This is the accessible text file for GAO report number GAO-09-351 
entitled 'Contingency Contract Management: DOD Needs to Develop and 
Finalize Background Screening and Other Standards for Private Security 
Contractors' which was released on July 31, 2009. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Report to Congressional Committees: 

United States Government Accountability Office: 
GAO: 

July 2009: 

Contingency Contract Management: 

DOD Needs to Develop and Finalize Background Screening and Other 
Standards for Private Security Contractors: 

GAO-09-351: 

GAO Highlights: 

Highlights of GAO-09-351, a report to congressional committees. 

Why GAO Did This Study: 

Currently in Iraq, there are thousands of private security contractor 
(PSC) personnel supporting DOD and State, many of whom are foreign 
nationals. Congressional concerns about the selection, training, 
equipping, and conduct of personnel performing private security 
functions in Iraq are reflected in a provision in the fiscal year 2008 
National Defense Authorization Act (NDAA) that directs DOD to develop 
guidance on PSCs. This report examines the extent (1) that DOD and 
State have developed and implemented policies and procedures to ensure 
that the backgrounds of PSC employees have been screened and (2) that 
DOD has developed guidance to implement the provisions of the NDAA and 
(3) that DOD and State have addressed measures on other issues related 
to PSC employees in Iraq. To address these objectives, GAO reviewed DOD 
and State guidance, policies, and contract oversight documentation and 
interviewed agency and private security industry officials. 

What GAO Found: 

State and DOD have developed policies and procedures to conduct 
background screenings of PSC personnel working in Iraq who are U.S. 
citizens, but only State has done so for foreign nationals. Homeland 
Security Presidential Directive 12 (HSPD-12) directs U.S. government 
agencies to establish minimum background screening requirements in 
order to issue access credentials. But DOD has not developed 
departmentwide procedures for conducting background screenings of its 
foreign national PSC personnel. Disagreements among the various DOD 
offices responsible for developing and implementing these policies and 
procedures hindered timely execution of the HSPD-12 requirements, and 
the completion of this development and implementation has been hampered 
by the lack of a focal point to resolve these disagreements. For 
example, officials at the Office of the Under Secretary of Defense for 
Intelligence interpret HSPD-12 as requiring a government screening 
process for foreign national contractor personnel that is equivalent to 
the National Agency Check with Written Inquiries (NACI) currently used 
for U.S. citizen contractor personnel. But officials at the Office of 
the Under Secretary of Defense for Acquisition, Technology, and 
Logistics maintain that a NACI-equivalent screening for foreign 
nationals would not be feasible, given the inherent difficulty of 
screening foreign nationals and the inconsistent quality of criminal 
and employment records from one country to another, and further, such 
an approach would will severely limit the numbers of foreign national 
contractor personnel DOD could use. The offices also differ as to who 
should approve background screenings, known as adjudication. The 
Commander of Multi-National Forces-Iraq has established a screening 
process for PSCs, but GAO has identified several shortcomings that 
limit the effectiveness of this process. For example, the process 
directs contractors to obtain background screening for entities that 
will not provide data to contractors. While DOD has acknowledged the 
inherent force protection risk it assumes when using contractor 
employees, without the timely development of standardized policies and 
procedures, DOD lacks full assurance that all its PSCs are properly 
screened. 

While DOD is developing guidance to meet the requirements of the 2008 
National Defense Authorization Act, the draft guidance does not meet 
all of the requirements of that act. For example, the draft guidance 
does not address the requirement for establishing minimum standards for 
background screening of PSCs. Instead it directs the combatant 
commanders to establish standards for their respective areas of 
responsibility, though it does not establish time frames within which 
they should do so. Without addressing these concerns, DODís draft 
guidance only partially meets the requirements of the 2008 National 
Defense Authorization Act. 

DOD and State have taken actions on other issues related to PSCs in 
Iraq. For example, they have implemented similar processes to ensure 
that PSC personnel are trained, and to account for PSC weapons. Both 
agencies have also developed policies related to alcohol use by PSCs. 

What GAO Recommends: 

GAO recommends that the Secretary of Defense designate a focal point to 
ensure that the appropriate DOD offices coordinate, develop, and 
implement policies on background screenings and that DOD establish 
standards to meet the requirements of the 2008 NDAA and inform Congress 
as to when the guidance will be completed. DOD concurred with two 
recommendations and partially concurred with three. 

View [hyperlink, http://www.gao.gov/products/GAO-09-351] or key 
components. For more information, contact William M. Solis, (202) 512-
8365, solisw@gao.gov. 

[End of section] 

Contents: 

Letter: 

Results in Brief: 

Background: 

State and DOD Have Developed Procedures to Conduct Background 
Screenings of U.S. Citizens; Only State Has Developed Departmentwide 
Procedures to Screen Foreign and Local National Personnel: 

Draft DOD Regulation Does Not Fully Meet the Legislative Requirements 
of Section 862 of the National Defense Authorization Act for Fiscal 
Year 2008: 

State and DOD Have Developed Policies and Processes on Other Private 
Security Issues Including Training, Weapons Accountability, and 
Alcohol: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluation: 

Appendix I: Objectives, Scope, and Methodology: 

Appendix II: Comments from the Department of Defense: 

Related GAO Products: 

Abbreviations: 

AT&L: Under Secretary of Defense for Acquisition, Technology, and 
Logistics: 

DCMA: Defense Contract Management Agency: 

DOD: Department of Defense: 

HSPD-12: Homeland Security Presidential Directive 12: 

JCC-I/A: Joint Contracting Command-Iraq/Afghanistan: 

MNC-I: Multi-National Corps-Iraq: 

MNF-I: Multi-National Force-Iraq: 

NACI: National Agency Check with Written Inquiries: 

NDAA: National Defense Authorization Act: 

PSC: private security contractor: 

USD-I: Under Secretary of Defense for Intelligence: 

[End of section] 

United States Government Accountability Office: 
Washington, DC 20548: 

July 31, 2009: 

Congressional Committees: 

In Iraq, security concerns have led both the Department of Defense 
(DOD) and Department of State (State) to rely upon armed private 
security contractors to perform a variety of important security 
functions. These functions include providing static security for the 
United States--that is, controlling buildings and facilities, providing 
security for high-ranking U.S. officials, and escorting supply convoys. 
According to a June 2009 report by the Commission on Wartime 
Contracting in Iraq and Afghanistan[Footnote 1], DOD and State estimate 
that more than 16,263 armed private security personnel (12,942 with 
DOD, 3,321 with State) are working in Iraq under contracts with the 
U.S. government. [Footnote 2] According to these estimates 77 percent 
of private security contractor personnel are foreign nationals, 11 
percent are Iraq nationals, and 12 percent are U.S. citizens or 
citizens of coalition countries, such as those from the United Kingdom 
and Australia. 

DOD and State private security contractors subject prospective 
employees to background screenings that typically include searches of 
past criminal activity and a credit check. However, our past work and 
the work of others have raised concerns about the approaches taken by 
the U.S. government to ensure that background screenings are complete 
and thorough. For example, in 2006 we reported that DOD and private 
security contractors had difficulty conducting comprehensive background 
screening for U.S. and foreign nationals because of inaccurate, 
missing, or inaccessible data.[Footnote 3] Additionally, we reported 
that military commanders and other military officials were concerned 
about the risks that contractor personnel, particularly foreign and 
local nationals, posed to U.S. forces due to limitations in the 
background screening process. Furthermore, there have been 
congressional concerns about the selection, training, equipping, and 
conduct of personnel performing private security functions in Iraq. 
These concerns are reflected in Section 862 of the National Defense 
Authorization Act for fiscal year 2008 which directs the Secretary of 
Defense, in coordination with the Secretary of State, to prescribe 
regulations by May 2008 for the use of private security contractors in 
an area of combat operations. 

In July 2008, we reported that DOD and State had improved oversight and 
coordination over private security contractors in Iraq but we also 
raised concerns about the ability to sustain the oversight needed and 
indicated that we would issue a follow-on report on other private 
security contractor issues related to selection, training, and weapons 
accountability as well as DOD's implementation of provisions of Section 
862 of the National Defense Authorization Act for fiscal year 2008. 
[Footnote 4] This report addresses those issues and expands upon the 
extent to which DOD and State have taken measures to ensure that 
private security contractor personnel have been screened. Due to broad 
congressional interest, we have conducted this engagement under the 
authority of the Comptroller General to conduct evaluations at his own 
initiative. Specifically, our objectives were to determine (1) the 
extent to which DOD and State have developed and implemented policies 
and procedures to ensure that the backgrounds of private security 
contractor personnel have been screened, (2) the extent to which DOD 
has developed guidance to address the elements of Section 862 of the 
National Defense Authorization Act for fiscal year 2008, and (3) the 
measures the two agencies have taken to ensure that private security 
contractor personnel are trained, the steps taken to account for 
private security contractor weapons, and the development of policies to 
govern alcohol use among private security contractor personnel in Iraq. 

To address these objectives we reviewed DOD and State documentation, 
including contract materials, government policies, and records of 
government reviews and inspections. We interviewed officials from 
various DOD and State offices, including the offices of the Under 
Secretary of Defense for Personnel and Readiness, the Under Secretary 
of Defense for Acquisitions, Technology, and Logistics, the Under 
Secretary of Defense for Intelligence, and State's Bureau of Diplomatic 
Security. In Iraq we met with DOD officials, including contracting 
officials at the Joint Contracting Command-Iraq/Afghanistan and the 
Defense Contract Management Agency, as well as officials within Multi- 
National Forces-Iraq. We also met with State Department officials in 
Iraq responsible for oversight of the State's Worldwide Personal 
Protective Services contract, including the Regional Security Officer. 
To obtain the industry's perspective on these issues, we interviewed 
officials from two private security industry associations and officials 
from 11 private security firms who currently provide or have recently 
provided private security services in Iraq. To corroborate statements 
about training by DOD and State officials and private security firms, 
we reviewed 215 compliance audit checklists from DOD inspections that 
were conducted from March 2008 to January 2009. Similarly, we obtained 
and reviewed the two most recent inspection reports for each of State's 
three Worldwide Personal Protective Services contractors. We did not 
evaluate the quality of training provided by DOD and State. 

We conducted this performance audit from August 2008 through June 2009, 
in accordance with generally accepted government auditing standards. 
Those standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on audit objectives. We believe that the 
evidence obtained provides a reasonable basis for our findings and 
conclusions based on our audit objectives. A detailed description of 
our scope and methodology is included in appendix I of this report. 

Results in Brief: 

The Departments of State and Defense have both developed policies and 
procedures to conduct background screenings of private security 
contractor personnel working in Iraq who are U.S. citizens; however, 
only State has developed and implemented standardized policies and 
procedures to screen foreign national personnel, including those 
employed by private security contractors. Homeland Security 
Presidential Directive 12 (HSPD-12) directs U.S. government agencies to 
establish minimum background screening requirements to be met before 
employees and contractors can be issued an access credential. State has 
developed a procedure for conducting background investigations of its 
contractor personnel, U.S. citizens, and foreign and local nationals 
which, according to State officials, meets the requirements of HSPD-12. 
By contrast, DOD has not, as of June 2009, developed departmentwide 
procedures for conducting background screenings of its foreign and 
local national private security contractor personnel. The completion of 
minimum standards and background screening procedures has been hampered 
by a lack of a focal point to resolve disagreements among the various 
DOD offices responsible for developing and implementing background 
screening policy and procedures. These disagreements have hindered 
timely execution of the HSPD-12 requirements, as illustrated by the 
following. 

* With regard to the screening process, officials within the Under 
Secretary of Defense for Intelligence (USD-I) have interpreted HSPD-12 
as requiring a government screening process for foreign national 
contractor personnel (including local national contractor employees) 
that would be equivalent to the background screening conducted for U.S. 
citizen contractor personnel. Officials within another DOD office, the 
Under Secretary of Defense for Acquisition, Technology, and Logistics 
(AT&L), maintain that this approach is unrealistic and will severely 
limit the numbers of foreign national contractor personnel the 
department could use to support U.S. forces in contingency operations. 
AT&L noted that conducting an equivalent screening for foreign 
nationals would not be feasible, given the inherent difficulty of 
screening foreign nationals and the inconsistent quality of criminal 
and employment records from one country to another. As we reported in 
2006, commanders are responsible for the safety and security of their 
installations.[Footnote 5] AT&L believes that processes established by 
combatant commanders to screen contractors, such as those in Iraq, in 
conjunction with contractor-led background screenings, provides 
reasonable assurance that the security risk posed by foreign national 
contractor personnel is minimal. 

* With regard to the process of approving background screenings, known 
as adjudication, AT&L officials stated that U.S. government employees 
serving as contracting officer's representatives are the final 
adjudicators of background screening results. USD-I officials, however, 
disagree with AT&L contending that DOD policy prohibits the contracting 
officer representatives from being final adjudicators and noting that 
contracting officer representatives lack the necessary training and 
time to do so. 

In Iraq, the Commander, Multi-National Forces-Iraq (MNF-I), has 
established a process aimed at ensuring that all private security 
contractors, including U.S. citizens, Iraqi nationals, and other 
foreign nationals have been screened. However, we identified several 
shortcomings that limit the effectiveness of this process. For example, 
contractors do not have access to many of the data sources they are 
required to use to screen employees, such as databases maintained by 
the Federal Bureau of Investigation (FBI) and the Central Intelligence 
Agency (CIA). Additionally, as we have previously reported, contractors 
have access to a limited range of criminal records data, and there may 
be limited data on foreign national contractor personnel who may have 
spent minimal if any time in the United States. [Footnote 6] 
Furthermore, officials we spoke to from the office in Iraq responsible 
for approving private security contractor requests to carry weapons did 
not have a full understanding of how contractors conducted their 
background screenings. Without the timely development and 
implementation of standardized policy and guidance that is compliant 
with overall U.S. government policy, and without greater understanding 
at the contracting officer representative and combatant command level 
of what a proper background screening and adjudication should entail, 
DOD lacks full assurance that all of its private security contractor 
personnel have been properly screened. 

While DOD has developed a draft interim final rule intended to meet the 
requirements of Section 862 of the National Defense Authorization Act 
of Fiscal Year 2008, hereafter referred to as Section 862 of the FY2008 
NDAA, our analysis of a May 2009 version of the draft regulation 
indicates that it does not address all of the requirements of the law. 
For example, the draft delegates the responsibility of developing 
specific private security contractor guidance and procedures to the 
geographic combatant commanders without fully establishing all of the 
minimum processes as required under Section 862. The law directs DOD to 
develop requirements for the screening and security of private security 
contractor personnel and the draft instructs geographic combatant 
commanders to develop procedures consistent with principles established 
in existing DOD instructions and directives. However, while the draft 
makes reference to existing DOD regulations about these areas, neither 
the draft nor the referenced documents articulate a process or 
requirements that geographic combatant commanders can use to ensure 
that all private security contractor personnel meet screening and 
security requirements. In addition, while the law instructs that DOD 
develop minimum processes and requirements for private security 
contractor personnel operating in an area of combat operations, which 
by definition includes both Iraq and Afghanistan, the draft regulation 
only points to an agreement between DOD and State that is specific to 
Iraq and directs it be used as a framework for the development of 
guidance and procedures regardless of location. Moreover, the draft 
instruction does not establish time frames for the combatant commanders 
to develop such guidance and procedures. Without developing minimum 
departmentwide processes in a timely manner to assist commanders in 
developing theaterwide standards and a timeline for completion, DOD 
will not be able to ensure that its policies related to private 
security contractors are consistent across the geographic combatant 
commands and available at the onset of a combat operation. 
Additionally, the delay in publishing draft guidance to meet Section 
862 of the FY2008 NDAA has affected the completion of other 
requirements contained in the Act. For example, because the guidance 
has not been finalized, the Federal Acquisition Regulation has not been 
revised to require the insertion into each covered contract or task 
order a contract clause addressing the selection, training, equipping, 
and conduct of personnel performing private security functions under 
contracts. 

The Departments of State and Defense have also taken actions on other 
issues related to private security contractors in Iraq. For example, 
State and DOD have implemented similar processes to determine if 
private security contractor personnel have been trained. These 
processes include periodic reviews of contractor training records and 
site visits to contractor training facilities in Iraq. The departments 
have also developed and implemented processes to account for private 
security contractor weapons that include periodic weapons inventories. 
In addition, private security contractors indicated that the government 
of Iraq also conducts periodic inventories of weapons. State, DOD, and 
private security contractors have also developed and implemented 
policies related to the use of alcohol by private security contractor 
personnel. 

We are making five recommendations to DOD to establish a focal point to 
ensure that the appropriate offices in DOD coordinate, develop, and 
implement policies and procedures to conduct and adjudicate background 
screenings in a timely manner; establish minimum processes and 
requirements for the selection, accountability, training, equipping, 
and conduct of personnel performing private security functions; direct 
the geographic combatant commanders to develop and publish regulations, 
orders, directives, instructions, and procedures for private security 
contractors operating during a contingency operation within their area 
of responsibility; provide a report to Congress with the timelines for 
completing the minimum processes discussed in the recommendation above; 
and revise the Federal Acquisition Regulation to require the insertion 
into each covered contract a clause addressing the selection, training, 
equipping, and conduct of personnel performing private security 
functions under these contracts. In commenting on a draft of this 
report, DOD concurred with two of the five recommendations and 
partially concurred with three. DOD partially concurred with our 
recommendation that a focal point be established, our recommendation 
that minimum process and requirements be developed regarding private 
security contractor personnel, and our recommendation that DOD direct 
the geographic combatant commanders to develop and publish procedures 
for private security contractors operating within their area of 
responsibility. DOD commented that they have already or are in the 
process of implementing aspects of our recommendations. However, we do 
not believe that DOD's response thoroughly addressed the intent of our 
recommendations and believe that all of our recommendations remain 
valid. The full text of DOD's written comments is reprinted in appendix 
II. 

Background: 

Private security contractors are defined as private companies, or 
personnel, that provide physical security for persons, places, 
buildings, facilities, supplies, or means of transportation. These 
contractors provide security services for a variety of U.S. government 
agencies in Iraq; however, they are principally hired by DOD and State. 
DOD private security services contracts include a contract to provide 
security for DOD--controlled facilities in Iraq, known as the Theater 
Wide Internal Security Services contract. According to DOD officials, 
four contractors employing more than 8,000 guards, supervisors, and 
operations personnel are performing task orders issued under their 
contracts. The State Department's private security services contracts 
include a contract to provide security and support, known as the 
Worldwide Personal Protective Services contract, a contract to provide 
security for the U.S. Embassy Baghdad, and a security contract managed 
by State's Bureau of International Narcotics and Law Enforcement 
Affairs. 

In August 2004, the President issued HSPD-12 to require that United 
States government agencies (including DOD and State) collaborate to 
develop a federal standard for secure and reliable forms of 
identification for all U.S. government employees and contractors 
needing regular physical access to federal facilities. In February 
2005, to comply with HSPD-12, the Department of Commerce's National 
Institute of Standards and Technology issued implementing guidance; the 
Federal Information Processing Standards 201-1, which define a 
governmentwide personal identification verification system. HSPD-12 
requires that all U.S. government agencies mandate the use of the 
standard identification credential for all employees and contractors-- 
U.S. citizens and foreign nationals alike--who need regular physical 
access to federal facilities, including U.S. military installations 
abroad. As part of this process, all U.S. government employees and 
contractors who are issued an approved credential are to undergo a 
National Agency Check with Written Inquiries (NACI)[Footnote 7], or, at 
minimum, an FBI National Criminal History Check (a fingerprint check 
against a FBI database). We have previously reported on the challenges 
associated with applying a similar process to foreign nationals, 
including the limited applicability of U.S.-based databases of the 
names of criminals to foreign nationals.[Footnote 8] Federal 
Information Processing Standard 201-1 applies to foreign nationals 
working for the U.S. government overseas and requires a process for 
registration and approval using a State Bureau of Diplomatic Security 
approved method, except in the case of employees under the command of a 
U.S. area military commander. However, the standards do not offer any 
guidance as to what process should be used overseas. In addition to the 
HSPD-12 requirements, DOD and State have been instructed to comply with 
other requirements intended to protect the safety of property and 
personnel. For example, DOD policy makes military commanders 
responsible for enforcing security measures intended to ensure that 
property and personnel are protected.[Footnote 9] Likewise, the Omnibus 
Diplomatic Security and Antiterrorism Act of 1986 requires the 
Secretary of State to develop and implement policies and programs, 
including funding levels and standards, to provide for the security of 
U.S. government diplomatic operations abroad.[Footnote 10] 

Section 862 of the FY2008 NDAA[Footnote 11] requires that the Secretary 
of Defense, in coordination with the Secretary of State, prescribe 
regulations on the selection, training, equipping, and conduct of 
personnel performing private security functions under a covered 
contract[Footnote 12] in an area of combat operations. Section 862 of 
the FY2008 NDAA states that the regulations shall, at a minimum, 
establish processes to be used in an area of combat operations for the 
following: 

* registering, processing, accounting for, and keeping appropriate 
records of personnel performing private security functions; 

* authorizing and accounting for weapons to be carried by, or available 
to be used by, personnel performing private security; and: 

* registration and identification of armored vehicles, helicopters, and 
other military vehicles operated by contractors performing private 
security functions. 

In addition, the regulations shall establish requirements for 
qualification, training, screening (including, if practicable, through 
background checks), and security for personnel performing private 
security functions in an area of combat operations. 

Section 862 of the FY2008 NDAA also states that the regulations must 
establish a process by which to report the following incidents: (1) a 
weapon is discharged by personnel performing private security functions 
in an area of combat operations; (2) personnel performing private 
security functions in an area of combat operations are killed or 
injured; (3) persons are killed or injured, or property is destroyed, 
as a result of conduct by contractor personnel; (4) a weapon is 
discharged against personnel performing private security functions in 
an area of combat operations; or (5) active, non-lethal countermeasures 
are employed by the personnel performing private security functions in 
an area of combat operations in response to a perceived immediate 
threat to these personnel. In addition, the regulations must establish 
a process for the independent review and, if practicable, investigation 
of these incidents and incidents of alleged misconduct by personnel 
performing private security functions in an area of combat operations. 
The regulations are also to include guidance to the combatant 
commanders on the issuance of (1) orders, directives, and instructions 
to private security contractors regarding, for example, security and 
equipment; (2) predeployment training requirements; and (3) rules on 
the use of force. 

Fragmentary orders also establish guidance and requirements governing 
private security contractors in Iraq. In December 2007, MNF-I issued 
Fragmentary Order 07-428 to consolidate what previously had been 
between 40 and 50 separate fragmentary orders relating to regulations 
applicable to private security contractors in Iraq. The fragmentary 
order establishes authorities, responsibilities and coordination 
requirements for MNC-I to provide oversight for all armed DOD 
contractors and civilians in Iraq including private security 
contractors. In March 2009, MNF-I superseded this order by issuing 
Fragmentary Order 09-109. This Fragmentary Order contains information 
related to the roles and responsibilities of contract oversight 
personnel and required contract clauses including clauses related to 
background screening, training, and weapons accountability. One such 
clause requires that all contractors working in the Iraq theater of 
operations shall comply with and shall ensure that their personnel 
supporting MNF-I forces are familiar with and comply with all 
applicable orders, directives, and instructions issued by the MNF-I 
Commander relating to force protection and safety. 

State and DOD Have Developed Procedures to Conduct Background 
Screenings of U.S. Citizens; Only State Has Developed Departmentwide 
Procedures to Screen Foreign and Local National Personnel: 

State Has Developed a Background Screening Process for Private Security 
Contractor Personnel, Including Foreign and Local National Personnel: 

State has developed a process for conducting background screenings of 
its private security contractor personnel, U.S. citizens, and foreign 
and local nationals alike, which, according to State officials, meets 
the requirements of HSPD-12. Initially, private security contractors 
submit the resumes of all prospective employees to be reviewed by a 
State Department contracting officer representative. After this 
prescreening, the Worldwide Personal Protective Services contract 
requires firms to screen employees using a screening process approved 
by State's Bureau of Diplomatic Security. The process includes 
examining a prospective employee's past work history, police records, 
prior military service, and a credit check. The contractor is 
responsible for reviewing the results of the initial screening and, 
based on the results, forwards a list of the candidates to the 
contracting officer representative. Then, State's Bureau of Diplomatic 
Security conducts and adjudicates its own background investigation of 
prospective employees. All personnel performing work on the contract 
must possess a security clearance, a determination of eligibility for 
moderate or high-risk public trust positions, or have had an 
investigative check conducted by regional security officers of local or 
foreign nationals equivalent to the public trust determination required 
for the position. According to State Department officials, the 
department requires that foreign national private security contractor 
personnel have a Moderate Risk Public Trust determination, which is 
equivalent to a Secret clearance, but it does not grant access to 
classified information. The Moderate Risk Public Trust determination 
includes checking a prospective contractor employee's name against both 
local and national data sources. These data sources include the 
consular name-check database that is used by U.S. embassies to access 
information used to approve or deny visa applications. The system 
contains records provided by numerous U.S. agencies and includes 
information on persons with visa refusals, immigration violations, 
criminal histories, and terrorism concerns. In addition, prospective 
employees are screened by Regional Security Officers in the U.S. 
embassy in their home countries and if necessary, the Regional Security 
Officers may interview prospective employees. For example, when State 
Department officials in Uganda uncovered prospective employees using 
false documentation, the certificates were not granted to Ugandans 
until the Regional Security Officer had completed a personal interview. 
Moreover, in Iraq, prospective Iraqi employees sometimes undergo 
polygraph examinations. State Department officials told us that this 
process was HSPD-12-compliant based on their interpretation of an 
Office of Management and Budget memorandum that states that 
investigations related to making a public trust determination can be 
sufficient to meet HSPD-12 requirements. 

DOD Has Developed Procedures to Conduct Background Screenings of 
Private Security Contractor Personnel Who Are U.S. Citizens but Has Not 
Developed Procedures to Screen Foreign and Local Nationals: 

Federal Information Processing Standards 201-1 require that contractor 
personnel, including private security contractors in Iraq, undergo a 
National Agency Check with Written Inquiries investigation or its 
equivalent prior to being issued an access credential. While DOD has 
established procedures to apply this requirement to private security 
contractor personnel who are U.S. citizens, it has not, as of June 
2009, developed a process and procedures to apply this requirement to 
foreign and local nationals. According to DOD Instruction 3020.41, the 
comprehensive policy document on the management of contractors 
authorized to accompany the Armed Forces, USD-I is responsible for 
developing and implementing procedures for conducting background 
screenings of contractor personnel authorized to accompany the U.S. 
Armed Forces. The instruction, which was issued in October 2005 by the 
Under Secretary of Defense for Acquisition, Technology, and Logistics 
(AT&L), also directs USD-I to coordinate with AT&L, to develop these 
procedures, and to draft appropriate contract clauses. In November 
2008, DOD issued a Directive-Type Memorandum to begin the process of 
bringing DOD policy into alignment with HSPD-12. [Footnote 13] However, 
while the memorandum directs USD-I to coordinate with AT&L and the 
Office of the Under Secretary of Defense for Personnel and Readiness 
(P&R) to develop the department's policy for conducting background 
screenings of contractor personnel, it does not provide specifics on 
what the policy should contain. P&R, the office responsible for DOD's 
HSPD-12 compliance, is currently drafting a DOD Instruction that 
includes standards for conducting background screenings of U.S. 
citizens, but does not yet include standards for screening foreign 
nationals because according to officials from P&R, they have not 
received input from USD-I. As of May 2009, USD-I officials were unable 
to provide an estimate of when the foreign national screening standards 
would be complete. 

The lack of a focal point to resolve disagreements among the offices 
responsible for developing and implementing DOD's background screening 
policies and procedures has hindered timely execution of the HSPD-12 
requirements. For example, officials from USD-I have interpreted HSPD- 
12 as requiring a government screening and adjudication process for 
foreign nationals that would be equivalent to the National Agency Check 
with Written Inquiries investigation used for U.S. citizens. Officials 
within AT&L maintain that this approach is unrealistic and would 
severely limit the numbers of foreign national contractor personnel the 
department could use to support U.S. forces in contingency operations. 
According to AT&L officials a National Agency Check with Written 
Inquiries equivalent screening for foreign nationals would not be 
feasible, given the difficulty of screening foreign nationals and the 
inconsistent quality of criminal and employment records from one 
country to another. As previously noted, private security contractors 
currently conduct their own background screenings of prospective 
employees. Based on these results, firms make final hiring decisions. 
AT&L officials believe that contractor-led background screenings, in 
conjunction with processes established by combatant commanders to 
screen contractors, such as those in place in Iraq, provides reasonable 
assurance that the security risk posed by foreign national contractor 
personnel is minimal. As we reported in 2006, commanders are 
responsible for the safety and security of their installations. 
[Footnote 14] 

Additionally, AT&L officials maintain that U.S. government employees 
serving as contracting officer representatives are the final 
adjudicators of background screening results. However, USD(I) officials 
disagree and have stated that DOD policy prohibits contracting officer 
representatives from being final adjudicators, and note that they lack 
the necessary training and time to do so. As early as 2004 we noted 
that DOD had a lack of personnel available to provide oversight. 
[Footnote 15] Most recently we noted in our 2008 report that DOD was 
strained to provide a sufficient number of contract oversight personnel 
and military personnel needed better training on their responsibilities 
to provide contract oversight over private security contractors. 
[Footnote 16] An April 2009 report by the Special Inspector General for 
Iraq Reconstruction found similar concerns, noting that contracting 
officer representatives received limited training and had insufficient 
available time to devote to their oversight responsibilities.[Footnote 
17] As a result of these disagreements, DOD has not developed minimum 
background screening standards as required by DOD Instruction 3020.41 
and HSPD-12. While DOD has acknowledged the inherent force protection 
risk it assumes when using contractor personnel, without the 
development and implementation of departmentwide background screening 
procedures that apply to all private security contractor personnel, 
including foreign nationals, DOD does not have full assurance that all 
of its private security contractor personnel have been properly 
screened. 

In Iraq, MNF-I Has Established a Background Screening Process for DOD 
Private Security Contractors, but the Existing Process Has Several 
Shortcomings: 

By direction of the MNF-I commander, MNF-I, the U.S.-led military 
organization responsible for conducting the war in Iraq, has 
established a process in Iraq aimed at ensuring that all private 
security contractors, U.S. citizens, Iraqi nationals, and other foreign 
nationals providing security services to DOD have been screened. 
According to MNF-I guidance, which shall be incorporated into all 
contracts and solicitations where arming of contracted employees is 
contemplated in Iraq, private security contractors and subcontractors 
in Iraq are required to: 

* conduct background screenings of employees; 

* verify with the MNC-I[Footnote 18] Provost Marshal that no employee 
has been barred by any commander within Iraq; and: 

* certify after completing all checks that all persons armed under the 
contract are not prohibited under U.S. law from possessing a weapon or 
ammunition.[Footnote 19] 

In addition, in Iraq DOD has developed background screening measures 
that are intended to act as an additional safeguard after contractor- 
conducted screening procedures. For example, MNC-I officials told us 
that every private security contractor employee serving in Iraq also 
must receive a badge issued by MNF-I. According to officials, as part 
of the badge process, host and foreign national personnel are subjected 
to a background screening using several U.S. government automated 
systems and undergo an interview conducted by MNF-I intelligence 
officials. In addition, MNF-I guidance establishing minimum 
requirements for access to MNF-I installations throughout the Iraq 
Theater of Operations states that all host and foreign national private 
security contractor personnel are subjected to screening using an 
automated system unique to Iraq that collects biometric information 
such as photographs, fingerprints, and iris scans. 

While force protection officials we spoke with in Iraq were generally 
satisfied with the current background screening process and felt that 
it sufficiently accounted for the security of U.S. installations, our 
work identifies several shortcomings that limit the effectiveness of 
this process. For example, we found that some of the current background 
screening requirements established by MNF-I were unrealistic because 
they directed contractors to use data sources that were not readily 
available to private firms. According to MNF-I guidance, which shall be 
incorporated into all contracts and solicitations where arming of 
contracted employees is contemplated in Iraq, private security 
contractors should, to the extent possible, use FBI, Country of Origin 
Criminal Records, Country of Origin US Embassy Information Request, CIA 
records and/or any other equivalent records systems as sources. 
However, as we noted in our past work, contractors may not have access 
to certain data sources, such as FBI databases. Moreover, these data 
sources provide only limited data on foreign national contractor 
personnel who may have spent minimal if any time in the United States. 
[Footnote 20] While private companies may have access to other sources 
of background screening information, these data sources have similar 
limitations when applied to prospective foreign national personnel. As 
a result, contractors have adopted their own methods, such as obtaining 
Interpol-issued Certificates of Good Conduct, which one private 
security contractor official told us his company requires as a 
prerequisite to an interview. We reviewed a copy of one such 
certificate and observed that the certificate signifies that the bearer 
has never been the subject of a police inquiry. However, according to 
the official these certificates are not available in every country. 
Further, only the individual, and not the company, may obtain this 
certificate. Therefore, there may be incentives for prospective 
employees to forge or alter the certificates in order to gain 
employment. 

In addition, MNF-I officials we spoke to who were responsible for 
contractor oversight did not have a full understanding of the screening 
process, the process' limitations, or of how contractors conducted 
their background screenings. For example, MNF-I officials told us that 
the office responsible for approving civilian arming requests--known as 
the arming authority--reviewed background screening results prior to 
approving arming requests. However, officials from the arming authority 
stated that they did not see the results of the background screenings 
and did not interpret or adjudicate based on the results. Officials 
were also unaware of what the background screening entailed, and stated 
background screening was the private security contractor's 
responsibility. 

According to MNF-I officials, contracting officer representatives are 
responsible for ensuring that private security personnel files contain 
all of the necessary information, including background screening 
results. However, officials responsible for providing contract 
oversight in Iraq stated that contracting officers and contracting 
officer representatives only check to ensure that the correct 
documentation is maintained; they do not try to interpret or adjudicate 
the background screening results. Officials added that they are not 
trained to interpret or adjudicate the results. 

Moreover, while some of the name-checks and biometric data collection 
associated with issuing badges and requests for arming authority use 
data collected in Iraq, such as information collected from suspected 
insurgents, the current screenings rely primarily upon U.S.-based 
databases of criminal and terrorist information. As we have previously 
reported, background checks that are reliant upon U.S.-based databases, 
such as the automated process, described above, may not be effective in 
screening foreign nationals who have not lived or traveled to the 
United States. [Footnote 21] Without training to ensure that military 
commanders and contracting officials understand the department's 
policies and procedures for background screening as well as their roles 
and responsibilities, DOD will not have reasonable assurance that 
contractor personnel have been screened. 

The existing MNF-I process also does not provide contractors with 
standards on what the background screening should entail and how the 
results should be interpreted, particularly for foreign national 
personnel. According to MNF-I guidance, which shall be incorporated 
into all contracts and solicitations where arming of contracted 
employees is contemplated in Iraq, DOD private security contractors are 
required to develop a background screening plan and submit the results 
of the background screening to their contract's contracting officer 
representative upon completion. The Theater Wide Internal Security 
Services contract also requires that private security contractors 
conduct the appropriate criminal and financial background screenings 
identified in chapters 2 and 3 of Army Regulation 190-56.[Footnote 22] 
For example, the regulation requires that the contractor conduct a 
security screening check of applicants for security guard positions, to 
include a check of arrest and criminal history records of the state in 
which the prospective employee has resided during the most recent 5 
years. It also requires that prospective security contractor employees 
be subjected to a National Agency Check with Written Inquiries. 
However, the regulation does not provide instructions on how to apply 
these screenings to non-U.S. citizens. [Footnote 23] Our review of the 
background screening plans submitted by the four Theater Wide Internal 
Security Services contractors found that the processes the plans 
described were not consistent in their approach to screen personnel, 
particularly for foreign national personnel. Our review of the plans 
found that they did not provide specific details as to how the company 
would go about screening foreign nationals. For example, while one plan 
states that all prospective foreign national employees are subjected to 
a criminal record check, it does not explain what records will be 
checked, the time period examined, or how the company intends to 
evaluate derogatory information. Furthermore, one of the plans we 
reviewed failed to address screening foreign national personnel at all. 
The plans were generally more specific in their descriptions of how 
they intended to screen U.S. national personnel. However, as we have 
previously reported, contractors have access to a limited range of 
criminal records data, and particularly in foreign countries these data 
can be of questionable quality.[Footnote 24] Furthermore, while DOD 
officials in Iraq stated that they were comfortable that the screening 
process was sound because contractors' screening processes were part of 
the evaluation criteria used to award the contracts, as previously 
noted officials responsible for evaluating these plans have not been 
trained to do so. Without minimum standards screening firms will use 
varying techniques to screen personnel and DOD will not have reasonable 
assurance that a minimum level of safety and protection has been met. 

Draft DOD Regulation Does Not Fully Meet the Legislative Requirements 
of Section 862 of the National Defense Authorization Act for Fiscal 
Year 2008: 

Section 862 of the FY2008 NDAA directed the Secretary of Defense, in 
coordination with the Secretary of State, to develop regulations on the 
selection, training, equipping, and conduct of private security 
contractor personnel under a covered contract in an area of combat 
operations. The public law lists a number of minimum processes and 
requirements, which the regulations are to establish. While DOD has 
drafted an interim final rule[Footnote 25],which is intended to meet 
the requirements of the public law, our analysis of a May 2009 version 
of the draft regulation indicates that it does not address all of the 
requirements of the law. 

The draft delegates the responsibility of developing specific private 
security contractor guidance and procedures to the geographic combatant 
commanders without fully establishing all of the minimum processes as 
required under Section 862.[Footnote 26] For example, the law directs 
DOD to develop requirements for the screening and security of private 
security contractor personnel. The draft instructs geographic combatant 
commanders to develop procedures consistent with principles established 
in existing DOD instructions and directives.[Footnote 27] However, 
while the draft makes reference to existing DOD regulations regarding 
these areas, neither the draft nor the referenced documents articulate 
a process or requirements that geographic combatant commanders can use 
to ensure that all private security contractor personnel meet screening 
and security requirements.[Footnote 28] The draft regulation also 
establishes that all incidents listed in Section 862 (a)(2)(D)[Footnote 
29] shall be reported, documented, and independently reviewed or 
investigated. However, the regulation does not specify who should 
report or document incidents, what information should be recorded, how 
the incident should be investigated, or to whom the incident report 
should be sent. Furthermore, it leaves the implementation of procedures 
for reporting, reviewing, and investigating incidents to the combatant 
commanders. In addition, while the law instructs that DOD develop 
minimum processes and requirements for private security contractor 
personnel operating in an area of combat operations[Footnote 30],the 
draft regulation only points to an agreement between DOD and State that 
is specific to Iraq and directs it be used as a framework for the 
development of guidance and procedures regardless of location.[Footnote 
31] Specifically, the draft references a December 2007 Memorandum of 
Agreement between DOD and State, which provides that private security 
contractor personnel who wish to possess and carry firearms in Iraq, 
must fulfill the core standards of background checks, security 
clearances, training with annual refreshers on topics such as the rules 
for the use of force, weapons qualification consistent with U.S. Army 
standards, and use of weapon types authorized by DOD and State. 
[Footnote 32] As noted in our discussion on background screenings, 
absent minimum departmentwide processes, combatant commanders may 
develop less comprehensive guidance and procedures and the guidance and 
procedures developed may widely vary from theater-to-theater. Moreover, 
the draft regulation does not establish a time frame for combatant 
commanders to develop and issue the implementing guidance and 
procedures. Without developing minimum departmentwide processes in a 
timely manner to assist commanders in developing theaterwide standards 
and a timeline for completion, DOD will not be able to ensure that its 
policies related to private security contractors are consistent across 
the geographic combatant commands and available at the onset of a 
combat operation. 

Our review of a May 2009 version of the draft regulation found that it 
does establish some processes. For example, the draft regulation 
establishes a process for requesting permission to arm private security 
contractor personnel. This process includes written acknowledgment by 
the security contractor and its individual personnel that such 
personnel are not prohibited under U.S. law to possess firearms and 
requires documentation of individual training that includes weapons 
qualification and training on the rules of the use of force. The draft 
also states that individual training and qualification standards must 
meet, at a minimum, one of the military department's established 
standards. With regard to the registration, processing, and accounting 
of private security contractor personnel, the draft regulation 
references a draft update to DOD Instruction 3020.41, which designates 
the Synchronized Predeployment and Operational Tracker (SPOT) as the 
joint Web-based database to maintain contractor accountability and 
visibility of DOD-funded contracts supporting contingency operations. 
[Footnote 33] The draft regulation also identifies SPOT as the 
repository for registering and identifying military vehicles operated 
by private security contractor personnel. DOD officials stated that 
they interpreted Section 862's vehicle identification requirements as 
the need to register vehicles in a database using a unique identifier 
as opposed to identifying vehicles with a visual identifier such as a 
placard. Officials stated identifying vehicles using a visual 
identifier would expose private security contractors to enemy attacks. 
However, during our trip to Iraq in 2008, we observed that many DOD 
private security contractors affixed readable numbers on their 
vehicles.[Footnote 34] 

While DOD was required to develop this guidance by July 2008, as of 
June 2009 the guidance has not been finalized. According to DOD 
officials, promulgation of the guidance has taken considerable time due 
to coordination efforts with State and the federal rule-making process, 
which requires a draft rule be published for public comment in the 
Federal Register when it has an impact beyond the agency's internal 
operations. Because of this delay, the Federal Acquisition Regulation 
(FAR) has not been revised to require that covered contracts and task 
orders contain a contract clause to address the selection, training, 
equipping and conduct of personnel performing private security 
functions. According to DOD officials, the FAR will not be revised to 
implement the regulation until the regulation has been finalized. 

State and DOD Have Developed Policies and Processes on Other Private 
Security Issues Including Training, Weapons Accountability, and 
Alcohol: 

State Has Developed Detailed Private Security Contractor Training 
Requirements and an Inspection Process: 

According to officials in State's Bureau of Diplomatic Security, 
contractors performing under State's Worldwide Personal Protective 
Services contract are required to provide 164 hours of personal 
protective security training. The training curriculum includes topics 
such as the organization of a protective detail, firearms proficiency, 
driver training, and defensive tactics. According to officials in 
State's Bureau of Diplomatic Security, this training curriculum was 
reviewed and approved by State's Diplomatic Security Training Center. 
In addition, officials in the Bureau of Diplomatic Security approve the 
course instructors after reviewing the instructors' resumes and other 
qualifications. Our review of State's Worldwide Personal Protective 
Services contract found that it contained detailed training 
requirements for private security contractor personnel. For example, 
the contract identified very detailed weapons qualification training 
requirements. These requirements include establishing a minimum number 
of hours of weapons training, the acceptable venues for conducting the 
training, and the materials the contractor must furnish. The contract 
also determines the specific topics to be covered in the weapons 
training including procedures on safe weapon handling, proper 
marksmanship techniques, and firing positions. The requirements also 
establish the minimum number of rounds that must be fired per each 
weapon being used for training. 

To determine if private security contractor personnel are trained, 
officials from State's Diplomatic Security Training Center and the 
Office of Protective Operations periodically visit contractor training 
facilities to monitor training. According to State officials, during 
these inspections officials review the certifications of training 
instructors, observe individual training modules, and review individual 
student training records. According to State officials, the department 
is also in the process of conducting a comprehensive review of all 
three Worldwide Personal Protective Services contractor training 
programs. Officials stated that this is the first comprehensive review 
under the Worldwide Personal Protective Services contract and as part 
of this review officials are reviewing a full training curriculum at 
each contractor's training location. Officials stated that these 
reviews will result in recommendations for immediate improvements to 
each company's training program and may result in changes to the 
overall high-threat curriculum. To confirm that State conducted 
training inspections, we reviewed the two most recent inspection 
reports of each of the three private security contractors providing 
services under State's largest security contract, Worldwide Personal 
Protective Services. Our review of the records confirmed that State had 
inspected each contractor and that the reviews were conducted by State 
subject matter experts. For example, one inspection report we reviewed 
included a State firearms expert observing the firearms proficiency 
portion of the training. In each inspection report we reviewed, State 
concluded that the contractors met training requirements. We also 
observed that each inspection included suggestions for improvement even 
when training requirements were met. Officials also stated that in 
Iraq, Regional Security Officers provide daily oversight and as part of 
this oversight they are responsible for ensuring that the training 
standards are met. 

DOD Has Established Broad Training Requirements for Private Security 
Contractor Personnel and Employs a Two-Step Process to Determine If 
Private Security Contractor Personnel Have Been Trained: 

Much like State, DOD has established contractual training requirements 
for private security contractor personnel. However, DOD's training 
requirements are generally broader than State's. For example, while 
State's training requirements establish a detailed training curriculum 
that includes a minimum number of hours of training, DOD private 
security training requirements are more broadly defined. For example, 
Annex A of Fragmentary Order 09-109 which identifies requirements that 
must be included in DOD contracts where private security contractors 
will be armed, establishes that documentation should be maintained to 
attest that each armed private security contractor employee has been 
successfully familiarized with and met qualification requirements 
established by any DOD or other U.S. government agency for each weapon 
they are authorized to possess. Similarly, the order requires that 
employees be trained on the law of armed conflict and the rules for the 
use of force but does not provide specifics to be included in the 
training. Contracts also contain provisions to ensure that training 
does not lapse. For example, DOD contracts performed in Iraq or 
Afghanistan must provide that if the contractor fails to retrain an 
armed employee within 12 months of the last training date the employee 
will lose authorization to possess and carry a weapon in Iraq. 
Individual task orders may reiterate employee training requirements. 

Fragmentary Order 09-109 makes contracting officer representatives 
responsible for monitoring the contractor's performance and compliance 
with contractual requirements, including compliance with all applicable 
laws, regulations, orders, and directives. These representatives are co-
located on the contractor site to facilitate day-to-day contract 
oversight. According to DOD officials, contracting officer 
representatives periodically review individual private security 
contractor personnel training records to ensure that the training 
requirements have been met. Additionally, the Defense Contract 
Management Agency (DCMA) conducts reviews to ensure that contracting 
officer representatives are providing proper oversight. In February 
2008, DCMA began to use a series of checklists developed by DCMA to 
guide inspections of contracting officer representatives and confirm 
that these representatives are maintaining the appropriate 
documentation and providing sufficient contractor oversight. According 
to DCMA officials, these checklists were developed by taking contract 
requirements and other DOD guidance and translating them into a tool 
that could be used for an objective evaluation. These checklists may 
vary by contract and have been tailored for specific areas of contract 
performance. For example, while aspects of training may be found on 
multiple checklists, DCMA has developed a specific training checklist. 
Among the items checked are that contractors determined that personnel 
had been trained on the required subjects, that a training plan had 
been submitted for approval, and that training remained current. To 
confirm that these inspections covered training, we reviewed 215 
completed checklists. While each checklist varied in length and scope, 
our review of the checklists found that they contained 7 to 54 total 
items and among those items were several training-related items. For 
example, one checklist asked if the contractor ensured that all guard 
force personnel were trained and authorized to be armed before 
beginning their duties. Another checklist we reviewed asked if the 
contractor's training records validated training, certifications, and 
recertification. Of the checklists we reviewed, the checklists 
generally documented no concerns about training. However, 7 of the 
checklists contained observations that raised concerns about the 
training of personnel. Four checklists contained observations that 
indicated that personnel were qualified with a different weapon than 
the one they were assigned. Another checklist indicated that personnel 
deployed with little to no training noting that personnel learned 
everything about their posts once they were deployed. Two checklists 
observed that personnel were not trained in all of the required 
training subjects. 

Additionally, according to DOD officials, the department conducts 
periodic site visits of private security contractors' Iraq-based 
training facilities. However, because DOD personnel responsible for 
providing oversight of DOD's private security contracts in Iraq are 
based in Iraq and not elsewhere, such as the United States, these 
inspections do not regularly include facilities located outside of 
Iraq, such as contractors' U.S. training facilities. For example, an 
official at one private security firm we visited indicated that no one 
from DOD had ever inspected the firm's U.S.-based training facility. 
Unlike State, which maintains personnel in Iraq and in the U.S. to 
provide contract oversight, DOD's contracts are administered by the 
Joint Contracting Command for Iraq and Afghanistan and its personnel 
responsible for private security contract oversight are all located in 
Iraq. 

State and DOD Have Developed a Process to Account for Weapons Held by 
Private Security Contractors: 

According to State officials, the Worldwide Personal Protective 
Services contract requires a quarterly inventory of all U.S. government-
and contractor-furnished property, including weapons. According to 
State officials, all operational weapons are government furnished and 
are issued to the private security contractors by the regional security 
officer. The regional security officer conducts an annual sight 
inventory, which is corroborated with the contractors' quarterly 
inventories and records from the State Department branch that acquired 
the weapons. In addition, officials stated that the quarterly 
inventories are tracked by officials in State's high-threat protection 
office and verifies this during periodic program management reviews. 

In Iraq, DOD has established a process that includes granting arming 
authority to private security contractor personnel, and conducting 
reviews of weapons inventories and inspections of private security 
contractor armories. DCMA also conducts reviews to ensure that private 
security contractor personnel are properly authorized to carry weapons. 
In addition, DOD antiterrorism/force protection officials conduct 
yearly assessments of every MNF-I installation or forward operating 
base with over 300 personnel, known as vulnerability assessments. 
During these assessments officials check physical security measures and 
verify that armed contractors, including private security contractor 
personnel, are carrying the required arming authorization letter and 
meeting the requirements to be compliant with the arming authority 
requirements. Officials stated that ultimately contracting officer 
representatives are responsible for ensuring that DOD's private 
security contractors adhere to the arming regulations. Officials felt 
that while there were many good contracting officer representatives, 
there were some that would benefit from additional training on their 
responsibilities, instead of learning these things on the job. 

Recent audits by State's Office of the Inspector General and the 
Special Inspector General for Iraq Reconstruction found that weapons 
were properly accounted for. In April 2009, State's Office of the 
Inspector General published results of a performance audit of security 
contractor Triple Canopy and concluded that the firm established sound 
inventory controls at the two facilities State inspected in Iraq. 
[Footnote 35] To reach this conclusion, the office conducted an 
inventory of weapons and reviewed inventory documents maintained by the 
contractor and by the Regional Security Officer. In June 2009, a joint 
audit of security firm Blackwater, by State's Office of Inspector 
General and the Special Inspector General for Iraq Reconstruction, 
reached similar conclusions. [Footnote 36] The audit team was able to 
verify all weapons randomly selected from weapons assigned to 
Blackwater personnel. The report attributed their ability to verify the 
weapons to the level of State oversight through quarterly physical 
inventories and other periodic reconciliations by State personnel. 
Additionally, a January 2009 audit of security firm Aegis (a private 
security contractor) by the Special Inspector General for Iraq 
Reconstruction observed weapons inventory tests at four locations in 
Iraq and determined that all items were accounted for.[Footnote 37] 

State and DOD have Developed and Implemented Alcohol Policies for 
Private Security Contractor Personnel in Iraq: 

State, DOD, and private security contractors have developed and 
implemented policies related to the use of alcohol by private security 
contractor personnel. State has established policies that govern when 
private security contractors can consume alcohol. For example, State's 
Worldwide Personal Protective Services contract prohibits private 
security contractor personnel from consuming alcohol while on duty and 
within 6 hours prior to going on duty. Although State does not prohibit 
alcohol consumption by private security contractor personnel, private 
security contractors with State told us that they have established 
policies to govern employee alcohol consumption. Private security 
contractors with DOD contracts told us that their employees were 
subject to General Order #1 and thus were prohibited from possessing or 
consuming alcohol while in Iraq. General Order #1, which was 
established by the Commanding General of MNC-I, prohibits military 
personnel or contractors employed by or accompanying U.S. forces from 
the introduction, purchase, possession, sale, transfer, manufacture or 
consumption of any alcoholic beverage within MNC-I's area of 
responsibility. However, General Order #1 does not apply to private 
security contractors who support the State Department. Private security 
contractors we spoke with told us that personnel who violate the 
established alcohol policies are subject to disciplinary actions and 
depending on the severity of the use may have their employment 
terminated. When asked how often individuals have been let go due to 
alcohol, the contractors indicated that it is not very often. For 
example, one firm stated that out of an average staffing level of more 
than 650 non-Iraqi personnel, it has only terminated 7 employees due to 
violations of the alcohol policy. 

Conclusions: 

Homeland Security Presidential Directive 12 and its implementing 
guidance intend to create a consistent, federalwide approach to ensure 
that federal employees and contractors with regular access to federal 
facilities and installations are sufficiently screened for security 
risk. As we reported in 2006, military commanders and other officials 
are aware of the risks that contractors pose to U.S. forces in part 
because of the difficulties in screening employees, particularly 
foreign and host country nationals. While State and DOD have developed 
policies and procedures to ensure that U.S. citizen personnel and 
contractors are screened, only the State Department has developed 
departmentwide procedures to screen foreign national personnel. Efforts 
within DOD have been stalled by disagreement over how to develop and 
implement policies and procedures that comply with HSPD-12 while 
fulfilling DOD's need to provide private security contractor personnel 
to fulfill security requirements in Iraq. While we acknowledge the 
difficulties of conducting background screenings of foreign national 
personnel, the armed nature of private security contractor personnel 
presents the need for assurance that all reasonable steps have been 
taken to provide for their thorough vetting and minimize the risk they 
present. Without a coordinated DOD-wide effort to develop and implement 
standardized policies and procedures to ensure that contractor 
personnel, particularly foreign national private security contractor 
personnel, have been screened, DOD cannot provide this assurance. Even 
with established policies and procedures in place, there are inherent 
risks involved with employing foreign national personnel, making it 
critical that military commanders and contracting officials understand 
the risks and limitations associated with background screenings of 
foreign national personnel. Additionally, until DOD expands and 
finalizes guidance related to private security contractors, including 
the development of timelines for combatant commanders, it will not have 
fully responded to the congressional concerns which led to the 
development of Section 862 of the National Defense Authorization Act of 
Fiscal Year 2008. 

Recommendations for Executive Action: 

We recommend the five following actions to help ensure that DOD 
develops a departmentwide approach to properly screening private 
security contractor personnel, including non-United States citizens. We 
recommend that the Secretary of Defense appoint a focal point, at a 
sufficiently senior level and with the necessary authority to ensure 
that the appropriate offices in DOD coordinate, develop, and implement 
policies and procedures to conduct and adjudicate background screenings 
in a timely manner. More specifically the focal point should: 

* direct the Office of the Under Secretary of Defense for Intelligence, 
in consultation with the Under Secretary of Defense for Personnel and 
Readiness and the Under Secretary of Defense for Acquisition, 
Technology, and Logistics, to develop departmentwide procedures for 
conducting and adjudicating background screenings of foreign national 
contractor personnel and establish a time frame for implementation; 

* develop an effective means to communicate to MNF-I the new procedures 
so that MNF-I officials can adjust their existing background screening 
policies and procedures, if necessary, to comport with the procedures; 
and: 

* develop a training program to ensure that military commanders and 
contracting officials, including contracting officers and contracting 
officers' representatives, understand the department's policies and 
procedures for background screening as well as their roles and 
responsibilities. 

To ensure that DOD fully meets the requirements of Section 862 of the 
2008 National Defense Authorization Act we recommend that the Secretary 
of Defense direct the Under Secretary of Defense for Acquisition, 
Technology, and Logistics to: 

* establish minimum processes and requirements for the selection, 
accountability, training, equipping, and conduct of personnel 
performing private security functions under a covered contract during a 
combat operation; 

* direct the geographic combatant commanders, through the Chairman of 
the Joint Chiefs of Staff, to develop and publish the regulations, 
orders, directives, instructions, and procedures for private security 
contractors operating during a contingency operation within their area 
of responsibility; 

* provide a report to Congress with the timelines for completing the 
minimum processes discussed in the recommendation above; and: 

* revise the Federal Acquisition Regulation to require the insertion 
into each covered contract a clause addressing the selection, training, 
equipping, and conduct of personnel performing private security 
functions under such, contract. 

Agency Comments and Our Evaluation: 

In commenting on a draft of this report, DOD concurred with two of the 
five recommendations and partially concurred with three. 

DOD partially concurred with our recommendation that the Secretary of 
Defense appoint a focal point at a sufficiently senior level and with 
the necessary authority to ensure that the appropriate DOD offices 
coordinate, develop and implement policies and procedures to conduct 
and adjudicate background screenings in a timely manner. In DOD's 
response, the department noted that the Assistant Deputy Under 
Secretary of Defense for Program Support has been designated to be 
responsible for monitoring the registration, processing, and accounting 
of private security contractor personnel in an area of contingency 
operations. As we noted in this report, the Office of the Under 
Secretary of Defense for Intelligence (USD-I) is responsible for 
developing DOD's background screening policy in conjunction with the 
Office of the Under Secretary of Defense for Acquisition, Technology, 
and Logistics (AT&L) and the Office of the Under Secretary of Defense 
for Personnel and Readiness (P&R). While we don't dispute the role that 
the Assistant Deputy Under Secretary of Defense for Program Support has 
to monitor the registration, processing, and accounting of private 
security contractor personnel, we do not believe that this office is 
the correct office to resolve disagreements among the offices 
responsible for developing DOD's background screening policy. DOD also 
noted that it is in the process of institutionalizing the Operational 
Contract Support Functional Capabilities Integrations Board. According 
to DOD, the board will provide the senior level oversight to provide 
cross-component alternatives and recommendations on current and future 
capability needs, policies, and investments. Since the board has not 
yet been established, we were unable to determine if the board would 
have sufficient authority to implement our recommendation or if USD-I 
will be included on the board. Unless the board is given the authority 
to resolve the policy differences between the USD-I and AT&L and direct 
the development of background screening polices, the disagreements that 
have hampered the development of screening policies and procedures will 
continue. 

In addition, DOD stated that it does not conduct its own background 
investigations on foreign nationals and lacks the infrastructure to do 
so. The department stated that it depends on the Office of Personnel 
Management (OPM) to conduct its background investigations. While this 
may be true for background investigations that lead to the granting of 
security clearances, our report was focused on background screenings 
that do not lead to the granting of security clearances. As we noted in 
this report, contractors are responsible for conducting background 
screenings for their foreign national employees using standards, 
processes, and procedures developed by the contractors themselves or as 
in Iraq, developed by the military. In addition, in Iraq, MNF-I has 
developed their own background screening process to supplement 
contractor-led screening of private security contractor personnel. 
However, as we noted, the process used in Iraq has several 
shortcomings. We believe that in order to meet the intent of this 
recommendation, the department needs to develop departmentwide 
standards and procedures for conducting and adjudicating background 
screenings to assure itself that screenings are providing as much 
background information as possible and that the department has a common 
understanding of what information is or is not included in a contractor-
conducted background screening. Without this information, military 
commanders may be unaware of the risks foreign national private 
security contractor personnel may pose. Regarding the department's 
comment that it will ensure that the Defense Federal Acquisition 
Regulation is modified, it is unclear how the clause can be modified 
until standards are developed to include in the clause. 

DOD also partially concurred with our recommendation that the Secretary 
of Defense direct the Under Secretary of Defense for Acquisition, 
Technology, and Logistics to establish minimum processes and 
requirements for the selection, accountability, training, equipping, 
and conduct of personnel performing private security functions under a 
covered contract during a combat operation. As we noted, Section 862 of 
the fiscal year 2008 NDAA directed the Secretary of Defense, in 
coordination with the Secretary of State, to develop regulations on the 
selection, training, equipping, and conduct of private security 
contractor personnel under a covered contract in an area of combat 
operations. DOD responded that the Interim Final Rule published in the 
July 17, 2009, issue of the Federal Register meets the requirements of 
Section 862 of the fiscal year 2008 NDAA and that the department was 
also soliciting input from the geographical combatant commanders on 
this subject. While the Interim Final Rule published in the Federal 
Register on July 17TH contains some minor variations from the May 2009 
draft Interim Final Rule we reviewed for the purposes of this report, 
our criticisms of the draft Interim Final Rule continue to be 
applicable to the Interim Final Rule published in the Federal Register. 
As we noted in our report, the Interim Final Rule directs geographic 
combatant commanders to develop procedures consistent with principles 
established in existing DOD instructions and directives and makes 
reference to existing DOD regulations regarding these areas. However, 
neither the draft nor the referenced documents articulate a process or 
requirements that geographic combatant commanders can use to ensure 
that all private security contractor personnel meet screening and 
security requirements. The Interim Final Rule published in the Federal 
Register on July 17TH contains these same shortcomings. We continue to 
believe that DOD should establish minimum processes and requirements 
for the selection, accountability, training, equipping, and conduct of 
private security contractor personnel to meet the intent of our 
recommendation. These processes and requirements could be strengthened, 
if necessary, by the geographic combatant commanders. As we noted, 
without these minimum standards DOD will not have reasonable assurance 
that a minimum level of safety and protection has been met. In the 
past, DOD has taken a similar approach. In December 2006, DOD updated 
the department's antiterrorism instruction. [Footnote 38] The 
instruction established minimum DOD antiterrorism measures, while 
providing military commanders and civilians with the flexibility and 
adaptability to develop measures that are more stringent if conditions 
warrant. 

In addition, DOD partially concurred with our recommendation that the 
Secretary of Defense direct the Under Secretary of Defense for 
Acquisition, Technology, and Logistics to direct the geographic 
combatant commanders to develop and publish the regulations, orders, 
directives, instructions, and procedures for private security 
contractors operating during a contingency operation within their area 
of responsibility. DOD stated that this had already been accomplished 
in large part through the issuance of Multi-National Forces-Iraq 
Operations Order 09-01in Iraq and OPORD 09-03 in Afghanistan. However, 
the orders cited by DOD are specific to Iraq and Afghanistan and are 
not applicable to other geographic commands. Therefore, we believe 
additional guidance should be developed for other geographic commands. 

DOD concurred with the remainder of our recommendations. However, DOD 
did not indicate what, if any, specific actions it would take to 
address the intent of our recommendations. Therefore, we believe DOD 
needs to more clearly identify what steps it will take to implement 
these recommendations. The full text of DOD's written comments is 
reprinted in appendix II. The Department of State did not provide 
formal written comments on a draft of this report. 

We are sending copies of this report to other interested congressional 
committees, the Secretary of Defense, and the Secretary of State. In 
addition, this report will be available at no charge on GAO's Web site 
at [hyperlink, http://www.gao.gov]. 

If you or your staff have any questions on the matters discussed in 
this report, please contact me at (202) 512-8365. Contact points for 
our Offices of Congressional Relations and Public Affairs may be found 
on the last page of this report. Key contributors to this report were 
Carole Coffey, Assistant Director; Johana Ayers, Assistant Director, 
Acquisitions and Sourcing Management; Vincent Balloon; Laura Czohara; 
Robert Grace; Jason Pogacnik; Karen Thornton; Cheryl Weissman; and 
Natasha Wilder. 

Signed by: 

William M. Solis: 
Director, Defense Capabilities and Management: 

List of Committees: 

The Honorable Carl Levin: 
Chairman: 
The Honorable John McCain: 
Ranking Member: 
Committee on Armed Services: 
United States Senate: 

The Honorable John F. Kerry:
Chairman:
The Honorable Richard G. Lugar:
Ranking Member:
Committee on Foreign Relations:
United States Senate: 

The Honorable Joseph I. Lieberman:
Chairman:
The Honorable Susan M. Collins:
Ranking Member:
Committee on Homeland Security and Governmental Affairs:
United States Senate: 

The Honorable Daniel K. Inouye:
Chairman:
Subcommittee on Defense:
Committee on Appropriations:
United States Senate: 

The Honorable Daniel K. Akaka:
Chairman:
The Honorable George V. Voinovich:
Ranking Member:
Subcommittee on Oversight of Government Management, the Federal 
Workforce, and the District of Columbia:
Committee on Homeland Security and Governmental Affairs:
United States Senate: 

The Honorable Ike Skelton: 
Chairman: 
The Honorable Howard P. "Buck" McKeon: 
Ranking Member: 
Committee on Armed Services: 
House of Representatives: 

The Honorable Howard L. Berman:
Chairman:
The Honorable Ileana Ros-Lehtinen:
Ranking Member:
Committee on Foreign Affairs:
House of Representatives: 

The Honorable Edolphus Towns:
Chairman:
The Honorable Darrell Issa:
Ranking Member:
Committee on Oversight and Government Reform:
House of Representatives: 

The Honorable John P. Murtha:
Chairman:
Subcommittee on Defense:
Committee on Appropriations:
House of Representatives: 

The Honorable John Tierney:
Chairman:
The Honorable Jeff Flake:
Ranking Member:
Subcommittee on National Security and Foreign Affairs:
Committee on Oversight and Government Reform:
House of Representatives: 

The Honorable Robert Andrews: 
House of Representatives: 

The Honorable David Price: 
House of Representatives: 

[End of section] 

Appendix I: Objectives, Scope, and Methodology: 

Our scope was limited to contracts and contractors with a direct 
contractual relationship with either the Department of Defense (DOD)or 
the Department of State. For DOD, our analysis of contract materials 
was limited to contractors performing under DOD's largest security 
contract in terms of employment, the Theater Wide Internal Security 
Services contract. Similarly for State, our contract analysis was 
limited to contractors performing under the agency's largest contract 
for security services in terms of employment, the Worldwide Personal 
Protective Services contract. Because contractor personnel requiring 
security clearances are subject to a standard government-led and 
adjudicated screening process, for reporting purposes, our scope in 
assessing background screening policies and procedures is limited to 
those covering private security contractor personnel who do not require 
a security clearance. 

To determine the extent to which DOD and State have developed and 
implemented policies and procedures to ensure that the backgrounds of 
private security contractor personnel have been screened, we obtained 
and reviewed government-wide and DOD documents including Homeland 
Security Presidential Directive 12 and DOD regulations related to 
vetting, background screening, and operational contract support such as 
DOD Instruction 3020.41 dealing with operational contract support, Army 
Regulation 196.56 on vetting and screening of security guards, and DOD 
Iraq-theater-specific private security contractor guidance including 
Fragmentary Order 07-428, Fragmentary Order 08-605, and Fragmentary 
Order 09-109. Additionally, we obtained and reviewed State 
documentation related to the processes used to conduct background 
screening including the Foreign Affairs Handbook. We also interviewed 
officials from various DOD and State offices who were responsible for 
developing and implementing policies and procedures related to the 
background screening of private security contractor personnel including 
officials from the offices of the Under Secretary of Defense for 
Personnel and Readiness, the Under Secretary of Defense for 
Acquisitions, Technology and Logistics, the Under Secretary of Defense 
for Intelligence, and State's Bureau of Diplomatic Security. In Iraq we 
met with officials from the Defense Contract Management Agency, the DOD 
agency tasked with administering DOD security contracts, several 
contracting officers' representatives who provide day to day oversight 
of security contracts, officials from Multi-National Force-Iraq, and 
State Department officials responsible for oversight of the agency's 
Worldwide Personal Protective Services contract, including the Regional 
Security Officer. Additionally, we obtained and reviewed contracts for 
security services awarded by both DOD and State to determine what 
screening requirements were included in the contracts and obtained 
copies of contractor background screening plans to determine how 
contractors intended to screen foreign national employees. 

To determine the extent to which DOD has developed regulations to 
address the elements of Section 862 of the National Defense 
Authorization Act for Fiscal Year 2008, we obtained and reviewed the 
Act. We also obtained and reviewed DOD's draft regulation--DOD 
Instruction 3020.pp--being developed by officials in the Office of the 
Under Secretary of Defense for Acquisition, Technology, and Logistics 
(AT&L). We also met with officials from AT&L to discuss the progress 
made in developing this regulation. Our assessment of the extent to 
which DOD's draft policy meets the requirements of Section 862 of the 
National Defense Authorization Act for Fiscal Year 2008 is based on our 
review of the draft regulation as it was written on May 2009. We did 
not evaluate the effectiveness of the draft regulation because it has 
not yet been finalized and is subject to change. 

To determine the extent to which DOD and State have implemented 
processes to ensure that private security contractor personnel in Iraq 
are trained, we reviewed DOD and State contracts for security services 
in Iraq and interviewed DOD and State officials responsible for 
ensuring that these requirements have been met. To corroborate 
statements made by DOD, State, and private security firm officials, we 
also obtained and reviewed compliance audit checklists from inspections 
conducted on Theater Wide Internal Security Services contractors by the 
Defense Contract Management Agency. We selected completed checklists 
from inspections of the two Theater Wide Internal Security Services 
contractors we interviewed through the course of our audit. From the 
full list of completed checklists from the two contractors, we then 
eliminated checklists related to inspections that were not relevant to 
our audit, including checklists related to trafficking-in-persons and 
life support. In total, we reviewed 215 compliance audit checklists 
from inspections that were conducted from March 2008 through January 
2009. Similarly, to ensure that State conducted training inspections of 
its Worldwide Personal Protective Services contractors, we obtained and 
reviewed the two most recent inspection reports for each of its three 
Worldwide Personal Protective Services contractors. We did not evaluate 
the quality of training provided by DOD and State. 

To examine the measures the two departments have taken to account for 
weapons used by private security contractors in Iraq, we obtained and 
reviewed DOD and State arming guidance and policies. This guidance 
includes Fragmentary Order 07-428 and Fragmentary Order 09-109. We also 
interviewed DOD and State officials responsible for providing arming 
authority for private security contractor personnel including officials 
in MNC-I's arming office and officials in the office of the U.S. 
Embassy Baghdad's Regional Security Officer. We also met with officials 
from 11 private security firms who currently provide or have recently 
provided private security services in Iraq. Finally we reviewed recent 
reports from various audit agencies such as the State Department's 
Office of the Inspector General and the Special Inspector General for 
Iraq Reconstruction related to weapons accountability. 

To determine what policies DOD and State had developed to govern 
alcohol use among private security contractor personnel in Iraq, we 
reviewed DOD and State contracts for security services to determine if 
the contracts included any statements on the use of alcohol, obtained 
copies of department policies such as U.S. Central Command's General 
Order 1, which governs the conduct of contractors in Iraq. We also 
discussed alcohol policies with officials from 8 private security firms 
who currently provide or have recently provided private security 
services in Iraq. 

To obtain the industry's perspective on background screening, training, 
and other issues, we interviewed officials from three private security 
industry associations and officials from 11 private security firms who 
currently provide or have recently provided private security services 
in Iraq. We selected firms that represented the variety of security 
services and approaches used in Iraq. For example, we selected firms 
that provided both high-and low-visibility security services. We also 
selected firms with large contracts and firms with small contracts. In 
addition, to ensure that our discussions with DOD and State private 
security contractors about background screening were applicable to a 
wide range of nationalities, we selected firms that recruited employees 
from a variety of nationalities, including those from the United 
States, United Kingdom, Peru, and Uganda. Of the 11 firms, we met with 
9 who currently provide or had recently provided security services to 
DOD. Of those 9, we met with 3 of the 5 firms who provide security 
services under the Theater Wide Internal Security Services contract. 
For State, we met with all 3 of the department's Worldwide Personal 
Protective Services contractors. 

To achieve our objectives we also reviewed various reviews conducted by 
DOD and State including those released by DOD's Office of the Inspector 
General and State's Office of the Inspector General. We also examined 
recent reports issued by the Special Inspector General for Iraq 
Reconstruction. These reports dealt with issues related to contract 
management and oversight, weapons accountability, and training. We 
conducted this performance audit from August 2008 through June 2009 in 
accordance with generally accepted government auditing standards. Those 
standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on audit objectives. We believe that the 
evidence obtained provides a reasonable basis for our findings and 
conclusions based on our audit objectives. We visited or contacted the 
following organizations during our review: 

The Department of Defense: 

* Office of the Under Secretary of Defense for Acquisition, Technology, 
and Logistics, Washington, D.C. 

* Office of the Under Secretary of Defense for Intelligence, Arlington, 
Va. 

* Office of the Under Secretary of Defense for Personnel and Readiness, 
Washington, D.C. 

* Office of General Counsel, Washington, D.C. 

* Office of the J4, Washington, D.C. 

* U.S. Central Command, Tampa, Fla. 

* Defense Contract Management Agency, Baghdad, Iraq: 

* Multi-National Forces-Iraq, Baghdad, Iraq: 

* Multi-National Corps-Iraq, Baghdad, Iraq: 

* Multi-National Division-Baghdad, Baghdad, Iraq: 

* Joint Contracting Command Iraq/Afghanistan, Baghdad, Iraq: 

Department of the Army: 

* Army Corps of Engineers Gulf Regional Division, Baghdad, Iraq: 

* Army Corps of Engineers, Logistics Movement Coordination Center, 
Baghdad, Iraq: 

Department of State: 

* Bureau of Diplomatic Security, Washington, D.C. 

* Office of Acquisitions Management, Arlington, Va. 

* Office of the Legal Adviser, Arlington, Va, Baghdad, Iraq: 

* Secretary of State's Panel on Personal Protective Services in Iraq, 
Washington, D.C. 

* US Embassy Iraq, Baghdad, Iraq: 

Department of Justice: 

* Criminal Division, Washington, D.C. 

* Federal Bureau of Investigation, Washington, D.C. 

Other agencies and offices: 

* U.S. Agency for International Development (USAID), Washington, D.C. 

* Foreign & Commonwealth Office, London, United Kingdom: 

Industry associations and background screening firms: 

* Private Security Contractor Association of Iraq, Baghdad, Iraq: 

* International Peace Operations Association, Washington, D.C. 

* British Association of Private Security Companies, London, United 
Kingdom: 

* employeescreenIQ, Cleveland, Ohio: 

Private Security Contractors: 

* Aegis, London, United Kingdom: 

* Armor Group, London, United Kingdom: 

* Blackwater (now known as Xe), Baghdad, Iraq; Moyock, N.C. 

* Blue Hackle, Baghdad, Iraq: 

* Control Risks Group, London, United Kingdom: 

* Dyncorps International, West Falls Church, Va. 

* Erinys International, London, United Kingdom: 

* Olive Group, Baghdad, Iraq: 

* Raymond Associates, Clifton Park, N.Y. 

* SOC-SMG, Minden, Nev. 

* Triple Canopy Inc., Herndon, Va. 

[End of section] 

Appendix II: Comments from the Department of Defense: 

Office Of The Under Secretary Of Defense: 
Acquisition, Technology And Logistics: 
3000 Defense Pentagon: 
Washington, DC 20301-3000: 

Mr. William M. Solis: 
Director, Defense Capabilities and Management: 
U.S. Government Accountability Office: 
441 G Street, N.W. 
Washington, DC 20548: 

July 24, 2009: 

Dear Mr. Solis: 

This is the Department of Defense (DoD) response to the GAO draft 
report, GAO09-315, `Contingency Contract Management: DoD Needs to 
Develop and Finalize Background Screening and Other Standards for 
Private Security Contractors,' dated June 24, 2009 (GAO Code 351083).
Detailed comments on the report are enclosed. 

Sincerely, 

Signed by: Illegible, for: 

Gary J. Motsek: 
Assistant Deputy Under Secretary of Defense (Program Support): 

Enclosures: As stated: 

[End of letter] 

GAO Draft Report - Dated June 24, 2009: 
GAO Code 351083/GAO-09-315: 
"Contingency Contract Management: DoD Needs to Develop and Finalize 
Background Screening and Other Standards for Private Security 
Contractors" 

Department Of Defense Comments To The Recommendations: 

Recommendation 1: The GAO recommends that the Secretary of Defense 
appoint a focal point, at a sufficiently senior level and with the 
necessary authority, to ensure that the appropriate offices in DoD 
coordinate, develop, and implement policies and procedures to conduct 
and adjudicate background screenings in a timely manner. More 
specifically the focal point should: 

A. direct the Under Secretary of Defense for Intelligence, in 
consultation with the Under Secretary of Defense for Personnel and 
Readiness and the Under Secretary of Defense for Acquisitions, 
Technology and Logistics, to develop department-wide procedures for 
conducting and adjudicating background screenings of foreign national 
contractor personnel and establish a time frame for implementation; 

B. develop an effective means to communicate to Multi National Forces-
Iraq (MNF-I) the new procedures so that MNF-I officials can adjust 
their existing background screening policies and procedures, if 
necessary, to comport with the procedures; and, 

C. develop a training program to ensure that military commanders and 
contracting officials, including contracting officers and contracting 
officers' representatives. understand the department's policies and 
procedures for background screening as well as their roles and 
responsibilities. 

DOD Response: Partially concur. The Assistant Deputy Under Secretary of 
Defense for Program Support, under the authority, direction, and 
control of the Deputy Under Secretary of Defense for Logistics and 
Materiel Readiness, has been designated to be responsible for 
monitoring the registration, processing, and accounting of Private 
Security Contractor (PSC) personnel in an area of contingency 
operations. The DoD is in the process of institutionalizing the 
`Operational Contract Support Functional Capabilities Integrations 
Board' in accordance with DoDD 7045.0 Capability Portfolio Management 
(CPM), dated September 25, 2008, and Section 854 of the John Warner 
National Defense Authorization Act (NDAA) of 2007 (Public Law 109-364), 
`Joint Policies on Requirements Definition, Contingency Program 
Management, and Contingency Contracting'. This board represents senior 
level oversight designed to advise and support the Capability Portfolio 
Management process which includes integrating, synchronizing, and 
coordinating portfolio content to ensure alignment to strategic 
priorities and capability demands of the Department. This board 
provides cross component alternatives and recommendations on current 
and future capability needs, policies and investments. 

Recommendation 1A: Direct Under Secretary of Defense for Intelligence 
in consultation with Under Secretary of Defense for Personnel and 
Readiness and Under Secretary of Defense for Acquisition, Technology 
and Logistics to develop departmentwide procedures for conducting and 
adjudicating background screenings of foreign national contractor 
personnel and establish a time frame for implementation. 

DOD Response: Partially-concur. DoD does not conduct its own 
investigations and has no infrastructure in place to conduct 
investigations on foreign nationals or to process such cases through 
the Department of State (DoS). DoD is wholly reliant upon the Office of 
Personnel Management (OPM), its investigative service provider, to 
conduct all investigative leads. The Under Secretary of Defense for 
Intelligence has in the past and will continue to encourage OPM to 
coordinate with the DoS to develop procedures to conduct National 
Agency Check with Inquiries equivalent investigations outside of the 
United States. The Functional Capabilities Integrations Board will 
ensure the appropriate modifications to Defense Federal Acquisition 
Regulation 52.225-19 `Contractor Personnel in a Designated Operational 
Area or Supporting a Diplomatic or Consular Mission Outside the United 
States' which will a) adequately reflect the intent of congress, b) 
realistically consider theater dependant vetting capabilities, and c) 
balances the Counter Insurgence Operations requirements of the field 
commanders. 

Recommendation 1B: Develop an effective means to communicate to Multi 
National Forces-Iraq (MNF-I) the new procedures so that MNF-I officials 
can adjust their existing background screening policies and procedures, 
if necessary, to comport with the procedures. 

DOD Response: Concur. See response to IA. 

Recommendation 1C: Develop a training program to ensure that military 
commanders and contracting officials, including contracting officer 
representatives (COR) and contracting officer technical representatives 
(COTR), understand the department's policies and procedures for 
background screening as well as their roles and responsibilities. 

DOD Response: Concur. This requirement needs to be clearly enunciated 
in the Federal Acquisition Regulation/Defense Federal Acquisition 
Regulation for our contracting officials, and incorporated as a key 
element into our existing training programs for our military, civilian 
and contracting representatives. 

Recommendation 2: The GAO recommends that the Secretary of Defense 
direct the Under Secretary of Defense for Acquisition, Technology, and 
Logistics to establish minimum process and requirements for the 
selection, accountability, training, equipping, and conduct of 
personnel performing private security functions under a covered 
contract during a combat operation. 

DoD Response: Partially concur. Section 862 of the FY 2008 National 
Defense Authorization Act clearly identifies Congressional intent on 
this issue. To meet the statutory requirements, DoD in conjunction with 
Department of State (DoS) authored a new directive entitled 'Private 
Security Contractors (PSCs) Operating in Contingency Operations.' This 
interagency document was just published in the July 17, 2009 issue of 
the Federal Register as an Interim Final Rule. After the period of 
public review expires, an enhanced edition of this document will be 
published as a DoD directive. In the interim, Office of the Department 
is coordinating the required Federal Acquisition Regulation and Defense 
Federal Acquisition Regulation clauses needed to implement the 
congressional intent outline in the `Private Security Contractors 
(PSCs) Operating in Contingency Operations' document. Recognizing there 
is no one size tits all solution to vetting PSC, the Department is also 
soliciting input from the Geographical Commanders on this subject. 

DoD Regulation 5200.8, "Security of DoD Installations and Resources". 
requires DoD Components to develop training, qualification, and 
suitability requirements for dedicated security forces (including 
contracted security forces where employed). The Operational Contract 
Support Capabilities Integrations Board will develop enchantments to 
the processes, procedures, and requirements for selection, 
accountability, training, equipping, and conduct of personnel 
performing private security functions under a covered contract during a 
combat operations should be worked via the Operational Contract Support 
Functional Capabilities Integrations Board in concert with Under 
Secretary of Defense for Acquisition, Technology and Logistics, Under 
Secretary of Defense for Intelligence, Under Secretary of Defense for 
Personnel and Readiness, and DoD components. 

Recommendation 3: The GAO recommends that the Secretary of Defense 
direct the Under Secretary of Defense for Acquisition, Technology, and 
Logistics to direct the geographic combat commander to develop and 
publish the regulations, orders, directives, instructions and 
procedures for private security contractors operating during a 
contingency operation within their area of responsibility. 

DoD Response: Partially concur. DoD has accomplished this task, in 
large part, through to the publication of Multi National Forces-Iraq 
Operations Order 09-01 "Requirements, Communications, Procedures, and 
Responsibilities for Control, Coordination, Management and Oversight of 
Armed Contractors/DoD Civilians and Private Security companies (PSC)" 
in Iraq and OPORD 09-03 "Department of Defense (DoD) Armed Contractors 
and PSCs (AC/PSCs) in Afghanistan. These dynamic documents are updated 
as conditions dictate. 

Recommendation 4: The GAO recommends that the Secretary of Defense 
direct the Under Secretary of Defense for Acquisitions, Technology and 
Logistics to provide a report to Congress with the timelines for 
completing the minimum processes discussed in the recommendation above. 

DOD Response: Concur. 

Recommendation 5: The GAO recommends that the Secretary of Defense 
direct the Under Secretary of Defense for Acquisitions, Technology and 
Logistics to revise the Federal Acquisition Regulation to require the 
insertion into each covered contract a clause addressing the selection, 
training, equipping, and conduct of personnel performing private 
security functions under such contract. 

DOD Response: Concur. DoD requirements are already included in the 
Defense Federal Acquisition Regulation 52.225-19 `Contractor Personnel 
in a Designated Operational Area or Supporting a Diplomatic or Consular 
Mission Outside the United States.' Interagency requirements will be 
addressed in the forth coming Federal Acquisition Regulation 
requirements directed by the newly published Interim Final Report. 

[End of section] 

Related GAO Products: 

Rebuilding Iraq: DOD and State Department Have Improved Oversight and 
Coordination of Private Security Contractors in Iraq, but Further 
Actions Are Needed to Sustain Improvements. [hyperlink, 
http://www.gao.gov/products/GAO-08-966]. Washington, D.C.: July 31, 
2008. 

Military Operations: Implementation of Existing Guidance and Other 
Actions Needed to Improve DOD's Oversight and Management of Contractors 
in Future Operations. [hyperlink, 
http://www.gao.gov/products/GAO-08-436T]. Washington, D.C.: January 24, 
2008. 

Military Operations: Background Screenings of Contractor Employees 
Supporting Deployed Forces May Lack Critical Information, but U.S. 
Forces Take Steps to Mitigate the Risk Contractors May Pose. 
[hyperlink, http://www.gao.gov/products/GAO-06-999R]. Washington, D.C.: 
September 22, 2006. 

Rebuilding Iraq: Actions Still Needed to Improve the Use of Private 
Security Providers. [hyperlink, 
http://www.gao.gov/products/GAO-06-865T]. Washington, D.C.: June 13, 
2006. 

Military Operations: High-Level DOD Action Needed to Address Long- 
standing Problems with Management and Oversight of Contractors 
Supporting Deployed Forces. [hyperlink, 
http://www.gao.gov/products/GAO-07-145]. Washington, D.C.: December 18, 
2006. 

Electronic Government: Agencies Face Challenges in Implementing New 
Federal Employee Identification Standard. [hyperlink, 
http://www.gao.gov/products/GAO-06-178]. Washington, D.C.: February 1, 
2006. 

[End of section] 

Footnotes: 

[1] The Commission on Wartime Contracting in Iraq and Afghanistan, At 
What Cost? Contingency Contracting in Iraq and Afghanistan, June 2009. 

[2] DOD estimates are as of March 31, 2009, and State estimates are as 
of February 28, 2009. 

[3] GAO, Military Operations: Background Screenings of Contractor 
Employees Supporting Deployed Forces May Lack Critical Information, but 
U.S. Forces Take Steps to Mitigate the Risk Contractors May Pose, 
[hyperlink, http://www.gao.gov/products/GAO-06-999R] (Washington, D.C.: 
Sept. 22, 2006). 

[4] GAO, Rebuilding Iraq: DOD and State Department Have Improved 
Oversight and Coordination of Private Security Contractors in Iraq, but 
Further Actions Are Needed to Sustain Improvements, [hyperlink, 
http://www.gao.gov/products/GAO-08-966] (Washington, D.C.: July 31, 
2008). 

[5] GAO, Military Operations: Background Screenings of Contractor 
Employees Supporting Deployed Forces May Lack Critical Information, but 
U.S. Forces Take Steps to Mitigate the Risk Contractors May Pose, 
[hyperlink, http://www.gao.gov/products/GAO-06-999R] (Washington, D.C.: 
Sept. 22, 2006). 

[6] [hyperlink, http://www.gao.gov/products/GAO-06-999R]. 

[7] A NACI consists of searches of the Office of Personnel Management 
Security/Suitability Investigations Index, the Defense Clearance and 
Investigations Index, the Federal Bureau of Investigation 
Identification Division's name and fingerprint files, and other files 
or indexes when necessary. It also includes written inquiries and 
searches of records covering specific areas of an individual's 
background during the past 5 years (inquiries sent to current and past 
employers, schools attended, references, and local law enforcement 
authorities). 

[8] [hyperlink, http://www.gao.gov/products/GAO-06-999R]. 

[9] DOD Instruction 5200.08, Security of DOD Installations and 
Resources, December 10, 2005. 

[10] Pub. L. No. 99-399 (1986). 

[11] As amended by Section 853 of the Duncan Hunter National Defense 
Authorization Act for Fiscal Year 2009. 

[12] Section 864 of the FY2008 NDAA defines a "covered contract" as (a) 
a contract of a federal agency for the performance of services in an 
area of combat operations; (b) a subcontract at any tier under such a 
contract; or (c) a task order or delivery order issued under such a 
contract or subcontract. 

[13] The Directive-Type Memoranda became effective November 26, 2008, 
and states that it shall be converted to a new DOD Instruction within 
180 days. 

[14] [hyperlink, http://www.gao.gov/products/GAO-06-999R]. 

[15] GAO, Contract Management: Contracting for Iraq Reconstruction and 
for Global Logistics Support, [hyperlink, 
http://www.gao.gov/products/GAO-04-869T] (Washington, D.C.: June 15, 
2004). 

[16] GAO, Rebuilding Iraq: DOD and State Department Have Improved 
Oversight and Coordination of Private Security Contractors in Iraq, but 
Further Actions Are Needed to Sustain Improvements, [hyperlink, 
http://www.gao.gov/products/GAO-08-966] (Washington, D.C.: July 31, 
2008). 

[17] Special Inspector General for Iraq Reconstruction, Need to Enhance 
Oversight of Theater Wide Internal Security Services Contracts, SIGIR- 
09-017 (Arlington, Va.: Apr. 24, 2009). 

[18] MNC-I, part of MNF-I, is the tactical unit responsible for the 
command and control of operations throughout Iraq. 

[19] This requirement was established to ensure compliance with the 
Lautenberg Amendment to the Gun Control Act of 1968 (Pub. L. No. 90- 
168). For example, pursuant to section 922 (g)(9) of Title 18 of the 
U.S. Code it is unlawful for any person who has been convicted in any 
court of a misdemeanor crime of domestic violence to possess any 
firearm or ammunition. 

[20] [hyperlink, http://www.gao.gov/products/GAO-06-999R]. 

[21] GAO, Electronic Government: Agencies Face Challenges in 
Implementing New Federal Employee Identification Standard, [hyperlink, 
http://www.gao.gov/products/GAO-06-178] (Washington, D.C.: Feb. 1, 
2006). 

[22] Army Regulation 190-56 prescribes policies and procedures for the 
selection, management, employment, training, and certification of 
Department of the Army security personnel and contract and contractor 
security personnel involved in the protection and safeguarding of 
personnel and property. It is applicable worldwide; however, outside of 
the continental U.S. commanders are instructed to consider such factors 
as host nation support and status of forces agreements when 
implementing its policies and procedures. 

[23] Army Regulation 190-56 provides that commanders of Army commands 
outside of the continental U.S. will establish necessary security 
screening procedures for security guard personnel to ensure that the 
spirit and intent of the regulation are met. 

[24] [hyperlink, http://www.gao.gov/products/GAO-06-999R]. 

[25] An interim rule is a rulemaking document that is effective 
immediately and may request comments in the Federal Register. An 
interim rule responds to an emergency situation and is usually followed 
by a rule document that confirms that the interim rule is final and may 
include further amendments. The DOD draft regulation on private 
security contractors states that it is being published as an Interim 
Final Rule because there is insufficient policy and guidance regulating 
the actions of DOD and other governmental private security contractors 
and their movements in the battlespace. It will be effective upon 
publication in the Federal Register and has a 45 day comment period. 

[26] The draft regulation states the relevant Chief of Mission will 
develop and issue implementing instructions for non-DOD private 
security contractor personnel consistent with the standards set forth 
by the geographic combatant commanders. 

[27] The draft regulation makes specific reference to DOD Directive 
3020.49; DOD Instruction 3020.41; CJCS Instruction 3121.01B; DOD 5200.8-
R; DOD Directive 2311.01E; and DOD Directive 5210.56. 

[28] Additional regulations referenced in the draft regulation provide 
policy objectives and establish responsibilities regarding 
qualification, training, screening and security of private security 
contractors, but do not articulate processes. For instance, DOD 5200.08-
R, Physical Security Program (Apr. 9, 2007, incorporating Change 1, 
May, 27, 2009) states as an objective the standardization of personal 
identification and authentication at DOD installations and facilities, 
using the Common Access Card as the universal authority of individual 
authenticity and establishes that a NACI or equivalent national 
security clearance is required for permanent issuance of the 
credential. DOD Instruction 3020.41, Program Management for Acquisition 
and Operational Contract Support in Contingency Operations (draft 
update), establishes policy for integration of DOD contractor personnel 
into military contingency operations overseas, but for specific 
procedures relating to contingency personnel providing private security 
services it references the forthcoming DOD Instruction, which will be 
based on the interim final rule. DOD Directive 5210.56, Use of Deadly 
Force and the Carrying of Firearms by DOD Personnel Engaged in Law 
Enforcement and Security Duties (Nov. 1, 2001), directs heads of DOD 
components to ensure that local commanders develop criteria, consistent 
with this Directive and local law, for the carrying of firearms and the 
use of force by contract security forces. 

[29] Section 862 (a)(2)(D) was amended by Section 853 of the Duncan 
Hunter National Defense Authorization Act for Fiscal Year 2009. 

[30] An area of combat operation is defined in section 862 (c) of the 
FY2008 NDAA as an area, including Iraq and Afghanistan, to be 
designated by the Secretary of Defense. 

[31] The summary statement of the draft regulation notes that the 
Memorandum of Agreement provides appropriate procedures for private 
security contractors in Iraq, but the draft regulation is needed to 
implement equivalent procedures in Afghanistan. 

[32] Pursuant to the Memorandum of Agreement, the Secretaries of 
Defense and State agreed to jointly develop, implement, and follow core 
standards, policies, and procedures for the accountability, oversight, 
and discipline of private security contractors in Iraq. 

[33] While DOD Instruction 3020.41 is not applicable to State, in July 
2008, DOD entered a Memorandum of Understanding with State and USAID, 
which designates SPOT as a central repository for information on 
deployed contractors under DOD, State, and USAID contracts. 

[34] GAO, Rebuilding Iraq: DOD and State Department Have Improved 
Oversight and Coordination of Private Security Contractors in Iraq, but 
Further Actions Are Needed to Sustain Improvements, [hyperlink, 
http://www.gao.gov/products/GAO-08-966]. (Washington, D.C.: July 31, 
2008). 

[35] U.S. Department of State, Office of Inspector General, Performance 
Audit of the Triple Canopy Contract for Personal Protective Services in 
Iraq, Report Number MERO-IQO-09-03 (April 2009). 

[36] U.S. Department of State, Office of Inspector General, Special 
Inspector General for Iraq Reconstruction, Joint Audit of Blackwater 
Contract and Task Orders for Worldwide Personal Protective Services in 
Iraq, Report Numbers AUD/IQO-09-16, SIGIR 09-021 (June 2009). 

[37] Special Inspector General for Iraq Reconstruction, Oversight of 
Aegis's Performance on Security Services Contracts in Iraq with the 
Department of Defense, SIGIR-09-010 (January 2009). 

[38] DOD Instruction 2000.16, DOD Antiterrorism Standards, December 8, 
20006. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAOís actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAOís Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: