FIPS 201 requires new scrutiny of contractors

FIPS Publication 201: Personal Identity Verification of Federal Employees and Contractors

A surge in background investigations of federal employees and contractors could begin in October as agencies prepare to comply with a new governmentwide standard for personal identity credentials.

The Office of Personnel Management, which will conduct the investigations, has no idea how many will be requested. "It could be a lot," said Kathy Dillaman, deputy associate director of investigations at OPM's Center for Federal Investigative Services.

To gain access to federal buildings and information systems, employees and contractors will have to use identity credentials that meet the specifications of Federal Information Processing Standard (FIPS) 201. That standard requires agencies to conduct background checks on all new federal employees and a potentially large number of federal contractors before issuing identity credentials.

Most current federal employees have already been fingerprinted and had their backgrounds checked. They will not need to go through the process again.

Dillaman expects that background investigations on federal contractors will account for the greatest workload increase. Many agencies rely on contractors who have not undergone previous background checks because their work does not affect national security, Dillaman said. But under the mandatory FIPS 201 standard, those contractors will need background checks for the first time, she said.

The prospect of a background investigation could create anxiety for those who have not gone through the process before, Dillaman said. "When you're told someone's going to do a background investigation on you, of course that can be an unsettling thing," she said.

On the other hand, OPM's procedures ensure a high level of data privacy, security and accuracy, Dillaman said. OPM does not use the databases of companies such as ChoicePoint, LexisNexis and Acxiom when it conducts background checks, she said. Those companies have come under congressional scrutiny for failing to protect the personal data stored in their databases.

A prominent privacy expert who is often critical of the government for mishandling data gives OPM credit for its investigative procedures. "The federal government really knows its stuff on conducting background checks and tends to be very fair," said Pam Dixon, executive director of the World Privacy Forum, a nonprofit group that focuses on technology-related privacy issues.

However, when employees or contractors are denied identity credentials or have their credentials revoked, they should have an opportunity to appeal, Dixon said. OPM should give agencies new guidelines on handling such appeals fairly, she said, noting that today's standard adjudication procedures for background checks "did not anticipate the role that identity theft plays in messing up people's backgrounds."

Dillaman said the basic elements of a background investigation haven't changed as a result of FIPS 201.

At a minimum, the investigation requires OPM officials to complete a process known as a National Agency Check with Inquiries.

For the National Agency Check, OPM will query the Security/Suitability Investigations Index, Defense Clearance and Investigation Index, FBI Name Check, and FBI National Criminal History Fingerprint Check databases. The National Agency Check must be completed before agencies can issue identity credentials.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • Social network, census

    5 predictions for federal IT in 2017

    As the Trump team takes control, here's what the tech community can expect.

  • Rep. Gerald Connolly

    Connolly warns on workforce changes

    The ranking member of the House Oversight Committee's Government Operations panel warns that Congress will look to legislate changes to the federal workforce.

  • President Donald J. Trump delivers his inaugural address

    How will Trump lead on tech?

    The businessman turned reality star turned U.S. president clearly has mastered Twitter, but what will his administration mean for broader technology issues?

  • Login.gov moving ahead

    The bid to establish a single login for accessing government services is moving again on the last full day of the Obama presidency.

  • Shutterstock image (by Jirsak): customer care, relationship management, and leadership concept.

    Obama wraps up security clearance reforms

    In a last-minute executive order, President Obama institutes structural reforms to the security clearance process designed to create a more unified system across government agencies.

  • Shutterstock image: breached lock.

    What cyber can learn from counterterrorism

    The U.S. has to look at its experience in developing post-9/11 counterterrorism policies to inform efforts to formalize cybersecurity policies, says a senior official.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group