This is the accessible text file for GAO report number GAO-11-232T 
entitled 'Personal Security Clearances: Overall Progress Has Been Made 
to Reform the Governmentwide Security Clearance Process' which was 
released on December 1, 2010. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony: 

Before the Subcommittee on Intelligence Community Management, 
Permanent Select Committee on Intelligence, U.S. House of 
Representatives: 

United States Government Accountability Office:
GAO: 

For Release on Delivery: 
Expected at 1:00 p.m. EDT:
Wednesday, December 1, 2010: 

Personal Security Clearances: 

Overall Progress Has Been Made to Reform the Governmentwide Security 
Clearance Process: 

Statement of Brenda S. Farrell, Director:
Defense Capabilities and Management: 

GAO-11-232T: 

[End of section] 

Madam Chairwoman, Ranking Member Myrick, and Members of the 
Subcommittee: 

Thank you for the opportunity to be here today to discuss our key 
findings and recommendations in our report that we are releasing today 
on some aspects of personnel security clearance reforms. As you know, 
we conducted our review in response to a request from you, Madam 
Chairwoman, and Mr. Holt. This is the fourth in a series of hearings, 
in which you have asked GAO to testify; and this Subcommittee's 
continued oversight has helped focus attention on the need for 
personnel security reform. 

Personnel security clearances allow government and industry personnel 
to gain access to classified information that through unauthorized 
disclosure, can in some cases cause exceptionally grave damage to U.S. 
national security. The July 2010 and subsequent October 2010 recent 
unauthorized leak of almost 500,000 classified documents posted to the 
Internet related to the ongoing war in Afghanistan and Iraq provides a 
cogent example of the inherent risks involved when granting an 
individual a security clearance. To ameliorate these risks, government 
agencies rely on a multiphased personnel security clearance process. 
However, with the increase in demand over the past decade for 
personnel with security clearances, we and others have identified 
problems with the security clearance process with respect to delays 
and incomplete documentation. As a result, we have designated the 
Department of Defense's (DOD) clearance program--which represents a 
vast majority of the initial security clearances adjudicated by the 
federal government--as a high-risk area since 2005.[Footnote 1] 

In light of long-standing concerns regarding delays in processing 
clearances and other issues, Congress set objectives and established 
requirements for improving the clearance process in section 3001 of 
the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA). 
[Footnote 2] IRTPA established objectives for timeliness, requirements 
for reciprocity--an agency's acceptance of a background investigation 
or clearance determination completed by any authorized investigative 
or adjudicative agency--and an integrated, secure database to house 
clearance information. In 2007, DOD and the Office of the Director of 
National Intelligence (ODNI) formed the Joint Security Clearance 
Process Reform Team, known as the Joint Reform Team, to transform the 
security clearance process governmentwide.[Footnote 3] In the 
following year, Executive Order 13467 was issued, establishing the 
Suitability and Security Clearance Performance Accountability Council 
(Performance Accountability Council) that is responsible for driving 
the implementation of reform and is accountable to the President for 
achieving the reform effort's goals. This governance structure was put 
in place, in part, to sustain the momentum of clearance reforms. (See 
figure 1 for key events related to security clearance reform.) 

Figure 1: Key Events Related to the Security Clearance Reform Effort: 

[Refer to PDF for image: time line] 

December 17, 2004: 
Intelligence Reform and Terrorist Prevention Act passed. 

January 2005: 
Government Accountability Office places Department of Defense’s 
clearance program on its high-risk list. 

June 27, 2005: 
Executive Order 13881 designates the Office of Management and Budget 
the single entity to ensure centralization, uniformity, and 
reciprocity of security clearance policies. 

November 2005: 
Office of Management and Budget issues a plan for improving the 
security clearance process. 

June 25, 2007: 
The Joint Reform Team is formed to develop a plan for clearance 
reform, including research priorities and an information technology 
strategy, to achieve IRTPA goals. 

April 30, 2008: 
The Joint Reform Team issues a report on reforming the security 
clearance and suitability process. 

June 30, 2008: 
Executive Order 13467 establishes the Performance Accountability 
Council to drive implementation of the reform effort and designated 
the Office of Management and Budget’s Deputy Director for Management 
as Chair. 

December 18, 2008: 
The Joint Reform Team issues a report outlining reform progress and 
further plans. 

March 17, 2009: 
The Joint Reform Team issues an Enterprise Information Technology 
Strategy to support the reformed security and suitability process. 

February 16, 2010: 
The Performance Accountability Council issues a strategic framework to 
articulate the goals of the security and suitability process reform. 

May 31, 2010: 
The Performance Accountability Council develops quality measures[A] 
that it believes will identify specific quantifiable targets linked to 
goals that are intended to be measured objectively and ultimately 
gauge progress and assess the quality of the personnel security 
clearance process. 

Source: GAO analysis. 

[A] The Quality Metrics are proposed measures. 

[End of figure] 

We have previously noted that top leadership must be committed to 
organizational transformation.[Footnote 4] To this end, committed 
executive leadership has worked to reform the personnel security 
clearance process by improving timeliness and developing quality 
measures. Congressional oversight through hearings held by this 
subcommittee in February, July, and September 2008 and in October 2009 
has helped focus attention on the need for security clearance reform. 
[Footnote 5] In addition, the recently passed Intelligence 
Authorization Act for Fiscal Year 2010 requires reports by the 
President on the security clearance process, including information on 
timeliness and quality.[Footnote 6] 

As noted earlier, my statement today will highlight the key findings 
and recommendations from the report we are issuing today. 
Specifically, I will focus on the extent to which select executive 
branch agencies (1) investigate and adjudicate initial personnel 
security clearance applications for civilian, military, and industry 
personnel in a timely manner; (2) honor previously granted personnel 
security clearances and the challenges, if any, that exist related to 
reciprocity; and (3) share personnel clearance information in a 
single, integrated database. 

The scope of our audit work included DOD,[Footnote 7] select agencies 
within the Intelligence Community,[Footnote 8] and a nonprobability 
sample of six executive branch agencies that use the Office of 
Personnel Management (OPM) to conduct background investigations. 
[Footnote 9] The agencies we selected in our review account for 
approximately 98 percent of initial clearance cases governmentwide 
annually. To assess timeliness, reciprocity, and the sharing of 
information in a single, integrated database, we analyzed the 
requirements specified in IRTPA related to timeliness, reciprocity, 
and the creation of a single database; obtained and reviewed first, 
second and third quarter data for fiscal year 2010 on executive branch 
agencies, including Intelligence Community agencies, provided by the 
Performance Accountability Council Subcommittee on Performance 
Measures and Management, which were current as of August 2010; 
obtained and reviewed quarterly data for the executive branch agencies 
provided by OPM for the same time periods; and analyzed executive 
branch reports to Congress, executive orders, OPM memorandums, and 
agency guidance related to security clearances.[Footnote 10] To 
supplement our analysis, we also interviewed agency officials, 
security managers, and adjudicators from our selected list of agencies 
that are knowledgeable about timeliness, reciprocity and security 
clearance databases. We assessed the reliability of the data and 
determined that the data are sufficiently reliable for our purposes. 
Our review was performed from October 2009 through November 2010 in 
accordance with generally accepted government auditing standards. 
Those standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe 
that the evidence obtained provides a reasonable basis for our 
findings and conclusions based on our objectives. 

Significant Overall Progress has been Made to Improve Timeliness, but 
Some Agencies Continue to Face Challenges in Meeting Timeliness 
Objectives: 

As we note in our report, significant overall progress has been made 
to improve timeliness, largely due to DOD, which comprises the vast 
majority of clearances. IRTPA established an objective for each 
authorized adjudicative agency to "make a determination on at least 90 
percent of all applications for a personnel security clearance within 
an average of 60 days from the date of receipt of the completed 
application by an authorized investigative agency" by December 17, 
2009.[Footnote 11] This means that under the current statutory 
timeliness objective, the executive branch can exclude the slowest 10 
percent and then report on an average of the remaining clearances. 
IRTPA includes 40 days for investigations and 20 days for 
adjudications within this 60-day average period. As shown in figure 2, 
DOD, the Department of Energy, and the National Geospatial-
Intelligence Agency met the 60-day timeliness objective in all three 
quarters of fiscal year 2010. We also found that timeliness varied 
widely among executive branch agencies. During the first three 
quarters of fiscal year 2010, the average for the fastest 90 percent 
of cases adjudicated by the 14 agencies included in our review ranged 
from 22 to 96 days for investigation timeliness, 2 to 59 days for 
adjudication timeliness, and 30 to 154 days for combined timeliness. 
[Footnote 12] 

Figure 2: Average Of The Fastest 90 Percent Of Initial Clearance Cases 
For Select Executive Branch Agencies: 

[Refer to PDF for image: illustrated table] 

No delegated authority[A]: 

Department of Defense[B]: 
Investigations (40 days): 
First quarter: 42 days; 
Second quarter: 45 days; 
Third quarter: [Check]; 
Adjudication (20 days): 
First quarter: [Check]; 
Second quarter: [Check]; 
Third quarter: [Check]; 
Combined (60 days): 
First quarter: [Check]; 
Second quarter: [Check]; 
Third quarter: [Check]. 

Department of Homeland Security: 
Investigations (40 days): 
First quarter: 48 days; 
Second quarter: 51 days; 
Third quarter: 49 days; 
Adjudication (20 days): 
First quarter: 48 days; 
Second quarter: 59 days; 
Third quarter: 57 days; 
Combined (60 days): 
First quarter: 96 days; 
Second quarter: 110 days; 
Third quarter: 106 days. 

Department of Energy: 
Investigations (40 days): 
First quarter: 47 days; 
Second quarter: 45 days; 
Third quarter: 44 days; 
Adjudication (20 days): 
First quarter: [Check]; 
Second quarter: [Check]; 
Third quarter: [Check]; 
Combined (60 days): 
First quarter: [Check]; 
Second quarter: [Check]; 
Third quarter: [Check]. 

Department of Justice: 
Investigations (40 days): 
First quarter: 60 days; 
Second quarter: 68 days; 
Third quarter: 63 days; 
Adjudication (20 days): 
First quarter: 42 days; 
Second quarter: 44 days; 
Third quarter: 28 days; 
Combined (60 days): 
First quarter: 102 days; 
Second quarter: 112 days; 
Third quarter: 91 days. 

Department of the Treasury: 
Investigations (40 days): 
First quarter: 54 days; 
Second quarter: 56 days; 
Third quarter: 52 days; 
Adjudication (20 days): 
First quarter: 54 days; 
Second quarter: 27 days; 
Third quarter: 46 days; 
Combined (60 days): 
First quarter: 108 days; 
Second quarter: 83 days; 
Third quarter: 98 days. 

Department of Health and HUman Services: 
Investigations (40 days): 
First quarter: 52 days; 
Second quarter: 53 days; 
Third quarter: 47 days; 
Adjudication (20 days): 
First quarter: [Check]; 
Second quarter: [Check]; 
Third quarter: [Check]; 
Combined (60 days): 
First quarter: 65 days; 
Second quarter: 70 days; 
Third quarter: [Check]. 

Department of Veterans Affairs: 
Investigations (40 days): 
First quarter: 54 days; 
Second quarter: 78 days; 
Third quarter: 70 days; 
Adjudication (20 days): 
First quarter: 31 days; 
Second quarter: [Check]; 
Third quarter: 26 days; 
Combined (60 days): 
First quarter: 85 days; 
Second quarter: 93 days; 
Third quarter: 96 days. 

Delegated authority[A]: 

Defense Intelligence Agency: 
Investigations (40 days): 
First quarter: 55 days; 
Second quarter: [Check]; 
Third quarter: 49 days; 
Adjudication (20 days): 
First quarter: [Check]; 
Second quarter: [Check]; 
Third quarter: [Check]; 
Combined (60 days): 
First quarter: 80 days; 
Second quarter: 68 days; 
Third quarter: 78 days. 

National Security Agency[C]: 
Investigations (40 days): 
First quarter: 70 days; 
Second quarter: 59 days; 
Third quarter: 49 days; 
Adjudication (20 days): 
First quarter: [Check]; 
Second quarter: [Check]; 
Third quarter: [Check]; 
Combined (60 days): 
First quarter: 80 days; 
Second quarter: 68 days; 
Third quarter: [Check]. 

National Geospatial-Intelligence Agency; 
Investigations (40 days): 
First quarter: [Check]; 
Second quarter: [Check]; 
Third quarter: [Check]; 
Adjudication (20 days): 
First quarter: 31 days; 
Second quarter: [Check]; 
Third quarter: [Check]; 
Combined (60 days): 
First quarter: [Check]; 
Second quarter: [Check]; 
Third quarter: [Check]. 

Central Intelligence Agency: 
Investigations (40 days): 
First quarter: 78 days; 
Second quarter: 85 days; 
Third quarter: 96 days; 
Adjudication (20 days): 
First quarter: 49 days; 
Second quarter: 47 days; 
Third quarter: 58 days; 
Combined (60 days): 
First quarter: 127 days; 
Second quarter: 132 days; 
Third quarter: 154 days. 

Federal Bureau of Investigations: 
Investigations (40 days): 
First quarter: 76 days; 
Second quarter: 75 days; 
Third quarter: [Check]; 
Adjudication (20 days): 
First quarter: [Check]; 
Second quarter: [Check]; 
Third quarter: [Check]; 
Combined (60 days): 
First quarter: 82 days; 
Second quarter: 78 days; 
Third quarter: [Check]. 

National Reconnaissance Office: 
Investigations (40 days): 
First quarter: [Check]; 
Second quarter: [Check]; 
Third quarter: [Check]; 
Adjudication (20 days): 
First quarter: 31 days; 
Second quarter: 58 days; 
Third quarter: 36 days; 
Combined (60 days): 
First quarter: [Check]; 
Second quarter: 85 days; 
Third quarter: 62 days. 

Department of State: 
Investigations (40 days): 
First quarter: 43 days; 
Second quarter: 47 days; 
Third quarter: 48 days; 
Adjudication (20 days): 
First quarter: [Check]; 
Second quarter: [Check]; 
Third quarter: [Check]; 
Combined (60 days): 
First quarter: [Check]; 
Second quarter: 54 days; 
Third quarter: [Check]. 

Source: Performance Accountability Council data. 

Note: The data provided by the Performance Accountability Council was 
provided in August 2010. We assessed the reliability of the data and 
determined that the data are sufficiently reliable for our purposes. 

[A] Agencies without delegated authority rely on OPM to conduct their 
background investigations, while agencies with delegated authority 
have been authorized to conduct their own background investigations. 
As such, timeliness data for agencies without delegated authority are 
a reflection of OPM's timeliness. 

[B] DOD's clearance workload comprises a vast majority of clearances. 
The Performance Accountability Council timeliness reports on initial 
clearances include DOD secret/confidential renewal cases. A prior GAO 
review and OPM officials' estimates of DOD clearance timeliness in 
fiscal year 2009 indicated that confidential and secret level 
clearances, whether initial or renewal, generally took the same amount 
of time to investigate. Furthermore, the Defense Personnel Security 
Research Center - a DOD entity dedicated to improving the 
effectiveness, efficiency, and fairness of the DOD personnel security 
system - issued a working paper that showed that average adjudication 
timeliness did not substantially differ between initial and renewal 
secret clearance cases for DOD using first, second, and third quarters 
of data for fiscal year 2008. 

[C] According to National Security Agency officials, because of the 
nature of the National Security Agency's initiation and investigation 
requirements, reported investigation times include additional steps, 
such as suitability determination investigations. 

[End of figure] 

Based on our discussions with agency officials, we identified a number 
of challenges to agencies meeting IRTPA timeliness objectives, 
including variances among the agencies in adopting information 
technology due to resource and personnel limitations, and additional 
agency-specific requirements that must be met before granting a 
security clearance. For example, agency officials with whom we spoke 
explained that there is a variance in agencies' adoption of the 
Electronic Questionnaire for Investigation Processing (e-QIP). 
According to these officials, e-QIP has sped up investigation 
timeliness for agencies that have adopted this technology because it 
provides OPM with more complete and better quality data earlier in the 
process. However, resource constraints are a limiting factor in 
agencies' adoption of this type of technology. In addition, agency- 
specific requirements can affect timeliness. For example, timeliness 
for the Intelligence Community has varied because of unique issues 
related to conditions of employment that require polygraphs or 
psychological evaluations that extend beyond the standard background 
investigation. 

The Performance Accountability Council is responsible for driving 
implementation of the reform effort and ensuring accountability, but 
has not reported on the impediments to meeting timeliness objectives 
or plans to address impediments. IRTPA's security clearance reform 
provision requires annual reports to the appropriate congressional 
committees--through 2011--on the progress made during the preceding 
year toward meeting its requirements, including timeliness data and a 
discussion of any impediments to the smooth and timely functioning of 
its requirements.[Footnote 13] However, in its most recent report to 
Congress, the Performance Accountability Council did not provide 
information on the impediments agencies face in meeting timeliness 
objectives or plans to address impediments. While the Office of the 
Director of National Intelligence, in the capacity as Security 
Executive Agent, has performed a limited number of oversight audits, 
according to officials we met with at four agencies, the Performance 
Accountability Council has not met with them to identify the 
impediments to meeting the timeliness objectives. The Performance 
Accountability Council has focused its efforts on DOD due, in part, to 
the DOD security clearance program's designation as one of GAO's high- 
risk areas, as well as the fact that DOD clearances comprise the vast 
majority of clearance cases that are processed annually. We found that 
because of the relative size of DOD's clearance program, DOD's 
progress toward meeting IRTPA's timeliness objectives is a significant 
factor in reducing the average time required for clearance processing 
for the government as a whole. However, the Performance Accountability 
Council's February 2010 annual report to Congress lacked an 
identification of the impediments other agencies face to meeting 
timeliness objectives and did not identify mitigation strategies or 
action plans. Furthermore, the Performance Accountability Council 
officials stated that, they began conducting one-on-one meetings with 
individual agencies in September 2010 to enhance communication, assist 
in implementation planning, and provide a feedback mechanism for 
agency stakeholders to communicate information and needs to the Joint 
Reform Team. 

To further improve timeliness across the federal government, we 
recommended that the Deputy Director of Management, Office of 
Management and Budget, in the capacity as Chair of the Performance 
Accountability council, collaborate with agencies that are not meeting 
timeliness objectives to take the following actions: (1) identify 
challenges to timeliness; (2) develop mitigation strategies to enable 
each agency to comply with the IRTPA timeliness objectives; (3) set 
timelines for accomplishing the required actions; (4) monitor agency 
progress; and (5) report on these plans and progress in the annual 
reports to Congress. OMB concurred with our recommendation, noting 
through oral comments that the Performance Accountability council was 
committed to the timeliness goals of IRTPA and that it was working 
with agencies currently not meeting the IRTPA timeliness goals by 
taking steps to assist these agencies. As noted in my statement today, 
we are strongly encouraged by the progress that the Performance 
Accountability Council has made over the last few years to reduce 
overall timeliness. If implemented in accordance with our 
recommendations, the Performance Accountability Council's actions to 
assist the agencies in developing plans to implement the reformed 
approach appear to be a positive step in helping sustain the momentum 
of security clearance reform. 

Executive Agencies Often Grant Reciprocity, Although Challenges Exist 
to Measuring and Tracking Reciprocity: 

Agency officials stated that they routinely take steps to honor 
previously granted security clearances; however, there are no 
governmentwide metrics to comprehensively track when and why 
reciprocity is granted or denied. IRTPA generally requires that all 
security clearance investigations and determinations be accepted by 
all agencies, with limited exceptions when necessary for national 
security purposes.[Footnote 14] Further, ODNI guidance signed in 
October 2008 amplifies this reciprocity requirement, stating that 
except in limited circumstance, all Intelligence Community elements 
are to "accept all in-scope security clearance or access 
determinations."[Footnote 15] Similarly, the Office of Management and 
Budget (OMB) issued guidance[Footnote 16] requiring agencies to 
reciprocally accept clearances when the prior clearance is current, in-
scope,[Footnote 17] and there is no new derogatory information, among 
other things. However, agency officials stated that in some cases, 
they find it necessary to take additional steps to address limitations 
with available information before granting a reciprocal clearance. For 
example, although no single, integrated database exists and 
information currently being shared between agencies may be 
insufficient, agencies request additional information, such as copies 
of the original background investigation. Moreover, because of the 
different types of background investigations required by individual 
agencies, agencies may perform additional investigative work or 
request a new background investigation. 

In addition to addressing limitations with available information, 
agency officials reported that additional steps must sometimes be 
taken to conduct suitability determinations or ensure that a prior 
clearance investigation and adjudication meet their standards before 
granting reciprocity. All federal agencies conduct basic suitability 
determinations to ensure that the applicant's character or conduct is 
appropriate for the position in question, but some agencies take 
additional actions to determine the suitability of applicants before 
they reciprocate a security clearance. For example, the Department of 
Justice must take steps to ensure that applicants for jobs with the 
Drug Enforcement Administration have not used drugs, according to 
agency officials. Similarly, the Intelligence Community requires a 
polygraph evaluation, among other things, to determine suitability for 
most positions, according to intelligence officials. Some agencies 
take steps to ensure that a prior clearance meets their quality 
expectations. Most agency officials stated that the lack of 
governmentwide standardized training and certification process for 
investigators and adjudicators is a challenge to immediately 
reciprocating a security clearance. Without governmentwide 
standardized training and certification, agencies cannot be certain 
that a subject's prior clearance investigation and adjudication meet 
the quality expectations of the inquiring agency. Consequently, as we 
have previously reported, agencies are reluctant to be accountable for 
investigations and/or adjudications conducted by other agencies or 
organizations.[Footnote 18] Although OPM has developed some training, 
security clearance investigators and adjudicators are not required to 
complete a certain type or number of classes. However, the annual 
reports to Congress indicate that the Performance Accountability 
Council is taking steps to make investigations and adjudications more 
consistent across the government by standardizing the training of 
investigators and adjudicators.[Footnote 19] 

While the Performance Accountability Council has identified 
reciprocity as a governmentwide strategic goal, there is no clear 
evidence to show the extent to which reciprocity is granted because 
agencies lack comprehensive, standardized metrics to track 
reciprocity. We previously reported that developing metrics for 
assessing and regularly monitoring all aspects of the clearance 
process could add value in current and future reform efforts as well 
as supply better information for greater congressional oversight. 
[Footnote 20] However, we found that agencies do not consistently 
document the additional steps they have taken prior to granting a 
reciprocal clearance. For example, the Navy keeps electronic 
documentation, the Department of Energy and the Department of the 
Treasury keep paper documentation, and the Army and the Air Force do 
not maintain any documentation on the additional steps taken to accept 
a previously granted security clearance. Consequently, there is no 
consistent tracking of the amount of staff time spent on the 
additional actions that are taken to honor a previously granted 
security clearance. In addition, agencies do not consistently and 
comprehensively track the extent to which reciprocity is granted. 
While OPM has a metric to track reciprocity, this metric captures 
limited information, such as numbers of requested and rejected 
investigations, but not the number of cases in which a previously 
granted security clearance was or was not honored. Similarly, the 
metrics proposed by the Performance Accountability Council do not 
track the extent to which reciprocity is or is not ultimately honored. 
For example, metrics proposed by the Performance Accountability 
Council, such as the number of duplicate requests for investigations, 
percentage of applications submitted electronically, number of 
electronic applications submitted by applicants but rejected by OPM as 
unacceptable because of missing information or forms, and percentage 
of fingerprint submissions determined to be "unclassifiable" by the 
Federal Bureau of Investigation, provide useful information but do not 
track the extent to which reciprocity is or is not ultimately honored. 
Without comprehensive, standardized metrics to track reciprocity, and 
documentation of the process, decision makers lack a complete picture 
of the extent to which reciprocity is granted and the challenges to 
honoring previously granted security clearances. 

To further improve governmentwide reciprocity, we recommended that the 
Deputy Director of Management, Office of Management and Budget, in the 
capacity as Chair of the Performance Accountability Council, develop 
comprehensive metrics to track reciprocity and then report the 
findings from the expanded tracking to Congress. OMB concurred with 
our recommendation, stating that the Performance Accountability 
Council is working to develop these additional metrics. We are 
encouraged by the Performance Accountability Council's development of 
quality metrics, which include some metrics for tracking reciprocity. 
Although these are positive steps that can contribute to greater 
visibility over the clearance process, these measures have not yet 
been fully implemented and we are continuing to examine these efforts 
as part of our ongoing work. 

Although There are No Plans to Develop a Single, Integrated Database, 
Steps Have Been Taken to Upgrade Existing Systems and Increase 
Information Sharing: 

Although there are no plans to develop a single, integrated database 
as called for in IRTPA, the Performance Accountability Council is 
focusing on leveraging existing systems and increasing information 
sharing by developing a single search capability through OPM's system, 
the Central Verification System. IRTPA required that no later than 12 
months after the date of its enactment, the Director of OPM and the 
Director of OMB establish and commence operating and maintaining a 
single, integrated database of security clearance information. 
[Footnote 21] This database was to house information regarding the 
granting, denial, or revocation of security clearances or access 
pertaining to military, civilian, and contractor personnel, from all 
authorized investigative and adjudicative agencies. However, the 
Performance Accountability Council is not pursuing a single, 
integrated database, according to our analysis of a series of recent 
reports that the Joint Reform Team issued from 2008 through 2010. 
[Footnote 22] For example, according to the Enterprise Information 
Technology Strategy, the Performance Accountability Council has opted 
to pursue an approach that leverages existing systems and involves the 
development of new tools when necessary.[Footnote 23] Similarly, 
according to the most recent annual report to Congress, the reform 
efforts are focused on leveraging OPM's existing system--the Central 
Verification System--to enable access to records on investigations and 
adjudications.[Footnote 24] Agency officials from both OPM and ODNI 
confirmed that there are no plans to create a new single, integrated 
database and explained that establishing, operating, and maintaining a 
single, integrated database is not a viable option because of concerns 
related to privacy, security, and data ownership. Privacy concerns 
involve the unintentional disclosure of personal identifying 
information, such as names and Social Security numbers. Merging 
different systems into one database could result in the unintentional 
disclosure of personal identifying information that could compromise 
security. For example, since the Intelligence Community's database is 
classified and separate from the databases used by nonintelligence 
agencies, even an aggregation of unclassified information from its 
database could lead to unintentional disclosure of personal 
identifying information that could compromise security. Moreover, 
breaches in the system could compromise security. For example, some 
officials mentioned an enhanced threat from hackers if there were 
consolidation of multiple information technology systems. 

Although there are no plans to create a new governmentwide database, 
officials representing nonintelligence executive branch agencies in 
our review stated that they are sharing information about personnel 
who hold or are seeking security clearances through two main databases 
that can be accessed through a single entry point. Two primary 
databases are used by nonintelligence agencies to store investigative 
and adjudicative information, and according to the Performance 
Accountability Council, they account for decisions on about 90 percent 
of all security clearance holders in the federal government. Data are 
stored in either OPM's Central Verification System or DOD's Joint 
Personnel Adjudication System. The Central Verification System 
includes security clearance data for all non-Intelligence Community 
executive branch agencies. The Joint Personnel Adjudication System is 
a repository for security clearance information on both DOD civilian 
and military personnel, as well as determinations of contractor 
clearance eligibility and access for the National Industrial Security 
Program. Data from the two databases can be searched and obtained from 
a single entry point in the Central Verification System.[Footnote 25] 

Officials representing Intelligence Community agencies reported that 
they are sharing information with one another through a separate 
classified database known as Scattered Castles. Scattered Castles is a 
repository for records from all intelligence agencies by which each 
agency uploads relevant information from individual agency databases. 
All personnel who have access to Sensitive Compartmented Information 
are listed in Scattered Castles.[Footnote 26] This system is not 
linked to OPM's Central Verification System because of concerns about 
protecting classified information. According to ODNI officials, the 
system has not been linked to nonintelligence databases because of the 
need to protect information on covert personnel. However, officials 
representing Intelligence Community agencies stated that they do enter 
some information from DOD's Joint Personnel Adjudication System into 
Scattered Castles. 

Although the Intelligence Community maintains a separate database, 
most of the nonintelligence agencies included in our review had some 
access to Scattered Castles and the Intelligence Community is 
exploring alternatives to expand information sharing with 
nonintelligence agencies. Nonintelligence agencies may have access to 
Scattered Castles through Sensitive Compartmented Information 
facilities located in their agency.[Footnote 27] All of the military 
departments, as well as well as the Joint Chiefs of Staff, also had 
some access.[Footnote 28] Moreover, according to agency officials, DOD 
adjudicators with the appropriate clearance and need to know will have 
access to a Sensitive Compartmented Information facility with access 
to Scattered Castles when DOD colocates all of its clearance 
adjudication facilities at Fort Meade in Maryland as part of the DOD 
base realignment and closure process in 2011. According to Performance 
Accountability Council officials, the Performance Accountability 
Council is exploring ways to enhance information sharing between the 
Intelligence Community agencies and the nonintelligence agencies. This 
working group is studying alternatives to support a single-access 
point from which to search clearance information and plans to complete 
its review in December 2010. 

In summary, Madam Chairwoman, our overall observations of the current 
reform efforts are that they represent positive steps to improve the 
clearance process. As we noted in our report, continued personnel 
security clearance reform relies on strong committed executive 
leadership to sustain the momentum created by the current reform 
effort. This type of leadership, in turn, helps provide oversight and 
accountability for the improvement process. Key to these efforts has 
been the Performance Accountability Council, which has provided 
direction for the clearance reform across the federal government. We 
are encouraged that the Performance Accountability Council's efforts 
during the past year have included several actions to improve the 
process. Timeliness data--particularly at DOD--have improved, steps 
have been taken to improve information sharing, and there has been 
focus on honoring reciprocity of existing clearances. However, while 
agencies are moving closer to meeting the objectives and requirements 
of IRTPA, continued oversight and accountability for personnel 
security clearance reform is still needed. 

Madam Chairwoman, this concludes my prepared statement. I would be 
pleased to respond to any questions that you or members of the 
subcommittee may have at this time. 

GAO Contact and Staff Acknowledgments: 

For further information about this statement, please contact Brenda S. 
Farrell at (202) 512-3604 or farrellb@gao.gov. Contact points for our 
Offices of Congressional Relations and Public Affairs may be found on 
the last page of this statement. Key contributors to this statement 
were Liz McNally, Assistant Director; Joseph M. Capuano; Cindy 
Gilbert; Linda Keefer; James Krustapentus; Gregory Marchand; and 
Jillena Roberts. 

[End of section] 

Related GAO Products: 

GAO, Personnel Clearances: Key Factors to Consider in Efforts to 
Reform Security Clearance Processes, [hyperlink, 
http://www.gao.gov/products/GAO-08-352T] (Washington, D.C.: Feb. 27, 
2008). 

DOD Personnel Clearances: Preliminary Observations on DOD's Progress 
on Addressing Timeliness and Quality Issues. [hyperlink, 
http://www.gao.gov/products/GAO-11-185T]. Washington, D.C.: November 
16, 2010. 

Privacy: OPM Should Better Monitor Implementation of Privacy-Related 
Policies and Procedures for Background Investigations. [hyperlink, 
http://www.gao.gov/products/GAO-10-849. Washington, D.C.: September 7, 
2010. 

Personnel Security Clearances: An Outcome-Focused Strategy and 
Comprehensive Reporting of Timeliness and Quality Would Provide 
Greater Visibility over the Clearance Process. [hyperlink, 
http://www.gao.gov/products/GAO-10-117T]. Washington, D.C.: October 1, 
2009. 

Personnel Security Clearances: Progress Has Been Made to Reduce Delays 
but Further Actions Are Needed to Enhance Quality and Sustain Reform 
Efforts. [hyperlink, http://www.gao.gov/products/GAO-09-684T]. 
Washington, D.C.: September 15, 2009. 

Personnel Security Clearances: An Outcome-Focused Strategy Is Needed 
to Guide Implementation of the Reformed Clearance Process. [hyperlink, 
http://www.gao.gov/products/GAO-09-488]. Washington, D.C.: May 19, 
2009. 

DOD Personnel Clearances: Comprehensive Timeliness Reporting, Complete 
Clearance Documentation, and Quality Measures Are Needed to Further 
Improve the Clearance Process. [hyperlink, 
http://www.gao.gov/products/GAO-09-400]. Washington, D.C.: May 19, 
2009. 

High-Risk Series: An Update. [hyperlink, 
http://www.gao.gov/products/GAO-09-271]. Washington, D.C.: January 
2009. 

DOD Personnel Clearances: Preliminary Observations about Timeliness 
and Quality. [hyperlink, http://www.gao.gov/products/GAO-09-261R]. 
Washington, D.C.: December 19, 2008. 

Personnel Security Clearances: Preliminary Observations on Joint 
Reform Efforts to Improve the Governmentwide Clearance Eligibility 
Process. [hyperlink, http://www.gao.gov/products/GAO-08-1050T]. 
Washington, D.C.: July 30, 2008. 

Personnel Clearances: Questions for the Record Regarding Security 
Clearance Reform. [hyperlink, 
http://www.gao.gov/products/GAO-08-965R]. Washington, D.C.: July 14, 
2008. 

Personnel Clearances: Key Factors for Reforming the Security Clearance 
Process. [hyperlink, http://www.gao.gov/products/GAO-08-776T]. 
Washington, D.C.: May 22, 2008. 

Employee Security: Implementation of Identification Cards and DOD's 
Personnel Security Clearance Program Need Improvement. [hyperlink, 
http://www.gao.gov/products/GAO-08-551T]. Washington, D.C.: April 9, 
2008. 

DOD Personnel Clearances: Questions for the Record Related to the 
Quality and Timeliness of Clearances. [hyperlink, 
http://www.gao.gov/products/GAO-08-580R]. Washington, D.C.: March 25, 
2008. 

DOD Personnel Clearances: DOD Faces Multiple Challenges in Its Efforts 
to Improve Clearance Processes for Industry Personnel. [hyperlink, 
http://www.gao.gov/products/GAO-08-470T]. Washington, D.C.: February 
12, 2008. 

Personnel Clearances: Key Factors to Consider in Efforts to Reform 
Security Clearance Processes. [hyperlink, 
http://www.gao.gov/products/GAO-08-352T]. Washington, D.C.: February 
27, 2008. 

DOD Personnel Clearances: Improved Annual Reporting Would Enable More 
Informed Congressional Oversight. [hyperlink, 
http://www.gao.gov/products/GAO-08-350]. Washington, D.C.: February 
13, 2008. 

DOD Personnel Clearances: Delays and Inadequate Documentation Found 
for Industry Personnel. [hyperlink, 
http://www.gao.gov/products/GAO-07-842T]. Washington, D.C.: May 17, 
2007. 

High Risk Series: An Update. [hyperlink, 
http://www.gao.gov/products/GAO-07-310. Washington, D.C.: January 2007. 

DOD Personnel Clearances: Additional OMB Actions Are Needed to Improve 
the Security Clearance Process. [hyperlink, 
http://www.gao.gov/products/GAO-06-1070. Washington, D.C.: September 
28, 2006. 

DOD Personnel Clearances: Questions and Answers for the Record 
Following the Second in a Series of Hearings on Fixing the Security 
Clearance Process. [hyperlink, 
http://www.gao.gov/products/GAO-06-693R]. Washington, D.C.: June 14, 
2006. 

DOD Personnel Clearances: New Concerns Slow Processing of Clearances 
for Industry Personnel. [hyperlink, 
http://www.gao.gov/products/GAO-06-748T]. Washington, D.C.: May 17, 
2006. 

DOD Personnel Clearances: Funding Challenges and Other Impediments 
Slow Clearances for Industry Personnel. [hyperlink, 
http://www.gao.gov/products/GAO-06-747T]. Washington, D.C.: May 17, 
2006. 

Questions for the Record Related to DOD's Personnel Security Clearance 
Program and the Government Plan for Improving the Clearance Process. 
[hyperlink, http://www.gao.gov/products/GAO-06-323R]. Washington, 
D.C.: January 17, 2006. 

DOD Personnel Clearances: Government Plan Addresses Some Long-standing 
Problems with DOD's Program, But Concerns Remain. [hyperlink, 
http://www.gao.gov/products/GAO-06-233T]. Washington, D.C.: November 
9, 2005. 

DOD Personnel Clearances: Some Progress Has Been Made but Hurdles 
Remain to Overcome the Challenges That Led to GAO's High-Risk 
Designation. [hyperlink, http://www.gao.gov/products/GAO-05-842T]. 
Washington, D.C.: June 28, 2005. 

High-Risk Series: An Update. [hyperlink, 
http://www.gao.gov/products/GAO-05-207]. Washington, D.C.: January 
2005. 

[End of section] 

Footnotes: 

[1] GAO, High-Risk Series: An Update, [hyperlink, 
http://www.gao.gov/products/GAO-05-207] (Washington, D.C.: January 
2005); High-Risk Series: An Update, [hyperlink, 
http://www.gao.gov/products/GAO-07-310] (Washington, D.C.: January 
2007); and High-Risk Series: An Update, [hyperlink, 
http://www.gao.gov/products/GAO-09-271] (Washington, D.C.: January 
2009). 

[2] Pub. L. No. 108-458, § 3001 (2004) (codified at 50 U.S.C. 435b). 
While IRTPA was a far-reaching act with many broad implications, our 
references to it throughout this testimony pertain solely to section 
3001, unless otherwise specified. 

[3] This team also now includes representatives of the Office of 
Management and Budget and Office of Personnel Management. 

[4] [hyperlink, http://www.gao.gov/products/GAO-09-271]. 

[5] In the past three years, GAO has also testified on security 
clearance reform before (1) the Subcommittee on Oversight of 
Government Management, the Federal Workforce, and the District of 
Columbia, Senate Committee on Homeland Security and Governmental 
Affairs; (2) the Subcommittee on Government Management, Organization, 
and Procurement, House Committee on Oversight and Government Reform; 
and (3) the Subcommittee on Readiness, House Committee on Armed 
Services. 

[6] Pub. L. No. 111-259, §367 (2010). 

[7] We met with DOD officials from the Air Force, Army, Navy, Defense 
Industrial Security Clearance Office, Defense Intelligence Agency, 
Defense Office of Hearings and Appeals, Washington Headquarters 
Service, and Joint Chiefs of Staff Central Adjudication Facilities. 

[8] We met with officials from the Central Intelligence Agency, 
Defense Intelligence Agency, Federal Bureau of Investigation, National 
Geospatial-Intelligence Agency, National Reconnaissance Office, 
National Security Agency, and the Department of State. 

[9] We met with officials from the Departments of Energy, Health and 
Human Services, Homeland Security, Justice, the Treasury, and Veterans 
Affairs. We selected agencies based on their ability to meet a 
combination of one or more of the following criteria: (1) utilizes OPM 
to conduct security clearance investigations, (2) conducts an average 
of at least 5,000 cases per year, (3) is an Intelligence Community 
agency, or (4) is a member of the Performance Accountability Council. 
Because this is a nonprobability sample, our findings do not 
generalize to the agencies that we did not include in our review. 

[10] Our analysis of timeliness data does not include the following 
elements of the agencies in our review: Department of Homeland 
Security: Homeland Security Headquarters, Immigration and Customs 
Enforcement, U.S. Secret Service, U.S. Customs and Border Protection, 
select positions in the U.S. Coast Guard; Department of Justice: 
Bureau of Alcohol, Tobacco, Firearms and Explosives; and Department of 
the Treasury: Bureau of the Public Debt, Bureau of Engraving and 
Printing. 

[11] Pub. L. No. 108-458, § 3001 (2004) (codified at 50 U.S.C. § 
435b). According to IRTPA, this period shall include a period of not 
longer than 40 days to complete the investigative phases of the 
clearance review and a period of not longer than 20 days to complete 
the adjudicative phase of the clearance review. These measures apply 
to initial personnel security clearances (i.e., cases in which 
individuals who enter positions in government or industry that require 
a clearance do not have a clearance or have not been granted 
reciprocity). 

[12] The Performance Accountability Council timeliness reports on 
initial clearance include DOD secret/confidential renewal cases. 

[13] The Intelligence Authorization Act for Fiscal Year 2010 extended 
this reporting requirement beyond 2011. Pub.L. No. 111-259, § 367 
(2010). 

[14] Pub. L. No. 108-458, § 3001(d) (2004) (codified at 50 U.S.C. 
435b(d)). 

[15] ODNI Intelligence Community Policy Guidance 704.4, Reciprocity of 
Personnel Security Clearance and Access Determinations (Oct. 2, 2008). 

[16] Office of Management and Budget, Memorandum for Deputies of 
Executive Departments and Agencies: Reciprocal Recognition of Existing 
Personnel Security Clearances. (Dec. 12, 2005); Office of Management 
and Budget, Memorandum for Deputies of Executive Departments and 
Agencies: Reciprocal Recognition of Existing Personnel Security 
Clearances (July 17, 2006). 

[17] Intelligence Community Standard 2008-700-1 defines scope as the 
time period to be covered and the sources of information to be 
contacted during the prescribed course of a personnel security 
investigation. OMB considers significant scope deficiencies to be 
deviations. Therefore, agencies are not required to honor a previous 
clearance that is not "in-scope". Furthermore, challenges identified 
in this section of the report may not apply to "out-of-scope" 
clearances. 

[18] GAO, Personnel Clearances: Key Factors to Consider in Efforts to 
Reform Security Clearance Processes, [hyperlink, 
http://www.gao.gov/products/GAO-08-352T] (Washington, D.C.: Feb. 27, 
2008). 

[19] GAO, Personnel Security Clearances: An Outcome-Focused Strategy 
Is Needed to Guide Implementation of the Reformed Clearance Process, 
[hyperlink, http://www.gao.gov/products/GAO-09-488] (Washington, D.C.: 
May 19, 2009). 

[20] [hyperlink, http://www.gao.gov/products/GAO-08-352T]. 

[21] Pub. L. No. 108-458, § 3001 (e) (2004) (codified at 50 U.S.C. § 
435b(e)). 

[22] Joint Security Clearance Process Reform Team, Enterprise 
Information Technology Strategy (Washington, D.C., Mar. 17, 2009); 
Joint Security Clearance Process Reform Team, Security and Suitability 
Process Reform (Washington, D.C., April 2008 and updated December 
2008); and Joint Security and Suitability Reform Team, Security and 
Suitability Process Reform: Strategic Framework (Washington, D.C.: 
February 2010). 

[23] Joint Security and Suitability Reform Team, Enterprise 
Information Technology Strategy (Washington, D.C.: Mar. 17, 2009). 

[24] Joint Security and Suitability Reform Team, Security and 
Suitability Process Reform: Strategic Framework (Washington, D.C.: 
February 2010). 

[25] DOD data available through this single entry point include names, 
Social Security numbers, and date and type of investigation. 

[26] Sensitive Compartmented Information is classified intelligence 
information derived from intelligence sources, methods, or analytical 
processes that is required to be protected within formal access 
control systems established and overseen by the Director of National 
Intelligence. 

[27] The nonintelligence, non-DOD agencies include the Department of 
Energy, Department of Justice, Department of the Treasury, Department 
of Homeland Security, Department of Health and Human Services, and 
Department of Veterans Affairs. 

[28] The Army Central Adjudication Facility said that its access was 
on a case-by-case basis. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO’s Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: