Personnel Security Clearances:

Overall Progress Has Been Made to Reform the Governmentwide Security Clearance Process

GAO-11-232T: Published: Dec 1, 2010. Publicly Released: Dec 1, 2010.

Additional Materials:

Contact:

Brenda S. Farrell
(202) 512-3604
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

This testimony discusses our key findings and recommendations in our report that we are releasing today on some aspects of personnel security clearance reforms. We conducted our review in response to a congressional request. This is the fourth in a series of hearings, in which Congress has asked GAO to testify; and this Subcommittee's continued oversight has helped focus attention on the need for personnel security reform. Personnel security clearances allow government and industry personnel to gain access to classified information that, through unauthorized disclosure, can in some cases cause exceptionally grave damage to U.S. national security. The July 2010 and subsequent October 2010 recent unauthorized leak of almost 500,000 classified documents posted to the Internet related to the ongoing wars in Afghanistan and Iraq provides a cogent example of the inherent risks involved when granting an individual a security clearance. To ameliorate these risks, government agencies rely on a multiphased personnel security clearance process. However, with the increase in demand over the past decade for personnel with security clearances, we and others have identified problems with the security clearance process with respect to delays and incomplete documentation. As a result, we have designated the Department of Defense's (DOD) clearance program--which represents a vast majority of the initial security clearances adjudicated by the federal government--as a high-risk area since 2005. In light of longstanding concerns regarding delays in processing clearances and other issues, Congress set objectives and established requirements for improving the clearance process in section 3001 of the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA). IRTPA established objectives for timeliness, requirements for reciprocity--an agency's acceptance of a background investigation or clearance determination completed by any authorized investigative or adjudicative agency--and an integrated, secure database to house clearance information. In 2007, DOD and the Office of the Director of National Intelligence (ODNI) formed the Joint Security Clearance Process Reform Team, known as the Joint Reform Team, to transform the security clearance process governmentwide. In the following year, Executive Order 13467 was issued, establishing a Suitability and Security Clearance Performance Accountability Council (Performance Accountability Council) that is responsible for driving the implementation of reform and is accountable to the President for achieving the reform effort's goals. This governance structure was put in place, in part, to sustain the momentum of clearance reforms. We have previously noted that top leadership must be committed to organizational transformation. To this end, committed executive leadership has worked to reform the personnel security clearance process by improving timeliness and developing quality measures. Congressional oversight through hearings held by this subcommittee in February, July and September 2008, and in October 2009 has helped focus attention on the need for security clearance reform. In addition, the recently passed Intelligence Authorization Act for Fiscal Year 2010 requires reports by the President on the security clearance process, including information on timeliness and quality. This statement highlights the key findings and recommendations from the report we are issuing today. Specifically, it will focus on the extent to which select executive branch agencies (1) investigate and adjudicate initial personnel security clearance applications for civilian, military, and industry personnel in a timely manner; (2) honor previously granted personnel security clearances and the challenges, if any, that exist related to reciprocity; and (3) share personnel clearance information in a single, integrated database.

(1) Significant overall progress has been made to improve timeliness, largely due to DOD, which comprises the vast majority of clearances. IRTPA established an objective for each authorized adjudicative agency to "make a determination on at least 90 percent of all applications for a personnel security clearance within an average of 60 days from the date of receipt of the completed application by an authorized investigative agency" by December 17, 2009. This means that under the current statutory timeliness objective, the executive branch can exclude the slowest 10 percent and then report on an average of the remaining clearances. IRTPA includes 40 days for investigations and 20 days for adjudications within this 60-day average period. As shown in figure 2, DOD, the Department of Energy, and the National Geospatial-Intelligence Agency met the 60-day timeliness objective in all three quarters of fiscal year 2010. (2) Agency officials stated that they routinely take steps to honor previously granted security clearances; however, there are no governmentwide metrics to comprehensively track when and why reciprocity is granted or denied. IRTPA generally requires that all security clearance investigations and determinations be accepted by all agencies, with limited exceptions when necessary for national security purposes. Further, ODNI guidance signed in October 2008 amplifies this reciprocity requirement, stating that except in limited circumstances, all Intelligence Community elements are to "accept all in-scope security clearance or access determinations." Similarly, the OMB issued guidance requiring agencies to reciprocally accept clearances when the prior clearance is current, in-scope, and there is no new derogatory information, among other things. However, agency officials stated that in some cases, they find it necessary to take additional steps to address limitations with available information before granting a reciprocal clearance. Moreover, because of the different types of background investigations required by individual agencies, agencies may perform additional investigative work or request a new background investigation. (3) Although there are no plans to develop a single, integrated database as called for in IRTPA, the Performance Accountability Council is focusing on leveraging existing systems and increasing information sharing by developing a single search capability through OPM's system, the Central Verification System. IRTPA required that no later than 12 months after the date of its enactment, the Director of OPM and the Director of OMB establish and commence operating and maintaining a single, integrated database of security clearance information. This database was to house information regarding the granting, denial, or revocation of security clearances or access pertaining to military, civilian, and contractor personnel, from all authorized investigative and adjudicative agencies. However, the Performance Accountability Council is not pursuing a single, integrated database, according to our analysis of a series of recent reports that the Joint Reform Team issued from 2008 through 2010. Similarly, according to the most recent annual report to Congress, the reform efforts are focused on leveraging OPM's existing system--the Central Verification System--to enable access to records on investigations and adjudications. Agency officials from both OPM and ODNI confirmed that there are no plans to create a new single, integrated database and explained that establishing, operating, and maintaining a single, integrated database is not a viable option because of concerns related to privacy, security, and data ownership. Privacy concerns involve the unintentional disclosure of personal identifying information, such as names and Social Security numbers. Merging different systems into one database could result in the unintentional disclosure of personal identifying information that could compromise security.

Jul 30, 2014

Jul 29, 2014

Jul 22, 2014

Jun 17, 2014

Jun 11, 2014

Jun 10, 2014

May 28, 2014

May 21, 2014

May 12, 2014

Looking for more? Browse all our products here