several Executive
branch agencies involved in the security clearance process.
For example, in 2008 Executive Order 13467 designated the
DNI as the security executive agent. As such, the DNI is
responsible for policies and procedures to help ensure the
effective, efficient, and timely completion of background
investigations and adjudications related to determinations of
eligibility for access to Classified information. Importantly,
since 2008 reform efforts to improve the personnel security
clearance process throughout the Government have been
principally driven and overseen by the Performance
Accountability Council, which is chaired by the deputy director
for management at OMB. Executive Order 13467 established this
governance structure.
The second part of my written statement addresses the
different phases of the clearance process. Executive branch
agencies rely on a multi-phased process that includes
requirements determination; application; investigation;
adjudication; appeals, if applicable, where a clearance has
been denied; and reinvestigation for renewals or upgrade of an
existing clearance.
The first step of the process is for the Executive branch
agency, such as Homeland Security, to determine whether a
position requires access to Classified information. After an
individual has been selected for a position that requires a
personnel security clearance he or she submits an application
for a clearance. OPM--often contractors--conducts the
background investigation. Adjudicators from the requesting
agency use the resulting OPM investigation report and consider
Federal guidelines to determine whether an applicant is
eligible for a clearance.
The last part of my written statement addresses the extent
to which the Executive branch assesses quality of the process.
For more than a decade GAO has emphasized the need to build and
monitor quality throughout the clearance process to promote
oversight and positive outcomes, such as maximizing the
likelihood that individuals who are security risk will be
scrutinized more closely.
For example, in 2009 we reported concerns with the quality
of OPM's investigations. We reported that with respect to
initial Top Secret clearances adjudicated in July 2008 for DOD,
documentation was incomplete for most of OPM's investigative
reports.
We independently estimated that 87 percent of 3,500
investigative reports that DOD adjudicators used to make a
clearance eligibility decisions were missing some required
documentation, such as the verification of all of the
applicant's employment. We also estimated that about 12 percent
of the 3,500 reports did not contain the required applicant's
interview.
In 2009 we recommended that OPM measure the frequency with
which its investigative reports met Federal Investigative
Standards in order to improve the quality of the investigative
documentation. As of August 2013 OPM had not implemented this
recommendation.
In summary, the large number of personnel eligible to hold
clearances--over 4.9 million--coupled with risk to National
security underscores the need for a high-quality personnel
security clearance process.
Mr. Chairman, this concludes my remarks. I will be pleased
to take questions when you are ready.
[The prepared statement of Ms. Farrell follows:]
Prepared Statement of Brenda S. Farrell
November 13, 2013
gao highlights
Highlights of GAO-14-186T, a testimony before the Subcommittee on
Counterterrorism and Intelligence, Committee on Homeland Security, U.S.
House of Representatives.
Why GAO Did This Study
In 2012, the DNI reported that more than 4.9 million Federal
Government and contractor employees held or were eligible to hold a
personnel security clearance. Furthermore, GAO has reported that the
Federal Government spent over $1 billion to conduct more than 2 million
background investigations in fiscal year 2011. A high-quality process
is essential to minimize the risks of unauthorized disclosures of
Classified information and to help ensure that information about
individuals with criminal activity or other questionable behavior is
identified and assessed as part of the process for granting or
retaining clearances. Security clearances may allow personnel to gain
access to Classified information that, through unauthorized disclosure,
can in some cases cause exceptionally grave damage to U.S. National
security. Recent events, such as unauthorized disclosures of Classified
information, have illustrated the need for additional work to help
ensure the process functions effectively and efficiently.
This testimony addresses the: (1) Roles and responsibilities of
different Executive branch agencies involved in the personnel security
process; (2) different phases of the process; and (3) extent that
agencies assess the quality of the process. This testimony is based on
GAO work issued between 2008 and 2013 on DOD's personnel security
clearance program and Government-wide suitability and security
clearance reform efforts. As part of that work, GAO: (1) Reviewed
statutes, Executive Orders, guidance, and processes; (2) examined
agency data on timeliness and quality; (3) assessed reform efforts; and
(4) reviewed samples of case files for DOD personnel.
personnel security clearances.--opportunities exist to improve quality
throughout the process
What GAO Found
Several agencies in the Executive branch have key roles and
responsibilities in the personnel security clearance process. Executive
Order 13467 designates the director of National Intelligence (DNI) as
the Security Executive Agent, who is responsible for developing
policies and procedures for background investigations and
adjudications. The Office of Personnel Management (OPM) conducts
investigations for most of the Federal Government. Adjudicators from
agencies, such as the Departments of Defense (DOD) and Homeland
Security, that request background investigations use the investigative
report and consider Federal adjudicative guidelines when making
clearance determinations. Reform efforts to enhance the personnel
security process throughout the Executive branch are principally driven
and overseen by the Performance Accountability Council, which is
chaired by the Deputy Director for Management at the Office of
Management and Budget (OMB).
Executive branch agencies rely on a multi-phased personnel security
clearance process that includes requirements determination,
application, investigation, adjudication, appeals (if applicable, where
a clearance has been denied), and reinvestigation (for renewal or
upgrade of an existing clearance). In the requirements determination
phase, agency officials must determine whether positions require access
to Classified information. After an individual has been selected for a
position that requires a personnel security clearance and the
individual submits an application for a clearance, investigators--often
contractors--from OPM conduct background investigations for most
Executive branch agencies. Adjudicators from requesting agencies use
the information from these investigations and consider Federal
adjudicative guidelines to determine whether an applicant is eligible
for a clearance. If a clearance is denied or revoked by an agency,
appeals of the adjudication decision are possible. Individuals granted
clearances are subject to reinvestigations at intervals that are
dependent on the level of security clearance.
Executive branch agencies do not consistently assess quality
throughout the security clearance process, in part because they have
not fully developed and implemented metrics to measure quality in key
aspects of the process. For example, GAO reported in May 2009 that,
with respect to initial Top Secret clearances adjudicated in July 2008
for DOD, documentation was incomplete for most of OPM's investigative
reports. GAO also estimated that 12 percent of the 3,500 reports did
not contain the required personal subject interview. To improve the
quality of investigative documentation, GAO recommended that OPM
measure the frequency with which its reports met Federal investigative
standards. OPM did not agree or disagree with this recommendation, and
as of August 2013 had not implemented it. Further, GAO reported in 2010
that agencies do not consistently and comprehensively track the
reciprocity of personnel security clearances, which is an agency's
acceptance of a background investigation or clearance determination
completed by any authorized investigative or adjudicative agency. OPM
created a metric in early 2009 to track reciprocity, but this metric
does not track how often an existing security clearance was
successfully honored. GAO recommended that OMB develop comprehensive
metrics to track reciprocity. OMB agreed with the recommendation, but
has not yet fully implemented actions to implement this recommendation.
Chairman King, Ranking Member Higgins, and Members of the
subcommittee: Thank you for the opportunity to be here to discuss the
quality of the Federal Government's personnel security clearance
process. In 2012, the Director of National Intelligence (DNI) reported
that more than 4.9 million Federal Government and contractor employees
held or were eligible to hold a security clearance,\1\ posing
formidable challenges to those responsible for deciding who should be
granted a clearance. Personnel security clearances allow for access to
Classified information on a need-to-know basis. Federal agencies also
use other processes and procedures to determine if an individual should
be granted access to certain Government buildings or facilities or be
employed as a military, Federal civilian, or contractor employee for
the Federal Government. Separate from, but related to, personnel
security clearances are determinations of suitability that the
Executive branch uses to ensure individuals are suitable, based on
character and conduct, for Federal employment in their agency or
position. We have reported that the Federal Government spent over $1
billion to conduct more than 2 million background investigations (in
support of both personnel security clearances and suitability
determinations for Government employment outside of the intelligence
community) in fiscal year 2011.\2\
---------------------------------------------------------------------------
\1\ Office of the Director of National Intelligence, 2012 Report on
Security Clearance Determinations (January 2013).
\2\ GAO, Background Investigations: Office of Personnel Management
Needs to Improve Transparency of Its Pricing and Seek Cost Savings,
GAO-12-197 (Washington, DC: Feb. 28, 2012).
---------------------------------------------------------------------------
A high-quality process is essential in order to minimize the risks
of unauthorized disclosures of Classified information and to help
ensure that information about individuals with criminal activity or
other questionable behavior is identified and assessed as part of the
process for granting or retaining clearances. Security clearances may
allow personnel to gain access to Classified information that, through
unauthorized disclosure, can in some cases cause exceptionally grave
damage to U.S. National security. Recent events, such as unauthorized
disclosures of Classified information, have illustrated both the
potential consequences of such disclosures and the need for additional
work on the part of Federal agencies to help ensure the process
functions effectively and efficiently, so that only trustworthy
individuals obtain and keep security clearances and the resulting
access to Classified information that clearances make possible. We have
an extensive body of work on issues related to the personnel security
clearance process going back over a decade. Since 2008, we have focused
on the Department of Defense's (DOD) clearance program and the
Government-wide effort to reform the security clearance process, and
have reported repeatedly on the need to build quality into the process.
My testimony today will focus on three topics related to personnel
security clearances: (1) The roles and responsibilities of the
different Executive branch agencies involved in the personnel security
clearance process, (2) the different phases of the security clearance
process that are typically followed by most Executive branch agencies,
and (3) the extent that Executive branch agencies assess the quality of
the security clearance process during these different phases.
This testimony is based on our reports and testimonies issued from
2008 through 2013 on DOD's personnel security clearance program and
Government-wide suitability and security clearance reform efforts. A
list of these related products appears at the end of my statement. As
part of the work for these products, we reviewed relevant statutes and
Executive Orders, Federal guidance, and processes; examined agency
personnel security clearance policies; examined agency data on the
timeliness and quality of investigations and adjudications; assessed
reform efforts; and reviewed a sample of investigative and adjudication
files for DOD personnel. Further, as part of our on-going effort to
determine the status of agency actions to address our prior
recommendations, we reviewed the current proposal to revise a relevant
Federal regulation regarding position designation.
The work upon which this testimony is based was conducted in
accordance with generally accepted Government auditing standards. Those
standards require that we plan and perform the audit to obtain
sufficient, appropriate evidence to provide a reasonable basis for our
findings and conclusions based on our audit objectives. We believe that
the evidence obtained provides a reasonable basis for our findings and
conclusions based on our audit objectives. Additional details about the
scope and methodology can be found in each of these related products.
agencies' roles and responsibilities in the personnel security
clearance process
Several agencies in the Executive branch have key roles and
responsibilities in the Federal Government's personnel security
clearance process. In a 2008 memorandum, the President called for a
reform of the security clearance and suitability determination
processes and subsequently issued Executive Order 13467,\3\ which
designates the Director of National Intelligence (DNI) as the Security
Executive Agent. As such, the DNI is responsible for developing
policies and procedures to help ensure the effective, efficient, and
timely completion of background investigations and adjudications
relating to determinations of eligibility for access to Classified
information and eligibility to hold a sensitive position. Positions
designated as sensitive are any positions within a department or agency
where the occupant could bring about, by virtue of the nature of the
position, a material adverse effect on National security.
---------------------------------------------------------------------------
\3\ Executive Order No. 13467, Reforming Processes Related to
Suitability for Government Employment, Fitness for Contractor
Employees, and Eligibility for Access to Classified National Security
Information (June 30, 2008).
---------------------------------------------------------------------------
Further, Executive Order 13467 established a Suitability and
Security Clearance Performance Accountability Council, commonly called
the Performance Accountability Council, that is accountable to the
President for achieving the goals of the reform effort, which include
an efficient, practical, reciprocal, and aligned system for
investigating and determining eligibility for access to Classified
information. Under the Executive Order, this council is responsible for
driving implementation of the reform effort, including ensuring the
alignment of security and suitability processes, holding agencies
accountable for implementation, and establishing goals and metrics for
progress. The Order also appointed the Deputy Director for Management
at the Office of Management and Budget (OMB) as the chair of the
council.\4\ In addition, the Executive Order states that agency heads
shall assist the Performance Accountability Council and executive
agents in carrying out any function under the Order, as well as
implementing any policies or procedures developed pursuant to the
Order.
---------------------------------------------------------------------------
\4\ The Performance Accountability Council is comprised of the
Director of National Intelligence as the Security Executive Agent, the
Director of OPM as the Suitability Executive Agent, and the Deputy
Director for Management, Office of Management and Budget, as the chair
with the authority to designate officials from additional agencies to
serve as members. As of June 2012, the council included representatives
from the Departments of Defense, Energy, Health and Human Services,
Homeland Security, State, Treasury, and Veterans Affairs, and the
Federal Bureau of Investigation.
---------------------------------------------------------------------------
Executive branch agencies that request background investigations
use the information from investigative reports to determine whether an
applicant is eligible for a personnel security clearance. Two of the
agencies that grant the most security clearances are DOD and the
Department of Homeland Security (DHS). DOD accounts for the majority of
all personnel security clearances, and spent $787 million on
suitability and security clearance background investigations in fiscal
year 2011.\5\ Investigators--often contractors--from Federal
Investigative Services within the Office of Personnel Management (OPM)
\6\ conduct the investigations for most of the Federal Government.\7\
DOD is OPM's largest customer, and its Under Secretary of Defense for
Intelligence (USD(I)) is responsible for developing, coordinating, and
overseeing the implementation of DOD policy, programs, and guidance for
personnel, physical, industrial, information, operations, chemical/
biological, and DOD Special Access Program security. Additionally, the
Defense Security Service, under the authority, direction, and control
of USD(I), manages and administers the DOD portion of the National
Industrial Security Program \8\ for the DOD components and other
Federal agencies by agreement, as well as providing security education
and training, among other things.
---------------------------------------------------------------------------
\5\ GAO, Background Investigations: Office of Personnel Management
Needs to Improve Transparency of Its Pricing and Seek Cost Savings,
GAO-12-197 (Washington, DC: Feb. 28, 2012).
\6\ OPM's Federal Investigative Services employs both Federal and
contract investigators to conduct work required to complete background
investigations. The Federal staff constitutes about 25 percent of that
workforce, while OPM currently also has contracts for investigative
fieldwork with several investigation firms, constituting the remaining
75 percent of its investigative workforce.
\7\ In 2005, the Office of Management and Budget designated OPM as
the agency responsible for, among other things, the day-to-day
supervision and monitoring of security clearance investigations, and
for tracking the results of individual agency-performed adjudications,
subject to certain exceptions. However, the Office of the Director of
National Intelligence can designate other agencies as an ``authorized
investigative agency'' pursuant to 50 U.S.C. � 3341(b)(3), as
implemented through Executive Order 13467. Alternatively, under 5
U.S.C. � 1104(a)(2), OPM can redelegate any of its investigative
functions subject to performance standards and a system of oversight
prescribed by OPM under 5 U.S.C. � 1104(b). Agencies without delegated
authority rely on OPM to conduct their background investigations while
agencies with delegated authority--including the Defense Intelligence
Agency, National Security Agency, National Geospatial-Intelligence
Agency, Central Intelligence Agency, Federal Bureau of Investigation,
National Reconnaissance Office, and Department of State--have been
authorized to conduct their own background investigations.
\8\ The National Industrial Security Program was established by
Executive Order 12829 to safeguard Federal Government Classified
information that is released to contractors, licensees, and grantees of
the United States Government. Executive Order 12829, National
Industrial Security Program (Jan. 6, 1993, as amended).
---------------------------------------------------------------------------
DHS spent more than $57 million on suitability and security
clearance background investigations in fiscal year 2011. Within DHS,
the Chief Security Officer develops, implements, and oversees the
Department's security policies, programs, and standards; delivers
security training and education to DHS personnel; and provides security
support to the DHS components. The Chief of DHS's Personnel Security
Division, under the direction of the Chief Security Officer, has
responsibility for personnel security and suitability policies,
programs, and standards, including procedures for granting, denying,
and revoking access to Classified information as well as initiating and
adjudicating personnel security and suitability background
investigations and periodic reinvestigations of applicants. Within the
DHS components, the component Chief Security Officers implement
established personnel security directives and policies within their
respective components.
The personnel security clearance process has also been the subject
of Congressional oversight and statutory reporting requirements.
Section 3001 of the Intelligence Reform and Terrorism Prevention Act of
2004 \9\ prompted Government-wide suitability and security clearance
reform. The act required, among other matters, an annual report to
Congress--in February of each year from 2006 through 2011--about
progress and key measurements on the timeliness of granting security
clearances. It specifically required those reports to include the
periods of time required for conducting investigations and adjudicating
or granting clearances. However, the Intelligence Reform and Terrorism
Prevention Act requirement for the Executive branch to report annually
on its timeliness expired in 2011. More recently, the Intelligence
Authorization Act of 2010 \10\ established a new requirement that the
President annually report to Congress the total amount of time required
to process certain security clearance determinations for the previous
fiscal year for each element of the intelligence community.\11\ The
Intelligence Authorization Act of 2010 additionally requires that those
annual reports include the total number of active security clearances
throughout the United States Government, to include both Government
employees and contractors. Unlike the Intelligence Reform and Terrorism
Prevention Act of 2004 reporting requirement, the requirement to submit
these annual reports does not expire.
---------------------------------------------------------------------------
\9\ Pub. L. No. 108-458 (2004) (relevant sections codified at 50
U.S.C. � 3341).
\10\ Pub. L. No. 111-259, � 367 (2010) (codified at 50 U.S.C. �
3104).
\11\ This timeliness reporting requirement applies only to the
elements of the intelligence community; it does not cover non-
intelligence agencies that were covered by the reporting requirements
in the Intelligence Reform and Terrorism Prevention Act of 2004.
---------------------------------------------------------------------------
phases of the personnel security process
To help ensure the trustworthiness and reliability of personnel in
positions with access to Classified information, Executive branch
agencies rely on a personnel security clearance process that includes
multiple phases: Requirements determination, application,
investigation, adjudication, appeals (if applicable, where a clearance
has been denied), and reinvestigation (where applicable, for renewal or
upgrade of an existing clearance). Figure 1 illustrates the steps in
the personnel security clearance process, which is representative of
the general process followed by most Executive branch agencies and
includes procedures for appeals and renewals. While different
departments and agencies may have slightly different personnel security
clearance processes, the phases that follow are illustrative of a
typical process.\12\ Since 1997, Federal agencies have followed a
common set of personnel security investigative standards and
adjudicative guidelines for determining whether Federal civilian
workers, military personnel, and others, such as private industry
personnel contracted by the Government, are eligible to hold a security
clearance.
---------------------------------------------------------------------------
\12\ The general process for performing a background investigation
for either a Secret or Top Secret clearance is the same; however, the
level of detail and types of information gathered for a Top Secret
clearance is more substantial than a Secret clearance.
Requirements Determination Phase
Executive branch agencies first determine which of their
positions--military, civilian, or private-industry contractors--require
access to Classified information and, therefore, which people must
apply for and undergo a personnel security clearance investigation.
This involves assessing the risk and sensitivity level associated with
that position, to determine whether it requires access to Classified
information and, if required, the level of access. Security clearances
are generally categorized into three levels: Top Secret, Secret, and
Confidential.\13\ The level of classification denotes the degree of
protection required for information and the amount of damage that
unauthorized disclosure could reasonably be expected to cause to
National defense.\14\
---------------------------------------------------------------------------
\13\ A Top Secret clearance is generally also required for access
to Sensitive Compartmented Information--Classified intelligence
information concerning or derived from intelligence sources, methods,
or analytical processes that is required to be protected within formal
access control systems established and overseen by the Director of
National Intelligence.
\14\ Unauthorized disclosure could reasonably be expected to cause:
(1) ``Damage,'' in the case of confidential information; (2) ``serious
damage,'' in the case of secret information; and (3) ``exceptionally
grave damage,'' in the case of Top Secret information. Exec. Order No.
13526, 75 Fed. Reg. 707 (Dec. 29, 2009).
---------------------------------------------------------------------------
A sound requirements process is important because requests for
clearances for positions that do not need a clearance or need a lower
level of clearance increase investigative workloads and costs. A high
volume of clearances continue to be processed and a sound requirements
determination process is needed to effectively manage costs, since
agencies spend significant amounts annually on National security and
other background investigations. In addition to cost implications,
limiting the access to Classified information and reducing the
associated risks to National security underscore the need for Executive
branch agencies to have a sound process to determine which positions
require a security clearance.
Agency heads are responsible for designating positions within their
respective agencies as sensitive if the occupant of that position
could, by virtue of the nature of the position, bring about a material
adverse effect on National security.\15\ In addition, Executive Order
12968, issued in 1995, makes the heads of agencies--including Executive
branch agencies and the military departments--responsible for
establishing and maintaining an effective program to ensure that access
to Classified information by each employee is clearly consistent with
the interests of National security. This order also states that,
subject to certain exceptions, eligibility for access to Classified
information shall only be requested and granted on the basis of a
demonstrated, foreseeable need for access. Further, part 732 of Title 5
of the Code of Federal Regulations provides requirements and procedures
for the designation of National security positions, which include
positions that: (1) Involve activities of the Government that are
concerned with the protection of the Nation from foreign aggression or
espionage, and (2) require regular use of or access to Classified
National security information.\16\
---------------------------------------------------------------------------
\15\ Sensitivity level is based on the potential of the occupant of
a position to bring about a material adverse effect on National
security. Some factors include whether the position requires access to
Classified information or involves the formulation of security-related
policy. The sensitivity level of a position then informs the type of
background investigation required of the individual in that position.
The relationship between sensitivity and resulting clearances is
detailed in Figure 2.
\16\ Those requirements in Part 732 apply to National security
positions in the competitive service, Senior Executive Service
positions filled by career appointment within the Executive branch, and
certain excepted service positions.
---------------------------------------------------------------------------
Part 732 of Title 5 of the Code of Federal Regulations also states
that most Federal Government positions that could bring about, by
virtue of the nature of the position, a material adverse effect on
National security must be designated as a sensitive position and
require a sensitivity level designation. The sensitivity-level
designation determines the type of background investigation required,
with positions designated at a greater sensitivity level requiring a
more extensive background investigation. Part 732 establishes three
sensitivity levels--special-sensitive, critical-sensitive, and
noncritical-sensitive--which are described in figure 2. According to
OPM, positions that an agency designates as special-sensitive and
critical-sensitive require a background investigation that typically
results in a Top Secret clearance. Noncritical-sensitive positions
typically require an investigation that supports a Secret or
Confidential clearance. OPM also defines non-sensitive positions that
do not have a National security element, and thus do not require a
security clearance, but still require a designation of risk for
suitability purposes. That risk level informs the type of investigation
required for those positions. Those investigations include aspects of
an individual's character or conduct that may have an effect on the
integrity or efficiency of the service.
Figure 2 illustrates the process used by both DOD and DHS to
determine the need for a personnel security clearance for a Federal
civilian position generally used Government-wide.
[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
Application Phase
Once an applicant is selected for a position that requires a
personnel security clearance, the applicant must obtain a security
clearance in order to gain access to Classified information. To
determine whether an investigation would be required, the agency
requesting a security clearance investigation conducts a check of
existing personnel security databases to determine whether there is an
existing security clearance investigation underway or whether the
individual has already been favorably adjudicated for a clearance in
accordance with current standards. If such a security clearance does
not exist for that individual, a security officer from an Executive
branch agency: (1) Requests an investigation of an individual requiring
a clearance; (2) forwards a personnel security questionnaire (Standard
Form 86) to the individual to complete using OPM's electronic
Questionnaires for Investigations Processing (e-QIP) system or a paper
copy; (3) reviews the completed questionnaire; and (4) sends the
questionnaire and supporting documentation, such as fingerprints and
signed waivers, to OPM or its investigation service provider.
Investigation Phase
During the investigation phase, investigators--often contractors--
from OPM's Federal Investigative Services use Federal investigative
standards and OPM's internal guidance to conduct and document the
investigation of the applicant. The scope of information gathered in an
investigation depends on the needs of the client agency and the
personnel security clearance requirements of an applicant's position,
as well as whether the investigation is for an initial clearance or a
reinvestigation to renew a clearance. For example, in an investigation
for a Top Secret clearance, investigators gather additional information
through more time-consuming efforts, such as traveling to conduct in-
person interviews to corroborate information about an applicant's
employment and education. However, many background investigation types
have similar components. For instance, for all investigations,
information that applicants provide on electronic applications are
checked against numerous databases. Both Secret and Top Secret
investigations contain credit and criminal history checks, while Top
Secret investigations also contain citizenship, public record, and
spouse checks as well as reference interviews and an Enhanced Subject
Interview to gain insight into an applicant's character. Table 1
highlights the investigative components generally associated with the
Secret and Top Secret clearance levels. After OPM, or the designated
provider, completes the background investigation, the resulting
investigative report is provided to the requesting agencies for their
internal adjudicators.
----------------------------------------------------------------------------------------------------------------
Type of Background Investigation
Type of Information Gathered by Component ---------------------------------------------------
Secret Top Secret
----------------------------------------------------------------------------------------------------------------
(1) Personnel security questionnaire: The reported answers X X
on an electronic SF-85P or SF-86 form.
(2) Fingerprints: Fingerprints submitted electronically or X X
manually.
(3) National agency check: Data from Federal Bureau of X X
Investigation, military records, and other agencies as
required (with fingerprint).
(4) Credit check: Data from credit bureaus where the subject X X
lived/worked/attended school for at least 6 months.
(5) Local agency checks: Data from law enforcement agencies X X
where the subject lived/worked/attended school during the
past 10 years or--in the case of reinvestigations--since
the last security clearance investigation.
(6) Date and place of birth: Corroboration of information X
supplied on the personnel security questionnaire.
(7) Citizenship: For individuals born outside of the United X
States, verification of U.S. citizenship directly from the
appropriate registration authority.
(8) Education: Verification of most recent or significant M X
claimed attendance, degree, or diploma.
(9) Employment: Review of employment records and interviews M X
with workplace references, such as supervisors and
coworkers.
(10) References: Data from interviews with subject- M X
identified and investigator-developed leads.
(11) Data from Federal Bureau of Investigation, military X
records, and other agencies as required (without
fingerprint).
(12) Former spouse: Data from interview(s) conducted with X
spouse(s) divorced within the last 10 years or since the
last investigation or reinvestigation.
(13) Neighborhoods: Interviews with neighbors and M X
verification of residence through records check.
(14) Public records: Verification of issues, such as X
bankruptcy, divorce, and criminal and civil court cases.
(15) Enhanced Subject Interview: Collection of relevant \1\ X
data, resolution of significant issues or inconsistencies.
----------------------------------------------------------------------------------------------------------------
Source.--DOD and OPM.
Note.--The content and amount of information collected as part of a personnel security clearance investigation
is dependent on a variety of case-specific factors, including the history of the applicant and the nature of
the position; however, items 1-15 are typically collected for the types of investigations indicated.
M=Components with this notation are checked through requests for information sent by OPM's Federal Investigative
Services through the mail.
\1\ The Enhanced Subject Interview was developed by the Joint Reform Team and implemented by OPM in 2011 and
serves as an in-depth discussion between the interviewer and the subject to ensure a full understanding of the
applicant's information, potential issues, and mitigating factors. It is included in a Minimum Background
Investigation, one type of suitability investigation, and can be triggered by the presence of issues in a
Secret-level investigation.
In December 2012, the Office of the Director of National
Intelligence (ODNI) and OPM jointly issued a revised version of the
Federal investigative standards for the conduct of background
investigations for individuals that work for or on behalf of the
Federal Government. According to October 31, 2013 testimony by an ODNI
official, the revised standards will be implemented through a phased
approach beginning in 2014 and continuing through 2017.\17\
---------------------------------------------------------------------------
\17\ Brian A. Prioletti, Assistant Director, Special Security
Directorate, National Counterintelligence Executive, Office of the
Director of National Intelligence, Statement for the Record: Open
Hearing on Security Clearance Reform, testimony before the Senate
Committee on Homeland Security and Governmental Affairs, 113th Cong.,
1st sess., October 31, 2013.
---------------------------------------------------------------------------
Adjudication and Appeals Phases
During the adjudication phase, adjudicators from the hiring agency
use the information from the investigative report along with Federal
adjudicative guidelines to determine whether an applicant is eligible
for a security clearance.\18\ To make clearance eligibility decisions,
the adjudicative guidelines specify that adjudicators consider 13
specific areas that elicit information about: (1) Conduct that could
raise security concerns and (2) factors that could allay those security
concerns and permit granting a clearance.\19\ The adjudication process
is a careful weighing of a number of variables, to include
disqualifying and mitigating factors, known as the ``whole-person''
concept. For example, when a person's life history shows evidence of
unreliability or untrustworthiness, questions can arise as to whether
the person can be relied on and trusted to exercise the responsibility
necessary for working in a secure environment where protecting National
security is paramount. As part of the adjudication process, the
adjudicative guidelines require agencies to determine whether a
prospective individual meets the adjudicative criteria for determining
eligibility, including personal conduct and financial considerations.
If an individual has conditions that raise a security concern or may be
disqualifying, the adjudicator evaluates whether there are other
factors that mitigate such risks (such as a good-faith effort to repay
a Federal tax debt). On the basis of this assessment, the agency may
make a risk-management decision to grant the security-clearance
eligibility determination, possibly with a warning that future
incidents of a similar nature may result in revocation of access.
---------------------------------------------------------------------------
\18\ For industry personnel, the Defense Security Service (DSS)
adjudicated clearance eligibility for DOD and 24 other Federal
agencies, by agreement, using OPM-provided investigative reports.
However, DOD is in the process of consolidating its adjudication
facilities, including those for industry personnel. Per DOD 5220.22-M,
National Industrial Security Program: Operating Manual (Feb. 28, 2006
incorporating changes Mar. 28, 2013), those agencies are: (1) National
Aeronautics and Space Administration; (2) Department of Commerce; (3)
General Services Administration; (4) Department of State; (5) Small
Business Administration; (6) National Science Foundation; (7)
Department of the Treasury; (8) Department of Transportation; (9)
Department of the Interior; (10) Department of Agriculture; (11)
Department of Labor; (12) Environmental Protection Agency; (13)
Department of Justice; (14) Federal Reserve System; (15) U.S.
Government Accountability Office; (16) U.S. Trade Representative; (17)
U.S. International Trade Commission; (18) U.S. Agency for International
Development; (19) Nuclear Regulatory Commission; (20) Department of
Education; (21) Department of Health and Human Services; (22)
Department of Homeland Security; (23) Federal Communications
Commission; and (24) Office of Personnel Management.
\19\ Federal guidelines state that clearance decisions require a
common-sense determination of eligibility for access to Classified
information based upon careful consideration of the following 13 areas:
Allegiance to the United States; foreign influence; foreign preference;
sexual behavior; personal conduct; financial considerations; alcohol
consumption; drug involvement; emotional, mental, and personality
disorders; criminal conduct; security violations; outside activities;
and misuse of information technology systems. Further, the guidelines
require adjudicators to evaluate the relevance of an individual's
overall conduct by considering factors such as the nature, extent, and
seriousness of the conduct; the circumstances surrounding the conduct,
to include knowledgeable participation; the frequency and recency of
the conduct; and the individual's age and maturity at the time of the
conduct, among others.
---------------------------------------------------------------------------
If a clearance is denied or revoked, appeals of the adjudication
decision are generally possible. We have work underway to review the
process for security clearance revocations. We expect to issue a report
on this process in the spring of 2014.
Reinvestigation Phase
Once an individual has obtained a personnel security clearance and
as long as they remain in a position that requires access to Classified
National security information, that individual is reinvestigated
periodically at intervals that are dependent on the level of security
clearance. For example, Top Secret clearance-holders are reinvestigated
every 5 years, and Secret clearance-holders are reinvestigated every 10
years. Some of the information gathered during a reinvestigation would
focus specifically on the period of time since the last approved
clearance, such as a check of local law enforcement agencies where an
individual lived and worked since the last investigation.
Further, the Joint Reform Team \20\ began an effort to review the
possibility of continuous evaluations, which would ascertain on a more
frequent basis whether an eligible employee with access to Classified
information continues to meet the requirements for access.
Specifically, the team proposed to move from periodic review to that of
continuous evaluation, meaning annually for Top Secret and similar
positions and at least once every 5 years for Secret or similar
positions, as a means to reveal security-relevant information earlier
than the previous method, and provide increased scrutiny on populations
that could potentially represent risk to the Government because they
already have access to Classified information. The revised Federal
investigative standards state that the Top Secret level of security
clearances may be subject to continuous evaluation.
---------------------------------------------------------------------------
\20\ In 2007, DOD and the Office of the Director of National
Intelligence (ODNI) formed the Joint Security Clearance Process Reform
Team, known as the Joint Reform Team, to improve the security clearance
process Government-wide.
---------------------------------------------------------------------------
agencies do not consistently assess quality throughout the personnel
security clearance process
Executive branch agencies do not consistently assess quality
throughout the personnel security clearance process, in part because
they have not fully developed and implemented metrics to measure
quality in key aspects of the personnel security clearance process. To
promote oversight and positive outcomes, such as maximizing the
likelihood that individuals who are security risks will be scrutinized
more closely, we have emphasized, since the late 1990s,\21\ the need to
build and monitor quality throughout the personnel security clearance
process. While our work historically was focused on DOD, particularly
since we placed DOD's personnel security clearance program on our high-
risk list \22\ in 2005 because of delays in completing clearances,\23\
we have included DHS in our most recent reviews of personnel security
clearance issues. Having assessment tools and performance metrics in
place is a critical initial step toward instituting a program to
monitor and independently validate the effectiveness and sustainability
of corrective measures.
---------------------------------------------------------------------------
\21\ GAO, DOD Personnel: Inadequate Personnel Security
Investigations Pose National Security Risks, GAO/NSIAD-00-12
(Washington, DC: Oct. 27, 1999).
\22\ Every 2 years at the start of a new Congress, GAO issues a
report that identifies Government operations that are high-risk due to
their vulnerabilities to fraud, waste, abuse, and mismanagement, or are
most in need of transformation to address economy, efficiency, or
effectiveness.
\23\ GAO, High-Risk Series: An Update, GAO-05-207 (Washington, DC:
Jan. 1, 2005).
---------------------------------------------------------------------------
Guidance Not Developed for Determining if Positions Require a Clearance
or for Reviewing Existing Position Designations
In July 2012, we reported that the DNI, as the Security Executive
Agent, had not provided agencies clearly-defined policy and procedures
to consistently determine if a position requires a personnel security
clearance, or established guidance to require agencies to review and
revise or validate existing Federal civilian position designations.\24\
As a result, we concluded that DHS and DOD, along with other Executive
branch agencies, do not have reasonable assurance that security
clearance position designations are correct, which could compromise
National security if positions are underdesignated, or create
unnecessary and costly investigative coverage if positions are
overdesignated.
---------------------------------------------------------------------------
\24\ GAO, Security Clearances: Agencies Need Clearly Defined Policy
for Determining Civilian Position Requirements, GAO-12-800 (Washington,
DC: July 12, 2012).
---------------------------------------------------------------------------
In the absence of clear guidance, agencies are using a position
designation tool that OPM designed to determine the sensitivity and
risk levels of civilian positions that, in turn, inform the type of
investigation needed.\25\ This tool--namely, the Position Designation
of National Security and Public Trust Positions--is intended to enable
a user to evaluate a position's National security and suitability
requirements so as to determine a position's sensitivity and risk
levels, which in turn dictate the type of background investigation that
will be required for the individual who will occupy that position. Both
DOD and DHS components use the tool. In addition, DOD issued guidance
in September 2011 \26\ and August 2012 \27\ requiring its personnel to
use OPM's tool to determine the proper position sensitivity
designation. A DHS instruction requires personnel to designate all DHS
positions--including positions in the DHS components--by using OPM's
position sensitivity designation guidance, which is the basis of the
tool.\28\
---------------------------------------------------------------------------
\25\ According to OPM's Federal Investigations Notice No. 10-06,
Position Designation Requirements (Aug. 11, 2010), the tool is
recommended for all agencies requesting OPM investigations and required
for all positions in the competitive service, positions in the excepted
service where the incumbent can be noncompetitively converted to the
competitive service, and career appointments in the Senior Executive
Service.
\26\ DOD, Washington Headquarters Services, Implementation of the
Position Designation Automated Tool (Sept. 27, 2011).
\27\ DOD Instruction 1400.25, Volume 731, DOD Civilian Personnel
Management System: Suitability and Fitness Adjudication For Civilian
Employees (Aug. 24, 2012).
\28\ DHS Management Instruction 121-01-007, Department of Homeland
Security Personnel Suitability and Security Program (June 2009).
---------------------------------------------------------------------------
OPM audits, however, have found inconsistency in these position
designations, and some agencies described problems implementing OPM's
tool. For example, during the course of our 2012 review, DOD and DHS
officials raised concerns regarding the guidance provided through the
tool and expressed that they had difficulty implementing it.
Specifically, officials from DHS's U.S. Immigration and Customs
Enforcement stated that the use of the tool occasionally resulted in
inconsistency, such as over- or under-designating a position, and
expressed a need for additional clear, easily-interpreted guidance on
designating National security positions. DOD officials stated that they
have had difficulty implementing the tool because it focuses more on
suitability than security, and the National security aspects of DOD's
positions are of more concern to them than the suitability aspects.
Further, although the DNI was designated as the Security Executive
Agent in 2008, ODNI officials noted that the DNI did not have input
into recent revisions of OPM's position designation tool.
As a result, we recommended that the DNI, in coordination with the
Director of OPM and other Executive branch agencies as appropriate,
issue clearly-defined policy and procedures for Federal agencies to
follow when determining if Federal civilian positions require a
personnel security clearance. In written comments on our July 2012
report, the ODNI concurred with this recommendation. In May 2013, ODNI
and OPM jointly drafted a proposed revision to the Federal regulations
on position designation which, if finalized in its current form, would
provide additional requirements and examples of position duties at each
sensitivity level. We also recommended that once those policies and
procedures are in place, the DNI and the Director of OPM, in their
roles as executive agents, collaborate to revise the position
designation tool to reflect the new guidance. ODNI and OPM concurred
with this recommendation and recently told us that they are in the
process of revising the tool.
In July 2012, we also reported that the Executive branch did not
have a consistent process for reviewing and validating existing
security clearance requirements for Federal civilian positions.\29\
According to Executive Order 12968, the number of employees that each
agency determines is eligible for access to Classified information
shall be kept to the minimum required, and, subject to certain
exceptions, eligibility shall be requested or granted only on the basis
of a demonstrated, foreseeable need for access. During our 2012 review
of several DOD and DHS components, we found that officials were aware
of the need to keep the number of security clearances to a minimum but
were not always subject to a standard requirement to review and
validate the security clearance needs of existing positions on a
periodic basis. We found, instead, that agencies' policies provided for
a variety of practices for reviewing the clearance needs of Federal
civilian positions. In addition, agency officials told us that their
policies were implemented inconsistently.
---------------------------------------------------------------------------
\29\ GAO-12-800.
---------------------------------------------------------------------------
DOD's personnel security regulation and other guidance \30\
provides DOD components with criteria to consider when determining
whether a position is sensitive or requires access to Classified
information, and some DOD components also have developed their own
guidance. According to DHS guidance, supervisors are responsible for
ensuring that: (1) Position designations are updated when a position
undergoes major changes (e.g., changes in missions and functions, job
responsibilities, work assignments, legislation, or classification
standards), and (2) position security designations are assigned as new
positions are created. Some DHS components have additional requirements
to review position designation more regularly to cover positions other
than those newly created or vacant. For example, U.S. Coast Guard
guidance \31\ states that hiring officials and supervisors should
review position descriptions even when there is no vacancy and, as
appropriate, either revise or review them. In addition, according to
officials in U.S. Immigration and Customs Enforcement, supervisors are
supposed to review position descriptions annually during the
performance review process to ensure that the duties and
responsibilities on the position description are up-to-date and
accurate. However, officials stated that U.S. Immigration and Customs
Enforcement does not have policies or requirements in place to ensure
any particular level of detail in that review.
---------------------------------------------------------------------------
\30\ DOD 5200.2-R, Department of Defense Personnel Security Program
(January 1987, reissued incorporating changes Feb. 23, 1996), as
modified by Under Secretary of Defense Memorandum, Implementation of
the Position Designation Automated Tool (May 10, 2011).
\31\ U.S. Coast Guard, CG-121, Civilian Hiring Guide for
Supervisors and Managers, ver. 2 (June 11, 2010).
---------------------------------------------------------------------------
During our 2012 review, DOD and DHS officials acknowledged that
overdesignating a position can result in expenses for unnecessary
investigations. When a position is overdesignated, additional resources
are unnecessarily spent conducting the investigation and adjudication
of a background investigation that exceeds agency requirements. Without
a requirement to consistently review, revise, or validate existing
security clearance position designations, we concluded that Executive
branch agencies--such as DOD and DHS--may be hiring and budgeting for
both initial and periodic security clearance investigations using
position descriptions and security clearance requirements that do not
reflect National security needs. Moreover, since reviews were not being
done consistently, DOD, DHS, and other Executive branch agencies did
not have reasonable assurance that they were keeping to a minimum the
number of positions that require security clearances on the basis of a
demonstrated and foreseeable need for access.
Therefore, we recommended in July 2012 that the DNI, in
coordination with the Director of OPM and other Executive branch
agencies as appropriate, issue guidance to require Executive branch
agencies to periodically review and revise or validate the designation
of all Federal civilian positions. In written comments on that report,
the ODNI concurred with this recommendation and stated that as duties
and responsibilities of Federal positions may be subject to change, it
planned to work with OPM and other Executive branch agencies to ensure
that position designation policies and procedures include a provision
for periodic reviews. OPM stated in its written comments to our report
that it would work with the DNI on guidance concerning periodic reviews
of existing designations.
ODNI and OPM are currently in the process of finalizing revisions
to the position designation Federal regulation. As part of our on-going
processes to routinely monitor the status of agency actions to address
our prior recommendations, we note that the proposed regulation would
newly require agencies to conduct a one-time reassessment of position
designations within 24 months of the final regulation's effective date,
which is an important step towards ensuring that the current
designations of National security positions are accurate. However, the
National security environment and the duties and descriptions of
positions may change over time, thus the importance of periodic review
or validation. The proposed regulation, if finalized in its current
form, would not require a periodic reassessment of positions' need for
access to Classified information as we recommended. We believe this
needs to be done and, as part of monitoring the status of our
recommendation, we will continue to review the finalized Federal
regulation and any related guidance that directs position designation
to determine whether periodic review or validation is required.
Quality of OPM Investigative Reports Not Measured
As of August 2013, OPM had not yet implemented metrics to measure
the completeness of its investigative reports--results from background
investigations--although we have previously identified deficiencies in
these reports. OPM supplies about 90 percent of all Federal clearance
investigations, including those for DOD. For example, in May 2009 we
reported that, with respect to DOD initial Top Secret clearances
adjudicated in July 2008, documentation was incomplete for most OPM
investigative reports. We independently estimated that 87 percent of
about 3,500 investigative reports that DOD adjudicators used to make
clearance decisions were missing at least one type of documentation
required by Federal investigative standards.\32\ The type of
documentation most often missing from investigative reports was
verification of all of the applicant's employment, followed by
information from the required number of social references for the
applicant and complete security forms. We also estimated that 12
percent of the 3,500 investigative reports did not contain a required
personal subject interview. Officials within various Executive branch
agencies have noted to us that the information gathered during the
interview and investigative portion of the process is essential for
making adjudicative decisions.
---------------------------------------------------------------------------
\32\ Estimates in our May 2009 report were based on our review of a
random sample of 100 OPM-provided investigative reports for initial Top
Secret clearances granted in July 2008 by the U.S. Army, U.S. Navy, and
U.S. Air Force central adjudication facilities and have margins of
error, based on a 95 percent confidence interval, of +/- 10 percentage
points or fewer.
---------------------------------------------------------------------------
At the time of our 2009 review, OPM did not measure the
completeness of its investigative reports, which limited the agency's
ability to explain the extent or the reasons why some reports were
incomplete. As a result of the incompleteness of OPM's investigative
reports on DOD personnel, we recommended in May 2009 that OPM measure
the frequency with which its investigative reports meet Federal
investigative standards, so that the Executive branch can identify the
factors leading to incomplete reports and take corrective actions.\33\
OPM did not agree or disagree with our recommendation.
---------------------------------------------------------------------------
\33\ GAO, DOD Personnel Clearances: Comprehensive Timeliness
Reporting, Complete Clearance Documentation, and Quality Measures Are
Needed to Further Improve the Clearance Process, GAO-09-400
(Washington, DC: May 19, 2009).
---------------------------------------------------------------------------
In a subsequent February 2011 report, we noted that OMB, ODNI, DOD,
and OPM leaders had provided Congressional members with metrics to
assess the quality of the security clearance process, including
investigative reports and other aspects of the process.\34\ For
example, the Rapid Assessment of Incomplete Security Evaluations was
one tool the Executive branch agencies planned to use for measuring
quality, or completeness, of OPM's background investigations.\35\
However, according to an OPM official in June 2012, OPM chose not to
use this tool. Instead, OPM stated that it opted to develop another
tool. In following up on our 2009 recommendations, as of August 2013,
OPM had not provided enough details on its tool for us to determine if
the tool had met the intent of our 2009 recommendation, and included
the attributes of successful performance measures identified in best
practices, nor could we determine the extent to which the tool was
being used.
---------------------------------------------------------------------------
\34\ GAO, High-Risk Series: An Update, GAO-11-278 (Washington, DC:
Feb. 2011).
\35\ The Rapid Assessment of Incomplete Security Evaluations tool
was developed by DOD to track the quality of investigations conducted
by OPM for DOD personnel security clearance investigations, measured as
a percent of investigations completed that contained deficiencies.
---------------------------------------------------------------------------
OPM also assesses the quality of investigations based on voluntary
reporting from customer agencies. Specifically, OPM tracks
investigations that are: (1) Returned for rework from the requesting
agency, (2) identified as deficient using a web-based customer
satisfaction survey, or (3) identified as deficient through adjudicator
calls to OPM's quality hotline. However, in our past work, we have
noted that the number of investigations returned for rework is not by
itself a valid indicator of the quality of investigative work because
DOD adjudication officials told us that they have been reluctant to
return incomplete investigations in anticipation of delays that would
impact timeliness. Further, relying on agencies to voluntarily provide
information on investigation quality may not reflect the quality of
OPM's total investigation workload. We are beginning work to further
review OPM's actions to improve the quality of investigations.
We have also reported that deficiencies in investigative reports
affect the quality and timeliness of the adjudicative process.
Specifically, in November 2010, we reported that agency officials who
utilize OPM as their investigative service provider cited challenges
related to deficient investigative reports as a factor that slows
agencies' abilities to make adjudicative decisions. The quality and
completeness of investigative reports directly affects adjudicator
workloads, including whether additional steps are required before
adjudications can be made, as well as agency costs. For example, some
agency officials noted that OPM investigative reports do not include
complete copies of associated police reports and criminal record
checks. Several agency officials stated that in order to avoid further
costs or delays that would result from working with OPM, they often
choose to perform additional steps internally to obtain missing
information. According to ODNI and OPM officials, OPM investigators
provide a summary of police and criminal reports and assert that there
is no policy requiring inclusion of copies of the original records.
However, ODNI officials also stated that adjudicators may want or need
entire records as critical elements may be left out of the
investigator's summary. For example, according to Defense Office of
Hearings and Appeals officials, in one case, an investigator's summary
of a police report incorrectly identified the subject as a thief when
the subject was actually the victim.
Some Steps Taken to Determine Completeness of Adjudicative Files
To address issues identified in our 2009 report regarding the
quality of DOD adjudications, DOD has taken some intermittent steps to
implement measures to determine the completeness of its adjudicative
files. In 2009, we reported that some clearances were granted by DOD
adjudicators even though some required data were missing from the OPM
investigative reports used to make such determinations.\36\ For
example, we estimated that 22 percent of the adjudicative files for
about 3,500 initial Top Secret clearances that were adjudicated
favorably did not contain all the required documentation, even though
DOD regulations require that adjudicators maintain a record of each
favorable and unfavorable adjudication decision and document the
rationale for granting clearance eligibility to applicants with
security concerns revealed during the investigation.\37\ Documentation
most frequently missing from adjudicative files was the rationale for
granting security clearances to applicants with security concerns
related to foreign influence, financial considerations, and criminal
conduct. At the time of our 2009 review, DOD did not measure the
completeness of its adjudicative files, which limited the agency's
ability to explain the extent or the reasons why some files are
incomplete.
---------------------------------------------------------------------------
\36\ GAO, DOD Personnel Clearances: Comprehensive Timeliness
Reporting, Complete Clearance Documentation, and Quality Measures Are
Needed to Further Improve the Clearance Process, GAO-09-400
(Washington, DC: May 19, 2009).
\37\ DOD Regulation 5200.2-R, DOD Personnel Security Program (Jan.
1987, incorporating changes Feb. 23, 1996).
---------------------------------------------------------------------------
In 2009, we made two recommendations to improve the quality of
adjudicative files. First, we recommended that DOD measure the
frequency with which adjudicative files meet requirements, so that the
Executive branch can identify the factors leading to incomplete files
and include the results of such measurement in annual reports to
Congress on clearances. In November 2009, DOD subsequently issued a
memorandum that established a tool to measure the frequency with which
adjudicative files meet the requirements of DOD regulation.
Specifically, the DOD memorandum stated that it would use a tool called
the Review of Adjudication Documentation Accuracy and Rationales, or
RADAR, to gather specific information about adjudication processes at
the adjudication facilities and assess the quality of adjudicative
documentation. In following up on our 2009 recommendations, as of 2012,
a DOD official stated that RADAR had been used in fiscal year 2010 to
evaluate some adjudications, but was not used in fiscal year 2011 due
to funding shortfalls. DOD stated that it restarted the use of RADAR in
fiscal year 2012.
Second, we recommended that DOD issue guidance to clarify when
adjudicators may use incomplete investigative reports as the basis for
granting clearances. In response to our recommendation, DOD's November
2009 guidance that established RADAR also outlines the minimum
documentation requirements adjudicators must adhere to when documenting
personnel security clearance determinations for cases with potentially
damaging information. In addition, DOD issued guidance in March 2010
that clarifies when adjudicators may use incomplete investigative
reports as the basis for granting clearances. This guidance provides
standards that can be used for the sufficient explanation of incomplete
investigative reports.
Extent of Clearance Reciprocity Not Measured
Executive branch agencies have not yet developed and implemented
metrics to track the reciprocity of personnel security clearances,
which is an agency's acceptance of a background investigation or
clearance determination completed by any authorized investigative or
adjudicative agency, although some efforts have been made to develop
quality metrics. Executive branch agency officials have stated that
reciprocity is regularly granted, as it is an opportunity to save time
as well as reduce costs and investigative workloads; however, we
reported in 2010 that agencies do not consistently and comprehensively
track the extent to which reciprocity is granted Government-wide.\38\
ODNI guidance requires, except in limited circumstances, that all
intelligence community elements ``accept all in-scope \39\ security
clearance or access determinations.'' Additionally, OMB guidance \40\
requires agencies to honor a clearance when: (1) The prior clearance
was not granted on an interim or temporary basis; (2) the prior
clearance investigation is current and in-scope; (3) there is no new
adverse information already in the possession of the gaining agency;
and (4) there are no conditions, deviations, waivers, or unsatisfied
additional requirements (such as polygraphs) if the individual is being
considered for access to highly-sensitive programs.
---------------------------------------------------------------------------
\38\ In addition to establishing objectives for timeliness, the
Intelligence Reform and Terrorism Prevention Act of 2004 established
requirements for reciprocity, which is an agency's acceptance of a
background investigation or clearance determination completed by any
authorized investigative or adjudicative Executive branch agency,
subject to certain exceptions such as completing additional
requirements like polygraph testing. Further, in October 2008, ODNI
issued guidance on the reciprocity of personnel security clearances.
ODNI, Intelligence Community Policy Guidance 704.4, Reciprocity of
Personnel Security Clearance and Access Determinations (Oct. 2, 2008).
\39\ Although there are broad Federal investigative guidelines, the
details and depth of an investigation varies by agency depending upon
its mission.
\40\ Office of Management and Budget, Memorandum for Deputies of
Executive Departments and Agencies: Reciprocal Recognition of Existing
Personnel Security Clearances (Dec. 12, 2005); Office of Management and
Budget, Memorandum for Deputies of Executive Departments and Agencies:
Reciprocal Recognition of Existing Personnel Security Clearances (July
17, 2006).
---------------------------------------------------------------------------
While the Performance Accountability Council has identified
reciprocity as a Government-wide strategic goal, we have found that
agencies do not consistently and comprehensively track when reciprocity
is granted, and lack a standard metric for tracking reciprocity.\41\
Further, while OPM and the Performance Accountability Council have
developed quality metrics for reciprocity, the metrics do not measure
the extent to which reciprocity is being granted. For example, OPM
created a metric in early 2009 to track reciprocity, but this metric
only measures the number of investigations requested from OPM that are
rejected based on the existence of a previous investigation and does
not track the number of cases in which an existing security clearance
was or was not successfully honored by the agency. Without
comprehensive, standardized metrics to track reciprocity and consistent
documentation of the findings, decision makers will not have a complete
picture of the extent to which reciprocity is granted or the challenges
that agencies face when attempting to honor previously granted security
clearances.
---------------------------------------------------------------------------
\41\ GAO, Personnel Security Clearances: Progress Has Been Made to
Improve Timeliness but Continued Oversight Is Needed to Sustain
Momentum, GAO-11-65 (Washington, DC: Nov. 19, 2010).
---------------------------------------------------------------------------
In 2010, we reported that Executive branch officials routinely
honor other agencies' security clearances, and personnel security
clearance information is shared between OPM, DOD, and, to some extent,
intelligence community databases.\42\ However, we found that some
agencies find it necessary to take additional steps to address
limitations with available information on prior investigations, such as
insufficient information in the databases or variances in the scope of
investigations, before granting reciprocity. For instance, OPM has
taken steps to ensure certain clearance data necessary for reciprocity
are available to adjudicators, such as holding interagency meetings to
determine new data fields to include in shared data. However, we also
found that the shared information available to adjudicators contains
summary-level detail that may not be complete. As a result, agencies
may take steps to obtain additional information, which creates
challenges to immediately granting reciprocity.
---------------------------------------------------------------------------
\42\ GAO-11-65.
---------------------------------------------------------------------------
Further, in 2010 we reported that because there is no Government-
wide standardized training and certification process for investigators
and adjudicators, according to agency officials, a subject's prior
clearance investigation and adjudication may not meet the standards of
the inquiring agency. Although OPM has developed some training,
security clearance investigators and adjudicators are not required to
complete a certain type or number of classes. As a result, the extent
to which investigators and adjudicators receive training varies by
agency. Consequently, as we have previously reported, agencies are
reluctant to be accountable for investigations and/or adjudications
conducted by other agencies or organizations.\43\ To achieve fuller
reciprocity, clearance-granting agencies seek to have confidence in the
quality of prior investigations and adjudications.
---------------------------------------------------------------------------
\43\ GAO, Personnel Clearances: Key Factors to Consider in Efforts
to Reform Security Clearance Processes, GAO-08-352T (Washington, DC:
Feb. 27, 2008).
---------------------------------------------------------------------------
Consequently, we recommended in 2010 that the Deputy Director of
Management, OMB, in the capacity as chair of the Performance
Accountability Council, should develop comprehensive metrics to track
reciprocity and then report the findings from the expanded tracking to
Congress. Although OMB agreed with our recommendation, a 2011 ODNI
report found that intelligence community agencies experienced
difficulty reporting on reciprocity. The agencies are required to
report on a quarterly basis the number of security clearance
determinations granted based on a prior existing clearance as well as
the number not granted when a clearance existed. The numbers of
reciprocal determinations made and denied are categorized by the
individual's originating and receiving organizational type: (1)
Government-to-government, (2) government-to-contractor, (3) contractor-
to-government, and (4) contractor-to-contractor. The report stated that
data fields necessary to collect the information described above do not
currently reside in any of the datasets available and the process was
completed in an agency-specific, semi-manual method. Further, the
Deputy Assistant Director for Special Security of the Office of the
Director of National Intelligence noted in testimony in June 2012 that
measuring reciprocity is difficult, and despite an abundance of
anecdotes, real data is hard to come by. To address this problem, ODNI
is developing a web-based form for individuals to submit their
experience with reciprocity issues to the ODNI. According to ODNI, this
will allow them to collect empirical data, perform systemic trend
analysis, and assist agencies with achieving workable solutions.
Recent Efforts and Sustained Leadership Could Facilitate Progress in
Assessing Quality
Several efforts are underway to review the security clearance
process, and those efforts, combined with sustained leadership
attention, could help facilitate progress in assessing and improving
the quality of the security clearance process. After the September 16,
2013 shooting at the Washington Navy Yard, the President directed the
Office of Management and Budget, in coordination with ODNI and OPM, to
conduct a Government-wide review into the oversight, nature, and
implementation of security and suitability standards for Federal
employees and contractors. In addition, in September 2013, the
Secretary of Defense directed an independent review to identify and
recommend actions that address gaps or deficiencies in DOD programs,
policies, and procedures regarding security at DOD installations and
the granting and renewal of security clearances for DOD employees and
contractor personnel. The primary objective of this review is to
determine whether there are weaknesses in DOD programs, policies, or
procedures regarding physical security at DOD installations and the
security clearance and reinvestigation process that can be strengthened
to prevent a similar tragedy.
As previously discussed, DOD and DHS account for the majority of
security clearances within the Federal Government. We initially placed
DOD's personnel security clearance program on our high-risk list in
2005 because of delays in completing clearances.\44\ It remained on our
list until 2011 because of on-going concerns about delays in processing
clearances and problems with the quality of investigations and
adjudications. In February 2011, we removed DOD's personnel security
clearance program from our high-risk list largely because of the
Department's demonstrated progress in expediting the amount of time
processing clearances.\45\ We also noted DOD's efforts to develop and
implement tools to evaluate the quality of investigations and
adjudications.
---------------------------------------------------------------------------
\44\ GAO, High-Risk Series: An Update, GAO-05-207 (Washington, DC:
Jan. 1, 2005).
\45\ GAO, High-Risk Series: An Update, GAO-11-278 (Washington, DC:
Feb. 2011).
---------------------------------------------------------------------------
Even with the significant progress leading to removal of DOD's
program from our high-risk list, the Comptroller General noted in June
2012 that sustained leadership would be necessary to continue to
implement, monitor, and update outcome-focused performance
measures.\46\ The initial development of some tools and metrics to
monitor and track quality not only for DOD but Government-wide were
positive steps; however, full implementation of these tools and
measures Government-wide have not yet been realized. While progress in
DOD's personnel security clearance program resulted in the removal of
this area from our high-risk list, significant Government-wide
challenges remain in ensuring that personnel security clearance
investigations and adjudications are high-quality. However, if the
oversight and leadership that helped address the timeliness issues
focuses now on the current problems associated with quality, we believe
that progress in helping Executive branch agencies to assess the
quality of the security clearance process could be made.
---------------------------------------------------------------------------
\46\ GAO, Personnel Security Clearances: Continuing Leadership and
Attention Can Enhance Momentum Gained from Reform Effort, GAO-12-815T
(Washington, DC: June 21, 2012).
---------------------------------------------------------------------------
In conclusion, to avoid the risk of damaging, unauthorized
disclosures of Classified information, oversight of the reform efforts
to measure and improve the quality of the security clearance process
are imperative next steps. The progress that was made with respect to
expediting the amount of time processing clearances would not have been
possible without committed and sustained Congressional oversight and
the leadership of the Performance Accountability Council. Further
actions are needed now to fully develop and implement metrics to
oversee quality at every step in the process. We will continue to
monitor the outcome of the agency actions discussed above to address
our outstanding recommendations.
Chairman King, Ranking Member Higgins, and Members of the
subcommittee, this concludes my prepared statement. I would be pleased
to answer any questions that you or other Members of the subcommittee
may have at this time.
Mr. King. Thank you, Ms. Farrell.
Let me thank all the witnesses for their testimony and
their level of cooperation. I appreciate it very much.
You may have covered this in some of your testimonies, but
let me just start. There are several cases I am aware of where
a person receives a security clearance while they are at one
agency and then they transfer to another agency. In the mean
time, the first agency is advised of a problem that has
developed and that was not passed on to the second agency. Then
the individual may leave the second agency and go to the
private sector but they still maintain their clearance.
In other words, how much cooperation is there between one
Federal agency and another? If you learned something about an
employee that was in that particular agency or department who
had a clearance and they moved on to another one. In other
words, does it follow the clearance or does it, you know, just
stay with the departments? Am I making it clear what I am
saying?
I don't want to go into the specifics of the case, but
there is at least one individual who was with a particular
agency, got his clearance, moved onto another one. After he
went to the second agency the first agency was advised of
problems that may have prevented him from getting a clearance
in the first place, but those problems were never passed on to
the second agency. Then he went to the private sector after
that, again, keeping the same Top Secret clearance.
So I am going to just go across the board and see if any of
you have any--yes?
Ms. Farrell. I believe you are talking about reciprocity,
which is honoring the investigation conducted when one
transfers from one agency to another, and that is an issue that
we have raised. The extent to which reciprocity is met is
unknown because there are no metrics that tell us how many
people are accepted or how many people are stopped.
Reciprocity is important because by statute, the
Intelligence Reform Terrorism Prevention Act of 2004 stated
that agencies should honor one another's investigations and
adjudications to the extent possible. There have been other
guidance from the DNI, from OMB, making it clear when there are
exceptions to such granting of those clearances, but we do not
know how well it works.
There are anecdotes, as you have anecdotes. There are
stories of someone who has a clearance and it is not accepted
and they have three clearances done in a year, especially with
contractors. But the extent to which these clearances are
accepted, are not accepted is really unknown.
Mr. King. Well, let's say a person has the clearance, moves
onto another agency with that clearance, and the first agency
then is advised that something has come up after the clearance
was given. I assume that agency is supposed to pass that on to
the second, right?
Ms. Farrell. That is something that is specified in
guidance, that when the attention comes of new information, if
it is disclosed to the gaining agency then that would be a
reason not to honor such a clearance. But how often--again, how
often information is passed along is unknown.
Mr. King. Anybody else want to comment on this?
Mr. Prioletti.
Mr. Prioletti. I just wanted to add to what Brenda said
that there is an on-going research right now going on through
the DNI's office where we are meeting with the 16 members of
the I.C. and gaining information on their reciprocity--how was
it enacted? How did they make the guidelines? How did they
determine which people are going to be crossover and which ones
are not--to try to get a better feel and to gain some of the
very metrics that Brenda is referring to there, sir.
Mr. King. Mr. Marshall or Mr. Miller.
Mr. Marshall.
Mr. Marshall. Yes, sir. Thank you.
In DHS we obviously accept reciprocity on its face by
Executive Order. When we can point to an existing
investigation, an in-scope investigation, we will honor it on
its face.
One of the gaps that we see within DHS is that we are not
allowed to do any additional checks unless we have derogatory
information to the contrary. So it would be critical in the
situation that you describe that that first agency pass that
information along to the second agency in order for us to take
an action with respect to the clearance.
Mr. King. Mr. Miller.
Mr. Miller. Chairman King, your question is spot-on, the
issue of where the gaps exist once an investigation has closed
and then there is a reciprocity decision. For instance,
somebody with a Top Secret clearance can go 5 years without a
reinvestigation; however, that doesn't preclude potential new
criminal history record information, financial problems, or
other things developing. However, if that information is not
reported in some way or captured, that remains a gap.
So, as Greg mentioned, within DHS you can only go--make a
reciprocity decision based on the last investigation and not
knowing what may have developed in the mean time. So that 5-
year window becomes a gap, and potentially information could be
developed that may result in, actually, a different
adjudication being made if you were aware of it.
Mr. King. Ms. Farrell and Mr. Prioletti I think both
mentioned guidance. Is that a directive? Is that required or is
it just suggested?
Ms. Farrell. The statute that I mentioned, IRTPA 2004, did
require that reciprocity be honored. There is guidance in OMB
guidelines that has certain exceptions that can be extended,
such as the clearance background investigation is not up-to-
date or additional information has come to light regarding the
individual.
There is also DNI guidance that specifies things such as
the particular position requires a different type of scope of
background investigation. So there are exceptions for the
agencies to consider when they are--before they grant such a
reciprocity.
Mr. King. Mr. Higgins.
Mr. Higgins. Thank you, Mr. Chairman.
Just, you know, for the whole panel, you know, according to
the Office of Personnel Management, almost 5 million Federal
workers and contractors are eligible to hold a security
clearance, and at the Department of Homeland Security
approximately 125,000 employees hold clearances. Given the fact
that this Aaron Alexis, a lone gunman, took up arms against
fellow employees at the Navy Yard, Alexis was a contractor and
he had security clearance but he also had a history of
arrests--plural. More than one. He had a history of gun
infractions--plural. More than one.
In published reports there were other incidences calling
into question, you know, his mental health. So I suppose my
question is, how did he get a security clearance in the first
place?
Go ahead.
Mr. Marshall. Yes, sir. I will start. Thank you.
With respect to Mr. Alexis, and based on what I understand,
and granted, I don't have any first-hand knowledge; I wasn't
particularly briefed on it, but based on what I know from media
accounts and some anecdotal conversations I have had with some
other folks who had some information, it appears that he had a
clearance with the Navy and that when he left the Navy and went
to the contracting firm the clearance was accepted on
reciprocity, because they had an investigation that they can
point to.
In that context let me explain how we do it in Department
of Homeland Security. The Department of Homeland Security does
all the fitness adjudications for contractors in the
Department. The actual adjudication of the investigations,
however, reside in the Department of Defense.
So while we have the ability to do the fitness
determination, the adjudication is done there. So that is how
it works in Homeland Security.
Mr. Higgins. Anybody else?
Go ahead.
Mr. Miller. Yes. I would like to make a comment just as
background on Alexis. The investigation that was completed for
him was completed in 2007. In fact, he was adjudicated in 2008
by the Department. I am sorry DOD is not here to respond.
Some of the criminal history information you refer to
occurred after that 2007 completed investigation, and that is
the gap. In fact, Mr. Alexis was not due for reinvestigation
until 10 years after the completion of the case in 2007, so
that would have been 2017 before there would have been any
review of what may have developed once he had been cleared.
Now, Mr. Prioletti has talked about the continuous
evaluation, the critical need to be able to fill the gap, and
that is one of the solutions being proposed not only by the DNI
but by the community is to be able to capture any new criminal
history record information that might come about.
Mr. Higgins. Go ahead.
Mr. Miller. I just wanted to say, one of the initiatives
on-going right now--if the FBI were here they would talk about
a program called Rap Back. Rap Back is going to provide a
capability within the Department--within the Executive branch
and across Federal Government--that if there has been a
fingerprint check done on an individual for a background
investigation and in the future should new criminal history
information become developed, the FBI will be notifying,
actually the OPM to notify the Federal agency that you have new
results. So that could occur a week after the close of an
investigation, a year, 2 years.
So with Alexis, that criminal history record that was
developed in Texas of that incident with a weapon would have
been notified through the FBI back to the Department to let
them know there is an individual that has new criminal history
record information. So that is part of the C.E. solution in the
future and we are looking to find other ways to provide
information to fill those gaps.
Mr. Higgins. Yes. I would say, look, this is not an exact
science, but it is a pretty sensitive issue when you process
people for security clearance. That should be a pretty tight
criteria. My sense is that while it is good that they are
looking at ways to tighten that up, I am shocked that, you
know, somebody that has a security clearance that any arrest
incident prospectively would not trigger something to the
respective authorities to remove or at least suspend that
clearance so that, you know, the issue could be adjudicated.
It just seems to me, again, that when you are issuing so
many of these or making eligible so many people for security
clearances that, forget about reinvestigations, there should be
a better process in place to ensure that instantaneously,
should something occur that would, you know, result in somebody
being denied clearance, that information should be made
available to determine whether or not that clearance can be
continued and/or at least suspended until such time as there is
a clarity about, you know, what had occurred here.
That is all I have, Mr. Chairman.
Mr. King. Gentleman from Massachusetts, Mr. Keating.
Mr. Keating. Thank you, Mr. Chairman.
I guess the best person that I would ask is Mr. Prioletti
this question: What essential information do background checks
neglect to include in the existing process, which largely
depends on a huge component of self-reporting by persons
applying for it? Are there things that you can highlight that
might be more helpful or areas that are, you know, not included
but that--could you share with us the reason for that?
Mr. Prioletti. Sir, the information that is gained during
the investigative process is based upon the adjudicative
standards that we mentioned earlier that came out in 2005 from
the White House, and they cover 13 generic areas ranging from
finances to foreign national contacts and everything in
between. We do our adjudicative--excuse me--we do the
investigative process based upon information that will gain us
insight into those areas so that we can make an informed
adjudicative decision.
I don't believe it is the areas that we are missing as much
as the comprehensiveness of gaining that information. I believe
Mr. Marshall and Mr. Miller both have commented on the ability
to get that information, and there are some areas where we
could improve on.
One of the biggest areas, I believe, where we need to
improve on are some of our National and local agency checks--
the ability to get criminal responses on individuals. Based on
a conversation earlier, there are somewhere in the area of
17,000-plus local law enforcement and Federal law enforcement
agencies that have information on individuals. They are not all
electronically connected to an ability to get that information
and that would certainly help improve our ability.
Mr. Keating. Yes. I was thinking, I was a prosecutor before
I was here in office, and sometimes we would have cases and
they would reflect on a person's status in State government and
there really wasn't that linkage there either electronically,
as well. We would affirmatively do that but it is not a precise
science because there was not a requirement.
So I think we have an idea that everything can be done
electronically and technologically today, but it just doesn't
work that well. Particularly if you are dealing with State
crimes or State activities, the process of that often is so
slow just to get into the State, let alone to try and link it
to the Federal. There would be quite serious delays.
Here is one more question I think I have a sense of, but in
the last stage of appeals on security clearance issues it
leaves DHS and goes to the Secret Service. Is that correct?
Could you explain, anyone, why that decision was made there
instead of keeping it in a panel within DHS or--and why Secret
Service would be that last? How cumbersome is that, given the
staffing there?
Mr. Marshall. Yes, sir. I can answer that.
It varies. There are three stages to the security appeal
process. There is the personnel security chief; and then it
goes to the second-level deciding authority, and in my
organization I am that person; and then if it is not resolved
at the second level it goes to the, what I call the three-judge
panel at the Secret Service.
The reason it is in the Secret Service is because that is
where it was when DHS was formed. Obviously we are a legacy
agency comprised of many organizations and they already had
that function within the Secret Service, so it just made sense
at the time to, because it was already a functioning body and
already had their policies and procedures in place, just to
leave it there.
I know there has been some question since on whether or not
that is appropriate and whether they should be rotated in and
out and made up of members of other agencies who may sit on
that, and that is still being discussed. But that is how it
evolved to the three-judge panel at the Secret Service.
Mr. Keating. Thank you. It is amazing the legacy issues
with Homeland Security.
I will yield back, Mr. Chairman.
Mr. King. Thank you, Mr. Keating.
As a follow-up to what Mr. Keating was asking you about,
you know, the electronic records, assuming that everything
could be done electronically, how cooperative do you find State
and local governments in giving you the information if you ask
for it?
Mr. Prioletti. Well, sir, quite honestly, I believe that I
would have to defer to Mr. Miller on that one, as he directly
deals with those organizations.
Mr. King. Mr. Miller.
Mr. Miller. Chairman King, it varies candidly with over
17,000-plus law enforcement entities out there. It varies from
from location to location, State to State. In fact, there are
different statutes.
There is a 5 U.S. Code 9101 actually requires agencies to
share criminal history record information with the Federal
Government. However, 9101 doesn't go far enough to actually
outline specifically the information, so the preponderance of
the information being shared today actually just addressed the
charge and the disposition, not necessarily the facts
surrounding and the circumstances of the arrest.
So again, it varies from State to State. In fact, not to go
over old history, but we actually had to go to court in one
location to actually force the local government to share
criminal history record information with the Federal
Government, and we were successful.
Mr. King. Anybody else wish to comment on that?
Ms. Farrell.
Ms. Farrell. I think Mr. Miller can speak to the actual
information sharing, but we are aware when we did our work in
2010 and at other times, agency adjudicators--and this is from
a number of agencies--12, 14--would comment to us that the
summary information in the background investigations did not
give the details regarding police or criminal records that was
available, that that information had been summarized by the OPM
investigator to a point that it raised a lot of questions for
the adjudicators.
So this goes back to the issue of quality with what is
required. Are we getting the best quality from what is required
before we start expanding it and adding additional
requirements?
Mr. King. On a separate issue on this, without starting any
interdepartmental feuds or anything else, but are there any
agencies within the intelligence community or within the
Federal Government who are not willing to cooperate as far as
giving personnel records of their former employees--like, for
instance, going from one intelligence component to another or
to somebody else in the Federal Government? Is it your
experience that anyone is more reluctant than others to fully
cooperate as far as giving personnel information?
Mr. Prioletti. Sir, to the best of my knowledge they all
are cooperating at various levels, depending upon the
information to be shared. But I have not encountered any
specific incidences where one I.C. organization would not share
with another.
Mr. King. Yes.
Ms. Farrell. I can add to that.
During the course of our work with the I.C. we are aware
that they use the Scattered Castles database, and nothing was
brought to our attention within the I.C. community having
access to that. I think the issues evolve more when you are
crossing from the non-I.C. world into the I.C. and what is
shared and what is not shared or back from the I.C. to a non-
I.C.
Because there are different databases. OPM has a database;
DOD has a database; the I.C. has a database. That sometimes can
present issues with reciprocity and some of the issues that we
have discussed.
Mr. King. Apart from the need for improvement on the actual
investigative reports, do you think any improvements are needed
on the adjudicative end as to what standards should be used,
what thresholds there should be?
Ms. Farrell. Our work is concentrated at DOD on the
adjudication portion and we have found issues with the
adjudication when we did our work back in 2006 and 2008. We
found similar issues with the adjudication files as we did with
OPM's investigative files.
We made recommendations regarding guidance that was needed
to document when perhaps an applicant was not available for an
interview, to document what attempts had been made to do so and
why that applicant was not available. DOD developed such
guidance. DOD also took steps to measure the frequency for
which their adjudication reports met the Federal adjudicative
guidelines and other actions to monitor and oversee that
adjudication process.
I cannot speak to the Homeland Security adjudication
process.
Mr. King. Mr. Marshall.
Mr. Marshall. Yes, sir. Thank you.
One of the issues that is troubling to me and a gap that I
recognize--and it is probably something that we are all going
to be working on in this 120-day review that the President
ordered--is a gap I see in suitability adjudication. Mental
health is not one of the adjudicative criteria within
suitability or fitness and I really think that needs to be
addressed.
It is addressed in the revised guidelines for National
security clearances, and Mr. Prioletti mentioned that. But we--
it doesn't appear in 5 CFR 731 for suitability, and the
suitability like criteria we apply to contractors, and I really
think it needs to be.
Mr. King. You know, considering the large number--I think
Mr. Higgins and I said 4.9 million, 5 million people with these
clearances, and obviously a lot of the investigative work is
done by private contractors. We have seen that. Can any of you
comment on whether there is a different level of quality--
better or worse--between the Government carrying out the
investigation or private contractors? Are there other standards
for the private contractors? Are they uniform standards?
Mr. Miller. I can speak to that.
Mr. King. Yes, sir.
Mr. Miller. I managed the contract at Federal workforce.
First off, there is no difference in the way we clear contract
workforce versus Federal workforce relative to background
investigations. Second is the quality of investigations are the
same. They have got to investigate to the same standards and
they have got to meet the same quality standards, both Federal
and contract employees.
Mr. King. Anybody else wish to comment?
Yes, Ms. Farrell.
Ms. Farrell. Our work has found that the--it is unknown,
really, the extent to the quality of investigations. We have
data that does show incompleteness when you look at OPM's
investigations compared to the Federal Investigative
Guidelines.
Is there a difference between the oversight when a
contractor conducts the investigation and a Federal employee?
What we are saying is there are not measures or steps put in
place to make sure that that background investigation does meet
Federal standards regardless of whether it is conducted by a
contractor or a Federal employee.
Mr. King. What standards are there in selecting a
contractor to carry out the investigation? Are they uniform?
Mr. Miller. Yes. The standards are uniform for contractors
that perform background investigative work. They all have to be
trained to the same level, and obviously through the contract
process, when they come in to actually compete for the work
they all have to meet the same standards when they are selected
to do contract work for the Government.
Mr. King. Mr. Higgins.
Mr. Higgins. I have no further questions. Does the staff
have any suggested questions?
Mr. King. Okay. I want to thank you for your testimony
today. Sorry for the delay at the beginning. We got called over
for votes. It seems it never fails. There are never any votes
until we have witnesses here to testify at a hearing, so I
regret that.
I want to thank you for your patience. I want to thank you
for your testimony.
Again, I think all of us appreciate--I am sure I can speak
for Mr. Higgins on this--the level of cooperation and the fact
that all of you appreciate the importance and the significance
of this and the cooperation you have given to the staff. So I
thank you for your testimony.
Brian, do you have anything?
Mr. Higgins. Nope.
Mr. King. Okay. With that, without objection, the
subcommittee stands adjourned. Thank you very much.
[Whereupon, at 3:28 p.m., the subcommittee was adjourned.]
A P P E N D I X
----------
Questions From Honorable Peter T. King for Merton W. Miller
Question 1. As I understand it, the adjudicating agency only gets a
summary of the information that has been gathered during the background
investigation. What entity does the actual packaging of the summary
that is in turn submitted to the adjudicating agency?
Answer. Response was not received at the time of publication.
Question 2. In terms of the background investigators themselves,
whether they are a Government employee or a contracted employee, what
types of standards are they held to in order to complete their jobs? In
other words, have these individuals been subjected to the scrutiny of
background investigations?
Answer. Response was not received at the time of publication.
Question 3. Are the forms that applying individuals use to fill out
during the background investigation phase considered antiquated? If so,
what types of updates to these forms may be necessary to address the
needs of background investigators to adequately gather pertinent and
meaningful information?
Answer. Response was not received at the time of publication.
Question 4. Is there a current backlog in background investigations
for security clearances? If so, how numerous is the backlog and what
effect does the sequestration have on this process?
Answer. Response was not received at the time of publication.
Question 5. How much of OPM's work is contracted out to private
companies to complete background checks? How often are these
contractors reviewed by OPM, in terms of quality control of their
product?
Answer. Response was not received at the time of publication.
Question 6. What difficulties are created by the substantial
dependence of OPM on contractors to execute background checks and what
are the benefits of that dependence?
Answer. Response was not received at the time of publication.
Questions From Honorable Peter T. King for Gregory Marshall
Question 1. How successful has DHS been at producing quality
results in security clearance background checks and by what measure do
use to make this assessment?
Answer. DHS has a successful and robust suitability and security
program. To measure the quality of the background investigations, DHS
relies on its trained adjudicative staff to review the investigative
product for completeness and to render the adjudicative determination.
DHS has incorporated levels of review in the adjudicative process
whereas senior-level adjudicators, including managers, review the work
of the lesser-experienced adjudicators to ensure quality and adherence
to policy and guidelines.
In addition, DHS, as an authorized investigative agency, adheres in
the conduct of its security investigations to the Federal Investigative
Standards. DHS is also an active participant in an Office of Personnel
Management (OPM) and Office of the Director for National Intelligence
Quality Assessment Working Group which was established to create a
standard by which all investigating entities would assess quality
investigations and develop a tool to make the assessment.
Question 2. Where does DHS stand with regard to security clearance
reciprocity, i.e. are you completely accepting security clearances at
all levels for individuals coming from other Federal agencies? If not,
what is your reasoning for not yielding to reciprocity?
Answer. DHS accepts security clearance reciprocity at all levels
for individuals coming from other Federal agencies. However, based on
the responsibilities of the positions, additional higher levels of
investigation may be required, consistent with the OMB memoranda of
December 12, 2005, July 17, 2006, and November 14, 2007, and the
Intelligence Community Policy Guidance Number 704.4. Also, some law
enforcement organizations utilize the polygraph for employment
screening and personnel investigations for positions requiring a
polygraph examination prior to entry into the position.
Security reciprocity should not be confused with suitability or
fitness for appointment, or, alternatively, the ability to meet a
qualification standard in the hiring process. There are additional
considerations that may need to be addressed in order for an applicant
to gain employment. The following is a list of considerations that the
Department must address:
Due to their mission, components that enforce drug laws--
e.g., the U.S. Immigration and Customs Enforcement (ICE) and
the U.S. Customs and Border Protection (CBP)--must adhere to
more stringent guidelines on frequency and recency of illegal
drug use than other components.
Components that have weapon-carrying positions (e.g., ICE,
CBP, TSA, USSS, and FLETC) must adhere to the ``Lautenberg
Amendment'', which provides that it is unlawful ``for any
person to sell or otherwise dispose of any firearm or
ammunition to any person knowing or having reasonable cause to
believe that such person has been convicted in any court of a
misdemeanor crime of domestic violence.'' 18 U.S.C. 992(d)(9).
If an applicant were to be prohibited from possessing a firearm
or ammunition, under the Lautenberg Amendment, that applicant
would therefore be ineligible for the weapon-carrying position.
TSA is required to consider 28 statutory criminal types of
``Disqualifying offenses that, if committed, would disqualify
an individual from employment with the agency.'' See listed in
49 U.S.C. � 44936(b)(1)(B), eligible for employment with TSA.
OPM's regulations on suitability reciprocity contain
exceptions when, for example, the investigative record shows
conduct that is incompatible with the core duties of the
position. See 5 C.F.R. 731.202(d).
While the Department adheres to security reciprocity, it must also
comply with other laws affecting employment and suitability related to
the specific requirements of the position.
Question 3. It is the committee's understanding that the last stage
of appeals for suspensions and revocations of security clearances are
heard before a panel at the U.S. Secret Service for all security
clearance-holders at DHS headquarters and its components. Why is this
the case and why has this authority not been given to a panel comprised
of DHS headquarter officials?
Answer. In accordance with the requirement under Executive Order
12968 that Federal agencies provide applicants and employees denied
clearances the opportunity to appeal the decision, DHS leveraged the
U.S. Secret Service as the Department's Security Appeals Board. The
U.S. Secret Service has a robust and long-standing functioning Appeals
Board. As the Board performed the functions appropriately and in
accordance with all Federal guidelines, there was not an immediate need
to change the composition of the Board. We will revisit the composition
of the Board and determine potential adjustments to the practice.
Question 4. Do you think that existing policies and processes
related to reinvestigations of individuals who hold security clearances
meet the ``appropriate level of rigor'' mentioned in your earlier
testimony?
Answer. DHS believes there are gaps in the process that create
vulnerabilities to the Department. For one, the current interval for
periodic reinvestigations (5, 10, 15 years depending on the level of
clearance) is insufficient, though this has been addressed in the 2012
Federal Investigative Standards approved and signed in December 2012,
and will be implemented fully by 2017. Also, based on the level of
reinvestigation and records collected, security offices are not always
provided relevant information on individuals of incidents occurring in
their employment. Another large gap is the lack of participation and
timeliness of local law enforcement jurisdictions reporting criminal
activity into the State and National repositories on which security
investigators rely. We note that Congress expressed awareness of this
issue when it recently passed the National Defense Authorization Act,
2014, section 907 of which establishes a task force on records access
composed of both Federal and State and local law enforcement officials
to make recommendations for improving the degree of cooperation and
records sharing. This issue is also being examined as part of the
``120-day review'' of security and suitability policies and procedures
now underway that the President has directed.
Question 5. In your view, are reinvestigations currently conducted
with the appropriate frequency (currently, 15, 10, and 5 years for
Confidential-, Secret-, and Top Secret-level clearances, respectively),
or should reinvestigations occur more frequently?
Answer. The current policies for reinvestigations are not stringent
enough due to the current time frames. Those policies had been in place
since the late 1990s and were in need of reform. In December 2012 the
Office of the Director of National Intelligence and the Office of
Personnel Management jointly issued new Federal investigative standards
establishing a 5-year reinvestigation cycle even for Confidential and
Secret clearances. The new standards are subject to an implementation
plan. Further, ODNI has been given authority under Executive Order
13467 to develop the Continuous Evaluation (CE) program to evaluate
National security risks involving cleared personnel between periodic
reinvestigations, and the December 2012 Federal investigative standards
require CE for Top Secret-cleared personnel. Likewise OPM is piloting
the ``Rap Back'' program by which the FBI furnishes real-time arrest
information on current employees. Full implementation of the 2012
revised standards is expected by 2017. DHS is an active participant in
Federal personnel security community discussions and activities to
address the need for a more frequent/current review of individuals who
hold security clearances, including continuous evaluation.
Question 6. As you noted in your earlier testimony, background
investigations only examine past behavior and may be an inadequate
predictor of future behavior. One potential element of the Insider
Threat Program is the use of analytics to identify and even predict
potential breaches of information systems based on an individual's
pattern of system access. Have you or other members of DHS's Chief
Security Officer Council explored the possibility of using similar
analytics or behavioral modeling techniques as part of the security
clearance adjudication process?
Answer. As personnel security is an integral part of the Insider
Threat Program, DHS recognizes the need to use analytics in its
personnel security process. Under the concept of Continuous Evaluation
and Continuous Monitoring, personnel security will be more proactive in
making individual assessments than the traditional reactive approach.
The Continuous Evaluation will be a tool to evaluate patterns of
behavior. DHS is awaiting guidance from the Office of the Director for
National Intelligence (ODNI), as the Security Executive Agent, to
release policy on the execution of the Continuous Evaluation model.
ODNI, through the National Insider Threat Task Force, convenes various
forums to assist departments and agencies as they work to establish
their insider threat programs under Executive Order 13587 and the
President's National insider threat policy and minimum standards. In
the interim, the Department has held discussions with private firms
that look at behavioral modeling through continuous evaluation to
explore automated options and their availability/compatibility with
current systems. DHS participated in a Department of Defense hosted
Behavioral Analysis/Insider Threat Tabletop Exercise (TTX) to review
best practices, including programs outside the U.S. Government, to
determine whether elements of those programs could be adopted to detect
persons who may pose a threat; as well as review leading edge tools and
technologies that augment existing security processes and capabilities.
A range of predictive analytics and risk assessment tools were
discussed. For example, the Identity Management Enterprise Services
Architecture (IMESA) was identified as a potential capability to
continuously monitor personnel that have authorized access to DoD
installations and assets against authoritative data sources. IMESA will
enable the sharing of identity and physical access control information
complementing on-going continuous evaluation concept demonstration
efforts.
Questions From Honorable Peter T. King for Brian A. Prioletti
Question 1. Under Section 6 of Executive Order 13587, the
Interagency Insider Threat Task Force is to conduct ``independent
assessments'' of agencies' insider threat programs. What is the status
of the task force's effort to develop procedures for these assessments?
How many assessments has the task force conducted?
Answer. Response was not received at the time of publication.
Question 2. Could you summarize the results of those assessments?
In your response, could you discuss the following: How many agencies
have acceptable programs? How many do not? For agencies that do not
have acceptable insider threat programs, what are the deficiencies?
Answer. Response was not received at the time of publication.
Question 3. What differences, if any, exist regarding the threat to
National security posed by contractor employees with access to
Classified material and Federal employees with access to Classified
material?
Answer. Response was not received at the time of publication.
Question 4. Is there a need to expand the areas of risk factors
when adjudicating security clearance applicants to address the issues
that we have seen in recent events?
Answer. Response was not received at the time of publication.
Question 5. In your testimony, you mentioned the need for
Continuous Evaluation for those persons that hold security clearances.
Would this process be regulated by time frames or will they be
triggered by information discovered about a security clearance holder
by the agency security office?
Answer. Response was not received at the time of publication.
Question 6. What essential information do background checks neglect
to include in the existing process, which depends largely on self-
reporting by the persons applying for a security clearance?
Answer. Response was not received at the time of publication.
Questions From Honorable Peter T. King for Brenda S. Farrell
Question 1. You mentioned in your testimony that agencies are
``revisiting the Federal investigative standards.'' Can you explain the
investigative standards that are currently being revisited by Federal
agencies? Is the proposed OPM/ODNI rule one of the agency actions
referred to in your statement?
Answer. Response was not received at the time of publication.
Question 2. What possible impact, if any, could the proposed OPM/
ODNI rule have on the overall security clearance background
investigation process?
Answer. Response was not received at the time of publication.
Question 3. What elements of the security clearance process do you
find the most problematic with regards to conducting fair and thorough
background investigations?
Answer. Response was not received at the time of publication.
Question 4. In your research, have you found that agencies are
fully complying with the guidelines for reciprocity? If not, what are
the reasons for non-compliance?
Answer. Response was not received at the time of publication.
Question 5. In your testimony, you mentioned that your study
involved looking into the metrics needed to measure quality of the
security clearance process. Are there any agencies in particular that
stood out as doing at least a fairly exceptional job with measuring its
process quality and if so, why is this the case with that particular
agency and not others?
Answer. Response was not received at the time of publication.
�