The new bureau to handle security clearances, which is expected to launch Oct. 1, is looking for new technology systems and services across 12 functional areas to upgrade its current legacy IT.
The Defense Department issued a request for information (RFI) to industry outlining its initial plans to build a better, faster, more secure security clearance technology infrastructure.
“The National Background Investigation System (NBIS) is the all-encompassing IT applications, storage, security, services, operations, and support for the National Background Investigation Bureau (NBIB),” the RFI stated.
The NBIS says it plans to look at existing government systems and technology first, and then look for commercial systems and finally developing new government-specific systems.
“NBIS project management office must establish an enterprise IT enclave that enables business process reengineering, including modular system development to accommodate changes in data requirements, advanced security protections to safeguard data, enables broad shared services to maximize investments, and not only meets the needs of the end users, but also connects those users to the process,” the RFI stated.
Jim Onusko, transition leader of the NBIB, said at the INSA AFCEA National Security Summit on Sept. 7 that his office is working closely with the DoD.
“DoD will be building, maintaining and protecting the IT infrastructure of the NBIB. That’s huge. That’s their core competency,” Onusko said. “We will inform them as the business sponsor for the business requirements of a new IT system that is conducive to automation and digitization. And they will build that out.”
Position designation — A capability at the beginning of the investigation process. It is required to determine the type of investigation needed for the position. It should be an automated process based on input from the requesting agency hiring official. The capability should determine the degree of potential damage to the efficiency or integrity of the mission from misconduct of an incumbent of a position, establishing the risk level of that position.
Validate need — A capability provides the security manager and others the ability to confirm that a position requires the eligibility indicated by the position designation and check the current subject/applicant access status. Once checked and determined to be needed, the background investigation can be initiated, allowing the applicant to enter submission data. A Trusted Information Provider (TIP) will have the capability to confirm information the applicant has submitted, such as citizenship, education or employment.
Electronic application — This provides for data collection enabling agency personnel to initiate the investigation process for applicants. It also lets applicants provide the information needed to conduct the investigations. This capability also covers the collection of data from other sources (government or commercial databases) through either electronic (personnel log into systems and input data into the investigative systems) or automated (system to system exchange of data) methods.
Automated record checking — This would be a fully-automated process to query applicant data against appropriate government and commercial databases to collect, analyze and validate data in order to produce reports that flag potential issues. This will provide consistency, as well as cost and time efficiencies for authorized investigating agencies and their Investigative Service Provider (ISP). The ARC accesses multiple data sources for identity resolution, verification and collection of investigation information, analyzes and flags inconsistencies, and also generates reports of investigation.
Support for continuous evaluation — The NBIS will not perform CE, but its systems will interoperate with external continuous evaluation systems.
Support for eligibility information management — Another area where the NBIS needs to interoperate with other federal systems.
Case management — This capability allows for the ingestion of data from disparate sources, the scheduling of investigations, management of multiple contracts and vendors and item level scheduling. The ability to decompose cases into individual items and send those items to different Investigative Service Providers (ISP) (federal or contractor), receive the items back from those providers, reassemble the items into a case, and process it for the creation of a final report of investigation. The capability also will let investigators assemble all elements of the investigation required to close the case and deliver that package to the requesting agency or allows the requesting agency to view the contents of the package to render an eligibility determination.
Fingerprint — This technology would let investigators process applicant fingerprints and places data in the case management system.
Field work — Investigators will be able to access and provide data from anywhere, at any time.
Reporting — This capability would provide information on the routine output of the system and operations for the purposes of managing the workforce and workload as well as specific output for the purposes of meeting an exigent request (such as a data call in response to a congressional inquiry). The capability is also used to provide billing and pricing information to operations, legal, agency leaders, external business systems, and other organizations (internal and external).
Imaging — This is part of the effort to convert legacy paper documents to electronic form that is machine readable.
Services — Defense Information Systems Agency is looking for nine different enterprise services ranging from capacity monitoring to role based access to document management to workflow to case tracking services.
Additionally, DISA will run the virtual desktop infrastructure (VDI) for all NBIS employees and the data center operations. DISA and the Joint Force Headquarters-DoD Information Networks (JFHQ-DoDIN) will provide the cybersecurity services, including the end-to-end situational awareness and command and control.
DISA plans to hold one-on-one sessions with interested vendors. Responses to the RFI are due Sept. 23.
While DISA develops the acquisition strategy and begins prototyping different capabilities, the NBIB will depend on the legacy systems run by the Federal Investigations Service.
In a letter to Sens. John Tester (D-Mont.) and Claire McCaskill (D-Mo.), the Office of Personnel Management said it will “continue to use the revolving fund to maintain the legacy IT environment and provide the enhancements necessary to continue to operate securely and provide quality investigation products.”
OPM told the lawmakers that its digital transformation strategy includes long-term and short-term IT improvements around end-user services such as laptops and mobile devices, and security enhancements.
“The goal of the NBIB IT function is to provide a single point of coordination with DoD and within OPM as both the short and long term NBIB technology needs are identified,” OPM stated.