Security

OPM merges security investigation databases

thumbprint

The Office of Personnel Management is streamlining a database with records on feds and contractors with access to security clearance investigative records, with the apparent goal of putting an additional layer of security over the actual contents of government background investigations.

The federal government is in the midst of an overhaul of the security clearance process, the result of reviews initiated in the wake of last year's deadly Navy Yard shooting, perpetrated by a cleared federal contractor with a record of mental health issues and violent behavior that did not show up in his security check.

A report to President Barack Obama released in February advised switching to an automated continuous evaluation method for updating clearances, rather than periodic reinvestigations, and using a risk-based approach to identify subjects for more intensive probes. The report also advised a coordinated, government-wide approach to managing the IT around clearance investigations and adjudications.

An OPM spokesperson told FCW that the planned changes put forth in a Feb. 27 Federal Register Notice were administrative in nature, and did not represent new policy. However, the planned changes mesh closely with the administration's goal of creating a collaborative, enterprise-wide, case-management tool for investigations. OPM plans to merge several internal databases – the Security Officer Control Files and the Adjudication Officer Control Files – with data on individuals with access to OPM facilities or systems, including OPM employees, contractors, and others who need access to OPM systems.

Notably, OPM plans to exclude records on employees and contractors working for outside agencies who were themselves the subject of investigations by OPM at the request of outside federal agencies. This would appear to constitute the meat of the OPM internal database – the case files containing information on suitability and security investigations conducted by OPM on behalf of federal agencies. The notice advises further that owing to these changes, "requests for background investigations maintained in the Adjudications Officer Control Files will be denied," presumably because they no longer reside in that system.

The changes to the records system was announced in the Federal Register as required by the Privacy Act of 1974.

It's not clear from the Federal Register notice how the investigation case files will be housed, or in whose custody. An OPM spokesperson did not shed light on the content of the notice in a brief conversation. However, isolating the investigative case files from OPM's internal employee and contractor files make sense in the context of building an interoperable system that can support the analytics necessary to conduct the kind of ongoing automated evaluations sought by the administration. However, there has been no public announcement of the creation of the kind of enterprise-wide case management system envisioned under the report to the president, so it's not clear whether the notice is part of a larger plan to prep clearance investigations records for an overhaul, or simple IT housekeeping.

OPM has also come under fire in recent months because its main investigative contractor, United States Investigative Services, is being sued for fraud over employee claims that it fast-tracked clearances without conducting the required investigations. The Justice Department joined the whistleblower suit, which is proceeding in the Washington, D.C., federal district court. USIS has until June 4 to respond to the charges. As a result of the controversy, OPM has put its own employees in charge of reviewing background checks before they are sent to the requesting agencies for adjudication.

OPM is also adding security checks to the merged system of records it is retaining. Employees will require a completed investigation or a grant of interim access before gaining access to the records contained in the unified database. Records themselves are to be stored as digital images on a secure, local network or in locked metal cabinets in a secure facility.

About the Author

Adam Mazmanian is FCW's senior staff writer, and covers Congress, health IT and governmentwide IT policy. Connect with him on Twitter: @thisismaz.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.

Featured

  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above