FIPS 201 requires new scrutiny of contractors

FIPS Publication 201: Personal Identity Verification of Federal Employees and Contractors

A surge in background investigations of federal employees and contractors could begin in October as agencies prepare to comply with a new governmentwide standard for personal identity credentials.

The Office of Personnel Management, which will conduct the investigations, has no idea how many will be requested. "It could be a lot," said Kathy Dillaman, deputy associate director of investigations at OPM's Center for Federal Investigative Services.

To gain access to federal buildings and information systems, employees and contractors will have to use identity credentials that meet the specifications of Federal Information Processing Standard (FIPS) 201. That standard requires agencies to conduct background checks on all new federal employees and a potentially large number of federal contractors before issuing identity credentials.

Most current federal employees have already been fingerprinted and had their backgrounds checked. They will not need to go through the process again.

Dillaman expects that background investigations on federal contractors will account for the greatest workload increase. Many agencies rely on contractors who have not undergone previous background checks because their work does not affect national security, Dillaman said. But under the mandatory FIPS 201 standard, those contractors will need background checks for the first time, she said.

The prospect of a background investigation could create anxiety for those who have not gone through the process before, Dillaman said. "When you're told someone's going to do a background investigation on you, of course that can be an unsettling thing," she said.

On the other hand, OPM's procedures ensure a high level of data privacy, security and accuracy, Dillaman said. OPM does not use the databases of companies such as ChoicePoint, LexisNexis and Acxiom when it conducts background checks, she said. Those companies have come under congressional scrutiny for failing to protect the personal data stored in their databases.

A prominent privacy expert who is often critical of the government for mishandling data gives OPM credit for its investigative procedures. "The federal government really knows its stuff on conducting background checks and tends to be very fair," said Pam Dixon, executive director of the World Privacy Forum, a nonprofit group that focuses on technology-related privacy issues.

However, when employees or contractors are denied identity credentials or have their credentials revoked, they should have an opportunity to appeal, Dixon said. OPM should give agencies new guidelines on handling such appeals fairly, she said, noting that today's standard adjudication procedures for background checks "did not anticipate the role that identity theft plays in messing up people's backgrounds."

Dillaman said the basic elements of a background investigation haven't changed as a result of FIPS 201.

At a minimum, the investigation requires OPM officials to complete a process known as a National Agency Check with Inquiries.

For the National Agency Check, OPM will query the Security/Suitability Investigations Index, Defense Clearance and Investigation Index, FBI Name Check, and FBI National Criminal History Fingerprint Check databases. The National Agency Check must be completed before agencies can issue identity credentials.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.

Featured

  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from Shutterstock.com

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group