The Biden administration is moving forward with new personnel vetting principles intended to simplify and streamline how the government evaluates people for sensitive positions and security clearances.
The personnel vetting guidelines have been circulated throughout agencies and are currently in the queue for signature by the Office of the Director of National Intelligence and the director of the Office of Personnel Management, according to Valerie Kerben, senior policy adviser with the ODNI, speaking at an Oct. 27 National Industrial Security Program Policy Advisory Committee (NISPPAC) meeting.
The forthcoming guidelines are part of the ongoing Trusted Workforce 2.0 initiative to reform background investigation and security clearance processes. They are based on a “federal personnel vetting core doctrine” published in the Federal Register in January.
“The Federal Government must effectively optimize the resources, information, and technology to support the goal of a trusted workforce to conduct the business of the Federal Government,” the doctrine states. “Personnel vetting assesses the trustworthiness of individuals based on the core characteristics to protect people, property, information, and mission, as they relate to the particular purpose.”
The doctrine stresses the need to use uniform vetting processes across agencies, as well as the imperative to share information about individuals across agencies and with industry.
One of the desired outcomes listed in the document is the government “promotes mobility of individuals between and within federal agencies and government contractors and enables efficient re-entry to federal service from the private sector.”
For years, agencies and industry have pressed for the widespread ability for an individual to take the same security clearance determination from one job to another if the security requirements are the same — a concept known as “reciprocity.”
“Mobility is enhanced by efficient transfer of trust determinations and reciprocity between departments and agencies, and across roles for individuals who work for or on behalf of the Federal Government,” the doctrine states.
Kerben said the ODNI and OPM are also reviewing new investigative standards that consolidate five separate standards into just three.
Tier one will encompass “low risk” cases, while tier two will involve “moderate risk” or secret-level security clearance cases. Tier three will consist of “high risk” or top secret clearances.
The tiers being eliminated are for secret- and top-secret-level security clearance reinvestigations, which are going away with the advent of continuous vetting. Earlier this month, the Defense Counterintelligence and Security Agency (DCSA) announced all 3.6 million Defense Department clearance holders had been enrolled in continuous vetting.
Clearance processing timelines also continue to go down, although they are not yet meeting federal standards.
During the fourth quarter of fiscal year 2021, the fastest 90% of initial secret clearance investigations for DoD and industry positions were processed in an average of 112 days. The fastest 90% of initial top-secret clearance investigations for the same population was 181 days, according to data presented at the NISPPAC meeting.
However, the federal goal for investigating and adjudicating an initial secret-level application is 60 days for the fastest 90% of cases, while the goal is 100 days for an initial top-secret applicant.
Meanwhile, DCSA’s investigations inventory sits at 176,000 cases, well below the 200,000 “steady state” the agency set as a threshold.
New CUI rule coming
The government is planning to publish a Federal Acquisition Regulation governing how industry and agencies handle controlled unclassified information in November, according to Evan Coren, who oversees Controlled Unclassified Information (CUI) at the National Records and Archives Administration’s Information Security Oversight Office.
The designation and protection of CUI have long been sticking points for industry. Earlier this month, the Intelligence and National Security Alliance (INSA) published a paper arguing that an “explosion of CUI categories, overly complex protection and handling guidelines, and a lack of strong centralized management authority undermine the program’s effectiveness.”
There are more than 120 distinct categories of CUI that each require unique protections across federal agencies.
The INSA paper calls for a wholesale reevaluation of the CUI program, including “reassessing what really needs protection, clarifying the impact of CUI designation on proprietary information, codifying how CUI costs will be calculated, and implementing a mechanism to incorporate industry insights.”