TheConversation

Blog archive

What 'continuous monitoring' means in the clearance context

thumbprint

FCW recently reported on plans by the administration to use continuous monitoring for security clearances for feds and contractors.

One reader wondered how this would work in practice:

"Will this eliminate the need for the [five- and 10-year] re-evaluations for [top secret and secret] clearances? What criteria will be used for this collection of data? Traffic stops, speeding tickets, arrests, credit scores, late payments?"

Adam Mazmanian responds:

As with any policy, the devil is in the details. The Security Clearance Reform Act, sponsored by Rep. Stephen Lynch (D-Mass.), would include financial credit history, currency transactions, court records, traffic violations, arrests, and foreign travel as areas to be examined.. This would require access to a mix of consumer databases and records of local and state law enforcement, as well as federal financial regulators. That tracks with other proposals made by experts in congressional testimony and those coming from the administration.

It's not just insider threats like Edward Snowden that drive the need for changes to policy. The government can't keep up with the required periodic reinvestigations of cleared personnel. About 22 percent of those eligible for access to classified information have outdated clearances, according to a recent report from the Office of Management and Budget.

Designing a system that gets inputs from those disparate systems and checks them accurately against feds and contractors holding secret and top secret clearances won't be easy. A study by the Intelligence and National Security Alliance suggests increasing the use of an existing self-reporting tool, the Standard Form 86 certification, which allows cleared personnel to report changes to their personal or financial status, report arrests, foreign contacts and other information.

Cleared individuals could file an updated form annually through a secure website, to provide a basis for automated checks. The self-reporting process would help provide a "clearance health" baseline for important information, and free up time for investigators to deal with the most important cases. The report's authors advise making the annual updates mandatory, and advising cleared personnel of the serious consequences of submitting false information.

The INSA report argues that a centralized, self-reporting system also has the advantage of helping track the access of feds and contractors who might be cleared for information at multiple agencies. Individuals with the most sensitive access could be given priority for investigative checks. The report suggests testing a new continuous monitoring system with individuals cleared to access "sensitive compartmented information" systems – this group is only about 4 percent of the overall cleared population of more than 5 million, and has access to the most sensitive and potentially damaging national security information.

Posted by Adam Mazmanian on Mar 31, 2014 at 10:05 AM


The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Tue, Apr 1, 2014

It means never-ending circles of paperwork that result in little, if anything. It also means a endless career for people who push such paper. A total waste of time!

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group