Clearance reciprocity still a policy issue despite better tech
The backlog of security clearance investigations has continued to drop from a 2018 high of 725,000 to 200,000, but agencies continue to struggle with reciprocity issues.
The backlog of security clearance investigations has continued to drop from a 2018 high of 725,000 to a steady state inventory of 200,000, but agencies and contractors continue to struggle with reciprocity issues.
The Defense Counterintelligence and Security Agency is in the process of developing the National Background Investigation Services (NBIS) to replace legacy background investigation IT systems. This IT system is part of the new Trusted Workforce 2.0 framework, meant to consolidate the security clearance process and address problems plaguing the process of obtaining initial clearances and moving cleared employees among agencies. It also establishes a continuous vetting process for security clearance holders.
The goal is for DCSA to incorporate all clearances into Trusted Workforce 2.0 "hopefully" by the end of 2023, said William Lietzau, DCSA director, at a May 26 roundtable discussion hosted by Rep. Gerry Connolly (D-Va.).
Three million workers are currently enrolled in the current iteration of the Trusted Workforce program, which allows for continuous vetting of clearance holders, said Heather Green, DCSA's director of vetting risk operations.
Trusted Workforce 2.0 will include more data sources for vetting applicants and clearance holders for adverse information, and replace the legacy background investigation system that was the source of the 2015 OPM data breach, Lietzau said. DCSA assumed responsibility for that system, which includes components dating back to 1984, around seven months ago, he said.
The Trusted Workforce 2.0 framework is designed to speed up these processes by eliminating much of the duplication in the investigation processes among agencies by using a program that will allow investigators to use some types of information that've already been collected.
The IT system holding all that information, then, has a lot of potential, DCSA officials said.
Many pointed to continued problems in the area of reciprocity, the process of an agency trusted the security decisions of another agency, allowing employees to move more easily among agencies.
"If we can all eventually get onto a singular system that has all the touchpoints, that will allow much more rapid checking data. Whenever we have a holdup, it's usually because we're reaching out to some agency that doesn't have all of its data put onto the system that we're using," Lietzau explained. "The benefit of NBIS will be that it will have all that data in one place."
The system will, however, be voluntary, with agencies and departments having to opt-in. Marianna Martineau, assistant director for adjudications at DCSA, expressed optimism that agencies would participate.
Several industry participants also emphasized their desire to be involved in the process.
"It will help if we are all on system, but it's very important that when we move into NBIS, that industry be included as a partner in the development of that system because reliability of the data in that system is critical," said Jennie Brackens of SAIC.
Fully solving the reciprocity problem could also take clarifications on reciprocity policy, she said. Many agencies maintain their own specific security and credentialing criteria and don't honor clearances issued by other agencies without additional vetting.
Current policy for reciprocity is relatively narrow and doesn't address additional requirements agencies might layer onto the baseline requirements, confirmed Brian Mazanec, director of Defense Capabilities and Management in the Government Accountability Office.
"I don't know how the continuous vetting process might help with reciprocity unless we have a top-down policy clarification on what is acceptable reciprocity," Brackens said. "We need to have that mutual understanding across the agencies of what is acceptable under the continuous vetting program."
In the meantime, Mazanec also emphasized the need for DOD and OPM to fully secure its existing legacy security clearance IT systems that are going to be used until NBIS is fully online – an issue "as important as ever" in light of increased cyber threats, he said.
This article first appeared on FCW, a Defense Systems partner site.