The average time it takes to complete a security clearance review, at nearly every step in the process, fell well short of governmentwide performance goals in fiscal 2015.
Initial secret and top secret cases took an average of 95 and 179 days to process, respectively, by the end of last fiscal year, according to a fourth quarter update on Performance.gov. Periodic reinvestigations took an average of 251 days.
The backlog of periodic reinvestigations steadily rose since February 2015 as well, climbing from 5,326 overdue reviews to 8,332 at the end of the fiscal year.
The Defense Department also handed out fewer security clearances in 2015 compared to two years earlier, reflecting a broader governmentwide trend. DoD cleared a total of 3.8 million people last year, a 17.4 percent drop from 2013, the progress update said. The department’s backlog of overdue secret clearances also dropped by 24 percent since 2014.
Insider threat and security clearance reform is one of 15 cross-agency priority goals that the administration identified in 2015.
These results come as the administration weighs possible changes to the federal security clearance process.
The Suitability and Security Performance Accountability Council began a review of the fundamental issues surrounding the Office of Personnel Management’s Federal Investigative Service in July. The Council made four recommendations, the progress update said, which are “currently under advisement.” The progress report offered no further details on those recommendations.
A former counterintelligence official said in December that the White House will likely form a new agency — called the National Investigative Service Agency — that would assume ownership of the security clearance process, instead of OPM.
And other changes are coming, specifically to the sources of information agencies use when investigating and reviewing new and existing clearance holders.
Congress directed agencies in the fiscal 2016 omnibus spending package to include social media in the reinvestigation process. But they still need the go-ahead from the Director of National Intelligence before they can begin collecting and using publicly available information.
Permission will come in the form of a Security Executive Agent Directive (SEAD), said Charlie Sowell, senior vice president for system and software engineering solutions at Salient CRGT and a former senior adviser to the Director of National Intelligence.
The Office of the Director of National Intelligence (ODNI) was supposed to work with the Office of Management and Budget to revise reporting requirements policy, SEAD 5, by July 2014.
But ODNI missed the deadline, because the directive is stuck in OMB’s Office of Information and Regulatory Affairs, Sowell said.
The delay on SEAD 5 is holding back progress on other milestones as well. The Performance Accountability Council (PAC) is supposed to propose a rule that would inform the contracting community what reporting requirements they need to follow. But the PAC hasn’t started that process yet, and it doesn’t have a set deadline to complete it.
Agencies are trying to add mental health questions and other reporting requirements on continuous evaluation to some security/suitability forms, but agencies missed their August 2015 deadline.
The progress update indicated that agencies, specifically the Defense Department, are generally on track to meet future deadlines to expand continuous evaluation (CE) capabilities to more personnel. DoD was on track to meet its December 2015 deadline to add CE to 225,000 people, the update said. The goal is to add CE capabilities to 500,000 and then 1 million people in December 2016 and 2017, respectively.
Departments are also making slow strides on their insider threat programs.
Most met their January 2015 deadline to develop an Insider Threat Program implementation plan, according to the fourth quarter update. But the results were mixed.
“Many of those that have not [met the deadline] are discovering challenges with issues such as organizational culture, legal questions and resource identification,” the update said. “The National Insider Threat Task Force is working to address these issues as quickly as possible.”
While the agencies were at risk of missing their December 2015 deadline of achieving initial operating capability for their insider threat programs, as of the date that the Office of Management and Budget wrote the fourth quarter update, they are on track to achieve their final operating capability deadline in December 2016, the update said.