What 'continuous monitoring' means in the clearance context
FCW recently reported on plans by the administration to use continuous monitoring for security clearances for feds and contractors.
One reader wondered how this would work in practice:
"Will this eliminate the need for the [five- and 10-year] re-evaluations for [top secret and secret] clearances? What criteria will be used for this collection of data? Traffic stops, speeding tickets, arrests, credit scores, late payments?"
Adam Mazmanian responds:
As with any policy, the devil is in the details. The Security Clearance Reform Act, sponsored by Rep. Stephen Lynch (D-Mass.), would include financial credit history, currency transactions, court records, traffic violations, arrests, and foreign travel as areas to be examined.. This would require access to a mix of consumer databases and records of local and state law enforcement, as well as federal financial regulators. That tracks with other proposals made by experts in congressional testimony and those coming from the administration.
It's not just insider threats like Edward Snowden that drive the need for changes to policy. The government can't keep up with the required periodic reinvestigations of cleared personnel. About 22 percent of those eligible for access to classified information have outdated clearances, according to a recent report from the Office of Management and Budget.
Designing a system that gets inputs from those disparate systems and checks them accurately against feds and contractors holding secret and top secret clearances won't be easy. A study by the Intelligence and National Security Alliance suggests increasing the use of an existing self-reporting tool, the Standard Form 86 certification, which allows cleared personnel to report changes to their personal or financial status, report arrests, foreign contacts and other information.
Cleared individuals could file an updated form annually through a secure website, to provide a basis for automated checks. The self-reporting process would help provide a "clearance health" baseline for important information, and free up time for investigators to deal with the most important cases. The report's authors advise making the annual updates mandatory, and advising cleared personnel of the serious consequences of submitting false information.
The INSA report argues that a centralized, self-reporting system also has the advantage of helping track the access of feds and contractors who might be cleared for information at multiple agencies. Individuals with the most sensitive access could be given priority for investigative checks. The report suggests testing a new continuous monitoring system with individuals cleared to access "sensitive compartmented information" systems – this group is only about 4 percent of the overall cleared population of more than 5 million, and has access to the most sensitive and potentially damaging national security information.
Posted by Adam Mazmanian on Mar 31, 2014 at 10:05 AM