The Defense Counterintelligence and Security Agency is adding more data categories to its “continuous vetting” program, while more than three dozen non-defense agencies are using DCSA’s services as it moves ahead with security clearance reform efforts.
DCSA is now monitoring 50,000 cleared individuals from 38 non-defense agencies under its continuous vetting program, according to Heather Green, assistant director of vetting risk operations at DCSA. That’s on top of the 3.6 million Defense Department service members, civilians and contractors who were enrolled in continuous vetting by last October.
“We do anticipate this continuing to grow through this fiscal year and beyond as we add those additional CV services,” Green said on Inside the IC. “So as more services and capability comes online, we’re going to continue to grow our service to our federal agencies, as well as our DoD customers.”
DCSA is one of the lead agencies implementing the government-wide “Trusted Workforce 2.0” initiative. The effort aims to streamline the government’s personnel vetting process through automated record checks, simplified security standards and more information sharing across agencies.
DCSA’s continuous vetting system is one of the centerpieces of the initiative, giving investigators the ability to receive automated alerts when a security clearance holder faces an issue that could put their clearance at risk.
DCSA’s continuous vetting system hit the “1.25” milestone last fall when the DoD cleared population was fully enrolled. But the system at that time was limited to three data categories: criminal activities, terrorism, and eligibility.
The agency is now adding alerts about suspicious financial activity, foreign travel, credit history and “public record information” to the continuous vetting system on the way to the “Trusted Workforce 1.5” milestone this fall, according to Green. Already, 2 million DoD clearance holders are enrolled in that expanded system of alerts.
The continuous vetting system is replacing periodic reinvestigations, where investigators would do a background check on a clearance holder every five or 10 years. Instead of learning about potentially suspicious activity years after it took place, the system is intended to provide security offices with alerts about such activity. Investigators can then decide whether to follow up.
But Green says continuous vetting is not a “gotcha” program. Instead, she says it’s intended to improve security while also giving cleared personnel the chance to self-report and mitigate any potential issues.
“In the grand scheme of things, very few individuals actually receive an alert or require the additional investigative action to take place,” Green said. “But CV isn’t just about generating those alerts. It really is about self-reporting. There are self-reporting requirements for clearance holders, and it’s really supporting the goal of helping us identify potential issues before they fester into a larger insider threat concern.”
Security clearance reciprocity timelines down
DCSA has also made major strides in the time it takes for it to process and adjudicate a security clearance granted by another agency, a process referred to as “reciprocity.” The process affects personnel transferring from one agency to another, as well as contractors working on different projects for different agencies.
DCSA now takes an average of just one day to make a reciprocity decision, down from a peak of 65 days in mid-2020, according to Green.
She credited “business process engineering” leading to more efficient decision-making on reciprocity requests, as well as the merger of several organizations under DCSA, including the former National Background Investigations Bureau and the DoD Consolidated Adjudications Facility.
Last year, DCSA also completed the shift from using multiple personnel security databases to the Defense Information Security System (DISS).
“Having the ability to control the end-to-end process was certainly a part of that success,” Green said of reciprocity.
While other agencies, most notably in the intelligence community, take much longer to make reciprocity decisions, Green thinks the “transfer of trust” process, as it’s called under Trusted Workforce 2.0, will continue to improve with time.
Initial vetting hurdles
One of the next major hurdles for security clearance reform will be speeding up the time it takes to get an initial applicant, with no prior government background investigation, through the vetting process. The initial background investigations process often takes months and even years in some cases, making it harder for the federal government to hire new employees.
A quarterly update issued by the Security, Suitability, and Credentialing Performance Accountability Council earlier this year shows DCSA is expected to begin offering initial vetting products, using more automated processes and the new National Background Investigation Services (NBIS) IT system, starting next June.
“We are committed to being what I would call the ‘personal security provider of choice,'” Green said. “We’re working very hard to provide new and enhanced products and services to support that full TW 2.0 implementation to include initial vetting products. The actual implementation of the new standards will take some time and will be fully phased in as those products and services are available. But we are leaning forward, looking at how we can continue to evolve all our vetting products and services.”