This is the accessible text file for GAO report number GAO-11-232T entitled 'Personal Security Clearances: Overall Progress Has Been Made to Reform the Governmentwide Security Clearance Process' which was released on December 1, 2010. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Testimony: Before the Subcommittee on Intelligence Community Management, Permanent Select Committee on Intelligence, U.S. House of Representatives: United States Government Accountability Office: GAO: For Release on Delivery: Expected at 1:00 p.m. EDT: Wednesday, December 1, 2010: Personal Security Clearances: Overall Progress Has Been Made to Reform the Governmentwide Security Clearance Process: Statement of Brenda S. Farrell, Director: Defense Capabilities and Management: GAO-11-232T: [End of section] Madam Chairwoman, Ranking Member Myrick, and Members of the Subcommittee: Thank you for the opportunity to be here today to discuss our key findings and recommendations in our report that we are releasing today on some aspects of personnel security clearance reforms. As you know, we conducted our review in response to a request from you, Madam Chairwoman, and Mr. Holt. This is the fourth in a series of hearings, in which you have asked GAO to testify; and this Subcommittee's continued oversight has helped focus attention on the need for personnel security reform. Personnel security clearances allow government and industry personnel to gain access to classified information that through unauthorized disclosure, can in some cases cause exceptionally grave damage to U.S. national security. The July 2010 and subsequent October 2010 recent unauthorized leak of almost 500,000 classified documents posted to the Internet related to the ongoing war in Afghanistan and Iraq provides a cogent example of the inherent risks involved when granting an individual a security clearance. To ameliorate these risks, government agencies rely on a multiphased personnel security clearance process. However, with the increase in demand over the past decade for personnel with security clearances, we and others have identified problems with the security clearance process with respect to delays and incomplete documentation. As a result, we have designated the Department of Defense's (DOD) clearance program--which represents a vast majority of the initial security clearances adjudicated by the federal government--as a high-risk area since 2005.[Footnote 1] In light of long-standing concerns regarding delays in processing clearances and other issues, Congress set objectives and established requirements for improving the clearance process in section 3001 of the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA). [Footnote 2] IRTPA established objectives for timeliness, requirements for reciprocity--an agency's acceptance of a background investigation or clearance determination completed by any authorized investigative or adjudicative agency--and an integrated, secure database to house clearance information. In 2007, DOD and the Office of the Director of National Intelligence (ODNI) formed the Joint Security Clearance Process Reform Team, known as the Joint Reform Team, to transform the security clearance process governmentwide.[Footnote 3] In the following year, Executive Order 13467 was issued, establishing the Suitability and Security Clearance Performance Accountability Council (Performance Accountability Council) that is responsible for driving the implementation of reform and is accountable to the President for achieving the reform effort's goals. This governance structure was put in place, in part, to sustain the momentum of clearance reforms. (See figure 1 for key events related to security clearance reform.) Figure 1: Key Events Related to the Security Clearance Reform Effort: [Refer to PDF for image: time line] December 17, 2004: Intelligence Reform and Terrorist Prevention Act passed. January 2005: Government Accountability Office places Department of Defense’s clearance program on its high-risk list. June 27, 2005: Executive Order 13881 designates the Office of Management and Budget the single entity to ensure centralization, uniformity, and reciprocity of security clearance policies. November 2005: Office of Management and Budget issues a plan for improving the security clearance process. June 25, 2007: The Joint Reform Team is formed to develop a plan for clearance reform, including research priorities and an information technology strategy, to achieve IRTPA goals. April 30, 2008: The Joint Reform Team issues a report on reforming the security clearance and suitability process. June 30, 2008: Executive Order 13467 establishes the Performance Accountability Council to drive implementation of the reform effort and designated the Office of Management and Budget’s Deputy Director for Management as Chair. December 18, 2008: The Joint Reform Team issues a report outlining reform progress and further plans. March 17, 2009: The Joint Reform Team issues an Enterprise Information Technology Strategy to support the reformed security and suitability process. February 16, 2010: The Performance Accountability Council issues a strategic framework to articulate the goals of the security and suitability process reform. May 31, 2010: The Performance Accountability Council develops quality measures[A] that it believes will identify specific quantifiable targets linked to goals that are intended to be measured objectively and ultimately gauge progress and assess the quality of the personnel security clearance process. Source: GAO analysis. [A] The Quality Metrics are proposed measures. [End of figure] We have previously noted that top leadership must be committed to organizational transformation.[Footnote 4] To this end, committed executive leadership has worked to reform the personnel security clearance process by improving timeliness and developing quality measures. Congressional oversight through hearings held by this subcommittee in February, July, and September 2008 and in October 2009 has helped focus attention on the need for security clearance reform. [Footnote 5] In addition, the recently passed Intelligence Authorization Act for Fiscal Year 2010 requires reports by the President on the security clearance process, including information on timeliness and quality.[Footnote 6] As noted earlier, my statement today will highlight the key findings and recommendations from the report we are issuing today. Specifically, I will focus on the extent to which select executive branch agencies (1) investigate and adjudicate initial personnel security clearance applications for civilian, military, and industry personnel in a timely manner; (2) honor previously granted personnel security clearances and the challenges, if any, that exist related to reciprocity; and (3) share personnel clearance information in a single, integrated database. The scope of our audit work included DOD,[Footnote 7] select agencies within the Intelligence Community,[Footnote 8] and a nonprobability sample of six executive branch agencies that use the Office of Personnel Management (OPM) to conduct background investigations. [Footnote 9] The agencies we selected in our review account for approximately 98 percent of initial clearance cases governmentwide annually. To assess timeliness, reciprocity, and the sharing of information in a single, integrated database, we analyzed the requirements specified in IRTPA related to timeliness, reciprocity, and the creation of a single database; obtained and reviewed first, second and third quarter data for fiscal year 2010 on executive branch agencies, including Intelligence Community agencies, provided by the Performance Accountability Council Subcommittee on Performance Measures and Management, which were current as of August 2010; obtained and reviewed quarterly data for the executive branch agencies provided by OPM for the same time periods; and analyzed executive branch reports to Congress, executive orders, OPM memorandums, and agency guidance related to security clearances.[Footnote 10] To supplement our analysis, we also interviewed agency officials, security managers, and adjudicators from our selected list of agencies that are knowledgeable about timeliness, reciprocity and security clearance databases. We assessed the reliability of the data and determined that the data are sufficiently reliable for our purposes. Our review was performed from October 2009 through November 2010 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our objectives. Significant Overall Progress has been Made to Improve Timeliness, but Some Agencies Continue to Face Challenges in Meeting Timeliness Objectives: As we note in our report, significant overall progress has been made to improve timeliness, largely due to DOD, which comprises the vast majority of clearances. IRTPA established an objective for each authorized adjudicative agency to "make a determination on at least 90 percent of all applications for a personnel security clearance within an average of 60 days from the date of receipt of the completed application by an authorized investigative agency" by December 17, 2009.[Footnote 11] This means that under the current statutory timeliness objective, the executive branch can exclude the slowest 10 percent and then report on an average of the remaining clearances. IRTPA includes 40 days for investigations and 20 days for adjudications within this 60-day average period. As shown in figure 2, DOD, the Department of Energy, and the National Geospatial- Intelligence Agency met the 60-day timeliness objective in all three quarters of fiscal year 2010. We also found that timeliness varied widely among executive branch agencies. During the first three quarters of fiscal year 2010, the average for the fastest 90 percent of cases adjudicated by the 14 agencies included in our review ranged from 22 to 96 days for investigation timeliness, 2 to 59 days for adjudication timeliness, and 30 to 154 days for combined timeliness. [Footnote 12] Figure 2: Average Of The Fastest 90 Percent Of Initial Clearance Cases For Select Executive Branch Agencies: [Refer to PDF for image: illustrated table] No delegated authority[A]: Department of Defense[B]: Investigations (40 days): First quarter: 42 days; Second quarter: 45 days; Third quarter: [Check]; Adjudication (20 days): First quarter: [Check]; Second quarter: [Check]; Third quarter: [Check]; Combined (60 days): First quarter: [Check]; Second quarter: [Check]; Third quarter: [Check]. Department of Homeland Security: Investigations (40 days): First quarter: 48 days; Second quarter: 51 days; Third quarter: 49 days; Adjudication (20 days): First quarter: 48 days; Second quarter: 59 days; Third quarter: 57 days; Combined (60 days): First quarter: 96 days; Second quarter: 110 days; Third quarter: 106 days. Department of Energy: Investigations (40 days): First quarter: 47 days; Second quarter: 45 days; Third quarter: 44 days; Adjudication (20 days): First quarter: [Check]; Second quarter: [Check]; Third quarter: [Check]; Combined (60 days): First quarter: [Check]; Second quarter: [Check]; Third quarter: [Check]. Department of Justice: Investigations (40 days): First quarter: 60 days; Second quarter: 68 days; Third quarter: 63 days; Adjudication (20 days): First quarter: 42 days; Second quarter: 44 days; Third quarter: 28 days; Combined (60 days): First quarter: 102 days; Second quarter: 112 days; Third quarter: 91 days. Department of the Treasury: Investigations (40 days): First quarter: 54 days; Second quarter: 56 days; Third quarter: 52 days; Adjudication (20 days): First quarter: 54 days; Second quarter: 27 days; Third quarter: 46 days; Combined (60 days): First quarter: 108 days; Second quarter: 83 days; Third quarter: 98 days. Department of Health and HUman Services: Investigations (40 days): First quarter: 52 days; Second quarter: 53 days; Third quarter: 47 days; Adjudication (20 days): First quarter: [Check]; Second quarter: [Check]; Third quarter: [Check]; Combined (60 days): First quarter: 65 days; Second quarter: 70 days; Third quarter: [Check]. Department of Veterans Affairs: Investigations (40 days): First quarter: 54 days; Second quarter: 78 days; Third quarter: 70 days; Adjudication (20 days): First quarter: 31 days; Second quarter: [Check]; Third quarter: 26 days; Combined (60 days): First quarter: 85 days; Second quarter: 93 days; Third quarter: 96 days. Delegated authority[A]: Defense Intelligence Agency: Investigations (40 days): First quarter: 55 days; Second quarter: [Check]; Third quarter: 49 days; Adjudication (20 days): First quarter: [Check]; Second quarter: [Check]; Third quarter: [Check]; Combined (60 days): First quarter: 80 days; Second quarter: 68 days; Third quarter: 78 days. National Security Agency[C]: Investigations (40 days): First quarter: 70 days; Second quarter: 59 days; Third quarter: 49 days; Adjudication (20 days): First quarter: [Check]; Second quarter: [Check]; Third quarter: [Check]; Combined (60 days): First quarter: 80 days; Second quarter: 68 days; Third quarter: [Check]. National Geospatial-Intelligence Agency; Investigations (40 days): First quarter: [Check]; Second quarter: [Check]; Third quarter: [Check]; Adjudication (20 days): First quarter: 31 days; Second quarter: [Check]; Third quarter: [Check]; Combined (60 days): First quarter: [Check]; Second quarter: [Check]; Third quarter: [Check]. Central Intelligence Agency: Investigations (40 days): First quarter: 78 days; Second quarter: 85 days; Third quarter: 96 days; Adjudication (20 days): First quarter: 49 days; Second quarter: 47 days; Third quarter: 58 days; Combined (60 days): First quarter: 127 days; Second quarter: 132 days; Third quarter: 154 days. Federal Bureau of Investigations: Investigations (40 days): First quarter: 76 days; Second quarter: 75 days; Third quarter: [Check]; Adjudication (20 days): First quarter: [Check]; Second quarter: [Check]; Third quarter: [Check]; Combined (60 days): First quarter: 82 days; Second quarter: 78 days; Third quarter: [Check]. National Reconnaissance Office: Investigations (40 days): First quarter: [Check]; Second quarter: [Check]; Third quarter: [Check]; Adjudication (20 days): First quarter: 31 days; Second quarter: 58 days; Third quarter: 36 days; Combined (60 days): First quarter: [Check]; Second quarter: 85 days; Third quarter: 62 days. Department of State: Investigations (40 days): First quarter: 43 days; Second quarter: 47 days; Third quarter: 48 days; Adjudication (20 days): First quarter: [Check]; Second quarter: [Check]; Third quarter: [Check]; Combined (60 days): First quarter: [Check]; Second quarter: 54 days; Third quarter: [Check]. Source: Performance Accountability Council data. Note: The data provided by the Performance Accountability Council was provided in August 2010. We assessed the reliability of the data and determined that the data are sufficiently reliable for our purposes. [A] Agencies without delegated authority rely on OPM to conduct their background investigations, while agencies with delegated authority have been authorized to conduct their own background investigations. As such, timeliness data for agencies without delegated authority are a reflection of OPM's timeliness. [B] DOD's clearance workload comprises a vast majority of clearances. The Performance Accountability Council timeliness reports on initial clearances include DOD secret/confidential renewal cases. A prior GAO review and OPM officials' estimates of DOD clearance timeliness in fiscal year 2009 indicated that confidential and secret level clearances, whether initial or renewal, generally took the same amount of time to investigate. Furthermore, the Defense Personnel Security Research Center - a DOD entity dedicated to improving the effectiveness, efficiency, and fairness of the DOD personnel security system - issued a working paper that showed that average adjudication timeliness did not substantially differ between initial and renewal secret clearance cases for DOD using first, second, and third quarters of data for fiscal year 2008. [C] According to National Security Agency officials, because of the nature of the National Security Agency's initiation and investigation requirements, reported investigation times include additional steps, such as suitability determination investigations. [End of figure] Based on our discussions with agency officials, we identified a number of challenges to agencies meeting IRTPA timeliness objectives, including variances among the agencies in adopting information technology due to resource and personnel limitations, and additional agency-specific requirements that must be met before granting a security clearance. For example, agency officials with whom we spoke explained that there is a variance in agencies' adoption of the Electronic Questionnaire for Investigation Processing (e-QIP). According to these officials, e-QIP has sped up investigation timeliness for agencies that have adopted this technology because it provides OPM with more complete and better quality data earlier in the process. However, resource constraints are a limiting factor in agencies' adoption of this type of technology. In addition, agency- specific requirements can affect timeliness. For example, timeliness for the Intelligence Community has varied because of unique issues related to conditions of employment that require polygraphs or psychological evaluations that extend beyond the standard background investigation. The Performance Accountability Council is responsible for driving implementation of the reform effort and ensuring accountability, but has not reported on the impediments to meeting timeliness objectives or plans to address impediments. IRTPA's security clearance reform provision requires annual reports to the appropriate congressional committees--through 2011--on the progress made during the preceding year toward meeting its requirements, including timeliness data and a discussion of any impediments to the smooth and timely functioning of its requirements.[Footnote 13] However, in its most recent report to Congress, the Performance Accountability Council did not provide information on the impediments agencies face in meeting timeliness objectives or plans to address impediments. While the Office of the Director of National Intelligence, in the capacity as Security Executive Agent, has performed a limited number of oversight audits, according to officials we met with at four agencies, the Performance Accountability Council has not met with them to identify the impediments to meeting the timeliness objectives. The Performance Accountability Council has focused its efforts on DOD due, in part, to the DOD security clearance program's designation as one of GAO's high- risk areas, as well as the fact that DOD clearances comprise the vast majority of clearance cases that are processed annually. We found that because of the relative size of DOD's clearance program, DOD's progress toward meeting IRTPA's timeliness objectives is a significant factor in reducing the average time required for clearance processing for the government as a whole. However, the Performance Accountability Council's February 2010 annual report to Congress lacked an identification of the impediments other agencies face to meeting timeliness objectives and did not identify mitigation strategies or action plans. Furthermore, the Performance Accountability Council officials stated that, they began conducting one-on-one meetings with individual agencies in September 2010 to enhance communication, assist in implementation planning, and provide a feedback mechanism for agency stakeholders to communicate information and needs to the Joint Reform Team. To further improve timeliness across the federal government, we recommended that the Deputy Director of Management, Office of Management and Budget, in the capacity as Chair of the Performance Accountability council, collaborate with agencies that are not meeting timeliness objectives to take the following actions: (1) identify challenges to timeliness; (2) develop mitigation strategies to enable each agency to comply with the IRTPA timeliness objectives; (3) set timelines for accomplishing the required actions; (4) monitor agency progress; and (5) report on these plans and progress in the annual reports to Congress. OMB concurred with our recommendation, noting through oral comments that the Performance Accountability council was committed to the timeliness goals of IRTPA and that it was working with agencies currently not meeting the IRTPA timeliness goals by taking steps to assist these agencies. As noted in my statement today, we are strongly encouraged by the progress that the Performance Accountability Council has made over the last few years to reduce overall timeliness. If implemented in accordance with our recommendations, the Performance Accountability Council's actions to assist the agencies in developing plans to implement the reformed approach appear to be a positive step in helping sustain the momentum of security clearance reform. Executive Agencies Often Grant Reciprocity, Although Challenges Exist to Measuring and Tracking Reciprocity: Agency officials stated that they routinely take steps to honor previously granted security clearances; however, there are no governmentwide metrics to comprehensively track when and why reciprocity is granted or denied. IRTPA generally requires that all security clearance investigations and determinations be accepted by all agencies, with limited exceptions when necessary for national security purposes.[Footnote 14] Further, ODNI guidance signed in October 2008 amplifies this reciprocity requirement, stating that except in limited circumstance, all Intelligence Community elements are to "accept all in-scope security clearance or access determinations."[Footnote 15] Similarly, the Office of Management and Budget (OMB) issued guidance[Footnote 16] requiring agencies to reciprocally accept clearances when the prior clearance is current, in- scope,[Footnote 17] and there is no new derogatory information, among other things. However, agency officials stated that in some cases, they find it necessary to take additional steps to address limitations with available information before granting a reciprocal clearance. For example, although no single, integrated database exists and information currently being shared between agencies may be insufficient, agencies request additional information, such as copies of the original background investigation. Moreover, because of the different types of background investigations required by individual agencies, agencies may perform additional investigative work or request a new background investigation. In addition to addressing limitations with available information, agency officials reported that additional steps must sometimes be taken to conduct suitability determinations or ensure that a prior clearance investigation and adjudication meet their standards before granting reciprocity. All federal agencies conduct basic suitability determinations to ensure that the applicant's character or conduct is appropriate for the position in question, but some agencies take additional actions to determine the suitability of applicants before they reciprocate a security clearance. For example, the Department of Justice must take steps to ensure that applicants for jobs with the Drug Enforcement Administration have not used drugs, according to agency officials. Similarly, the Intelligence Community requires a polygraph evaluation, among other things, to determine suitability for most positions, according to intelligence officials. Some agencies take steps to ensure that a prior clearance meets their quality expectations. Most agency officials stated that the lack of governmentwide standardized training and certification process for investigators and adjudicators is a challenge to immediately reciprocating a security clearance. Without governmentwide standardized training and certification, agencies cannot be certain that a subject's prior clearance investigation and adjudication meet the quality expectations of the inquiring agency. Consequently, as we have previously reported, agencies are reluctant to be accountable for investigations and/or adjudications conducted by other agencies or organizations.[Footnote 18] Although OPM has developed some training, security clearance investigators and adjudicators are not required to complete a certain type or number of classes. However, the annual reports to Congress indicate that the Performance Accountability Council is taking steps to make investigations and adjudications more consistent across the government by standardizing the training of investigators and adjudicators.[Footnote 19] While the Performance Accountability Council has identified reciprocity as a governmentwide strategic goal, there is no clear evidence to show the extent to which reciprocity is granted because agencies lack comprehensive, standardized metrics to track reciprocity. We previously reported that developing metrics for assessing and regularly monitoring all aspects of the clearance process could add value in current and future reform efforts as well as supply better information for greater congressional oversight. [Footnote 20] However, we found that agencies do not consistently document the additional steps they have taken prior to granting a reciprocal clearance. For example, the Navy keeps electronic documentation, the Department of Energy and the Department of the Treasury keep paper documentation, and the Army and the Air Force do not maintain any documentation on the additional steps taken to accept a previously granted security clearance. Consequently, there is no consistent tracking of the amount of staff time spent on the additional actions that are taken to honor a previously granted security clearance. In addition, agencies do not consistently and comprehensively track the extent to which reciprocity is granted. While OPM has a metric to track reciprocity, this metric captures limited information, such as numbers of requested and rejected investigations, but not the number of cases in which a previously granted security clearance was or was not honored. Similarly, the metrics proposed by the Performance Accountability Council do not track the extent to which reciprocity is or is not ultimately honored. For example, metrics proposed by the Performance Accountability Council, such as the number of duplicate requests for investigations, percentage of applications submitted electronically, number of electronic applications submitted by applicants but rejected by OPM as unacceptable because of missing information or forms, and percentage of fingerprint submissions determined to be "unclassifiable" by the Federal Bureau of Investigation, provide useful information but do not track the extent to which reciprocity is or is not ultimately honored. Without comprehensive, standardized metrics to track reciprocity, and documentation of the process, decision makers lack a complete picture of the extent to which reciprocity is granted and the challenges to honoring previously granted security clearances. To further improve governmentwide reciprocity, we recommended that the Deputy Director of Management, Office of Management and Budget, in the capacity as Chair of the Performance Accountability Council, develop comprehensive metrics to track reciprocity and then report the findings from the expanded tracking to Congress. OMB concurred with our recommendation, stating that the Performance Accountability Council is working to develop these additional metrics. We are encouraged by the Performance Accountability Council's development of quality metrics, which include some metrics for tracking reciprocity. Although these are positive steps that can contribute to greater visibility over the clearance process, these measures have not yet been fully implemented and we are continuing to examine these efforts as part of our ongoing work. Although There are No Plans to Develop a Single, Integrated Database, Steps Have Been Taken to Upgrade Existing Systems and Increase Information Sharing: Although there are no plans to develop a single, integrated database as called for in IRTPA, the Performance Accountability Council is focusing on leveraging existing systems and increasing information sharing by developing a single search capability through OPM's system, the Central Verification System. IRTPA required that no later than 12 months after the date of its enactment, the Director of OPM and the Director of OMB establish and commence operating and maintaining a single, integrated database of security clearance information. [Footnote 21] This database was to house information regarding the granting, denial, or revocation of security clearances or access pertaining to military, civilian, and contractor personnel, from all authorized investigative and adjudicative agencies. However, the Performance Accountability Council is not pursuing a single, integrated database, according to our analysis of a series of recent reports that the Joint Reform Team issued from 2008 through 2010. [Footnote 22] For example, according to the Enterprise Information Technology Strategy, the Performance Accountability Council has opted to pursue an approach that leverages existing systems and involves the development of new tools when necessary.[Footnote 23] Similarly, according to the most recent annual report to Congress, the reform efforts are focused on leveraging OPM's existing system--the Central Verification System--to enable access to records on investigations and adjudications.[Footnote 24] Agency officials from both OPM and ODNI confirmed that there are no plans to create a new single, integrated database and explained that establishing, operating, and maintaining a single, integrated database is not a viable option because of concerns related to privacy, security, and data ownership. Privacy concerns involve the unintentional disclosure of personal identifying information, such as names and Social Security numbers. Merging different systems into one database could result in the unintentional disclosure of personal identifying information that could compromise security. For example, since the Intelligence Community's database is classified and separate from the databases used by nonintelligence agencies, even an aggregation of unclassified information from its database could lead to unintentional disclosure of personal identifying information that could compromise security. Moreover, breaches in the system could compromise security. For example, some officials mentioned an enhanced threat from hackers if there were consolidation of multiple information technology systems. Although there are no plans to create a new governmentwide database, officials representing nonintelligence executive branch agencies in our review stated that they are sharing information about personnel who hold or are seeking security clearances through two main databases that can be accessed through a single entry point. Two primary databases are used by nonintelligence agencies to store investigative and adjudicative information, and according to the Performance Accountability Council, they account for decisions on about 90 percent of all security clearance holders in the federal government. Data are stored in either OPM's Central Verification System or DOD's Joint Personnel Adjudication System. The Central Verification System includes security clearance data for all non-Intelligence Community executive branch agencies. The Joint Personnel Adjudication System is a repository for security clearance information on both DOD civilian and military personnel, as well as determinations of contractor clearance eligibility and access for the National Industrial Security Program. Data from the two databases can be searched and obtained from a single entry point in the Central Verification System.[Footnote 25] Officials representing Intelligence Community agencies reported that they are sharing information with one another through a separate classified database known as Scattered Castles. Scattered Castles is a repository for records from all intelligence agencies by which each agency uploads relevant information from individual agency databases. All personnel who have access to Sensitive Compartmented Information are listed in Scattered Castles.[Footnote 26] This system is not linked to OPM's Central Verification System because of concerns about protecting classified information. According to ODNI officials, the system has not been linked to nonintelligence databases because of the need to protect information on covert personnel. However, officials representing Intelligence Community agencies stated that they do enter some information from DOD's Joint Personnel Adjudication System into Scattered Castles. Although the Intelligence Community maintains a separate database, most of the nonintelligence agencies included in our review had some access to Scattered Castles and the Intelligence Community is exploring alternatives to expand information sharing with nonintelligence agencies. Nonintelligence agencies may have access to Scattered Castles through Sensitive Compartmented Information facilities located in their agency.[Footnote 27] All of the military departments, as well as well as the Joint Chiefs of Staff, also had some access.[Footnote 28] Moreover, according to agency officials, DOD adjudicators with the appropriate clearance and need to know will have access to a Sensitive Compartmented Information facility with access to Scattered Castles when DOD colocates all of its clearance adjudication facilities at Fort Meade in Maryland as part of the DOD base realignment and closure process in 2011. According to Performance Accountability Council officials, the Performance Accountability Council is exploring ways to enhance information sharing between the Intelligence Community agencies and the nonintelligence agencies. This working group is studying alternatives to support a single-access point from which to search clearance information and plans to complete its review in December 2010. In summary, Madam Chairwoman, our overall observations of the current reform efforts are that they represent positive steps to improve the clearance process. As we noted in our report, continued personnel security clearance reform relies on strong committed executive leadership to sustain the momentum created by the current reform effort. This type of leadership, in turn, helps provide oversight and accountability for the improvement process. Key to these efforts has been the Performance Accountability Council, which has provided direction for the clearance reform across the federal government. We are encouraged that the Performance Accountability Council's efforts during the past year have included several actions to improve the process. Timeliness data--particularly at DOD--have improved, steps have been taken to improve information sharing, and there has been focus on honoring reciprocity of existing clearances. However, while agencies are moving closer to meeting the objectives and requirements of IRTPA, continued oversight and accountability for personnel security clearance reform is still needed. Madam Chairwoman, this concludes my prepared statement. I would be pleased to respond to any questions that you or members of the subcommittee may have at this time. GAO Contact and Staff Acknowledgments: For further information about this statement, please contact Brenda S. Farrell at (202) 512-3604 or farrellb@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this statement. Key contributors to this statement were Liz McNally, Assistant Director; Joseph M. Capuano; Cindy Gilbert; Linda Keefer; James Krustapentus; Gregory Marchand; and Jillena Roberts. [End of section] Related GAO Products: GAO, Personnel Clearances: Key Factors to Consider in Efforts to Reform Security Clearance Processes, [hyperlink, http://www.gao.gov/products/GAO-08-352T] (Washington, D.C.: Feb. 27, 2008). DOD Personnel Clearances: Preliminary Observations on DOD's Progress on Addressing Timeliness and Quality Issues. [hyperlink, http://www.gao.gov/products/GAO-11-185T]. Washington, D.C.: November 16, 2010. Privacy: OPM Should Better Monitor Implementation of Privacy-Related Policies and Procedures for Background Investigations. [hyperlink, http://www.gao.gov/products/GAO-10-849. Washington, D.C.: September 7, 2010. Personnel Security Clearances: An Outcome-Focused Strategy and Comprehensive Reporting of Timeliness and Quality Would Provide Greater Visibility over the Clearance Process. [hyperlink, http://www.gao.gov/products/GAO-10-117T]. Washington, D.C.: October 1, 2009. Personnel Security Clearances: Progress Has Been Made to Reduce Delays but Further Actions Are Needed to Enhance Quality and Sustain Reform Efforts. [hyperlink, http://www.gao.gov/products/GAO-09-684T]. Washington, D.C.: September 15, 2009. Personnel Security Clearances: An Outcome-Focused Strategy Is Needed to Guide Implementation of the Reformed Clearance Process. [hyperlink, http://www.gao.gov/products/GAO-09-488]. Washington, D.C.: May 19, 2009. DOD Personnel Clearances: Comprehensive Timeliness Reporting, Complete Clearance Documentation, and Quality Measures Are Needed to Further Improve the Clearance Process. [hyperlink, http://www.gao.gov/products/GAO-09-400]. Washington, D.C.: May 19, 2009. High-Risk Series: An Update. [hyperlink, http://www.gao.gov/products/GAO-09-271]. Washington, D.C.: January 2009. DOD Personnel Clearances: Preliminary Observations about Timeliness and Quality. [hyperlink, http://www.gao.gov/products/GAO-09-261R]. Washington, D.C.: December 19, 2008. Personnel Security Clearances: Preliminary Observations on Joint Reform Efforts to Improve the Governmentwide Clearance Eligibility Process. [hyperlink, http://www.gao.gov/products/GAO-08-1050T]. Washington, D.C.: July 30, 2008. Personnel Clearances: Questions for the Record Regarding Security Clearance Reform. [hyperlink, http://www.gao.gov/products/GAO-08-965R]. Washington, D.C.: July 14, 2008. Personnel Clearances: Key Factors for Reforming the Security Clearance Process. [hyperlink, http://www.gao.gov/products/GAO-08-776T]. Washington, D.C.: May 22, 2008. Employee Security: Implementation of Identification Cards and DOD's Personnel Security Clearance Program Need Improvement. [hyperlink, http://www.gao.gov/products/GAO-08-551T]. Washington, D.C.: April 9, 2008. DOD Personnel Clearances: Questions for the Record Related to the Quality and Timeliness of Clearances. [hyperlink, http://www.gao.gov/products/GAO-08-580R]. Washington, D.C.: March 25, 2008. DOD Personnel Clearances: DOD Faces Multiple Challenges in Its Efforts to Improve Clearance Processes for Industry Personnel. [hyperlink, http://www.gao.gov/products/GAO-08-470T]. Washington, D.C.: February 12, 2008. Personnel Clearances: Key Factors to Consider in Efforts to Reform Security Clearance Processes. [hyperlink, http://www.gao.gov/products/GAO-08-352T]. Washington, D.C.: February 27, 2008. DOD Personnel Clearances: Improved Annual Reporting Would Enable More Informed Congressional Oversight. [hyperlink, http://www.gao.gov/products/GAO-08-350]. Washington, D.C.: February 13, 2008. DOD Personnel Clearances: Delays and Inadequate Documentation Found for Industry Personnel. [hyperlink, http://www.gao.gov/products/GAO-07-842T]. Washington, D.C.: May 17, 2007. High Risk Series: An Update. [hyperlink, http://www.gao.gov/products/GAO-07-310. Washington, D.C.: January 2007. DOD Personnel Clearances: Additional OMB Actions Are Needed to Improve the Security Clearance Process. [hyperlink, http://www.gao.gov/products/GAO-06-1070. Washington, D.C.: September 28, 2006. DOD Personnel Clearances: Questions and Answers for the Record Following the Second in a Series of Hearings on Fixing the Security Clearance Process. [hyperlink, http://www.gao.gov/products/GAO-06-693R]. Washington, D.C.: June 14, 2006. DOD Personnel Clearances: New Concerns Slow Processing of Clearances for Industry Personnel. [hyperlink, http://www.gao.gov/products/GAO-06-748T]. Washington, D.C.: May 17, 2006. DOD Personnel Clearances: Funding Challenges and Other Impediments Slow Clearances for Industry Personnel. [hyperlink, http://www.gao.gov/products/GAO-06-747T]. Washington, D.C.: May 17, 2006. Questions for the Record Related to DOD's Personnel Security Clearance Program and the Government Plan for Improving the Clearance Process. [hyperlink, http://www.gao.gov/products/GAO-06-323R]. Washington, D.C.: January 17, 2006. DOD Personnel Clearances: Government Plan Addresses Some Long-standing Problems with DOD's Program, But Concerns Remain. [hyperlink, http://www.gao.gov/products/GAO-06-233T]. Washington, D.C.: November 9, 2005. DOD Personnel Clearances: Some Progress Has Been Made but Hurdles Remain to Overcome the Challenges That Led to GAO's High-Risk Designation. [hyperlink, http://www.gao.gov/products/GAO-05-842T]. Washington, D.C.: June 28, 2005. High-Risk Series: An Update. [hyperlink, http://www.gao.gov/products/GAO-05-207]. Washington, D.C.: January 2005. [End of section] Footnotes: [1] GAO, High-Risk Series: An Update, [hyperlink, http://www.gao.gov/products/GAO-05-207] (Washington, D.C.: January 2005); High-Risk Series: An Update, [hyperlink, http://www.gao.gov/products/GAO-07-310] (Washington, D.C.: January 2007); and High-Risk Series: An Update, [hyperlink, http://www.gao.gov/products/GAO-09-271] (Washington, D.C.: January 2009). [2] Pub. L. No. 108-458, § 3001 (2004) (codified at 50 U.S.C. 435b). While IRTPA was a far-reaching act with many broad implications, our references to it throughout this testimony pertain solely to section 3001, unless otherwise specified. [3] This team also now includes representatives of the Office of Management and Budget and Office of Personnel Management. [4] [hyperlink, http://www.gao.gov/products/GAO-09-271]. [5] In the past three years, GAO has also testified on security clearance reform before (1) the Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia, Senate Committee on Homeland Security and Governmental Affairs; (2) the Subcommittee on Government Management, Organization, and Procurement, House Committee on Oversight and Government Reform; and (3) the Subcommittee on Readiness, House Committee on Armed Services. [6] Pub. L. No. 111-259, §367 (2010). [7] We met with DOD officials from the Air Force, Army, Navy, Defense Industrial Security Clearance Office, Defense Intelligence Agency, Defense Office of Hearings and Appeals, Washington Headquarters Service, and Joint Chiefs of Staff Central Adjudication Facilities. [8] We met with officials from the Central Intelligence Agency, Defense Intelligence Agency, Federal Bureau of Investigation, National Geospatial-Intelligence Agency, National Reconnaissance Office, National Security Agency, and the Department of State. [9] We met with officials from the Departments of Energy, Health and Human Services, Homeland Security, Justice, the Treasury, and Veterans Affairs. We selected agencies based on their ability to meet a combination of one or more of the following criteria: (1) utilizes OPM to conduct security clearance investigations, (2) conducts an average of at least 5,000 cases per year, (3) is an Intelligence Community agency, or (4) is a member of the Performance Accountability Council. Because this is a nonprobability sample, our findings do not generalize to the agencies that we did not include in our review. [10] Our analysis of timeliness data does not include the following elements of the agencies in our review: Department of Homeland Security: Homeland Security Headquarters, Immigration and Customs Enforcement, U.S. Secret Service, U.S. Customs and Border Protection, select positions in the U.S. Coast Guard; Department of Justice: Bureau of Alcohol, Tobacco, Firearms and Explosives; and Department of the Treasury: Bureau of the Public Debt, Bureau of Engraving and Printing. [11] Pub. L. No. 108-458, § 3001 (2004) (codified at 50 U.S.C. § 435b). According to IRTPA, this period shall include a period of not longer than 40 days to complete the investigative phases of the clearance review and a period of not longer than 20 days to complete the adjudicative phase of the clearance review. These measures apply to initial personnel security clearances (i.e., cases in which individuals who enter positions in government or industry that require a clearance do not have a clearance or have not been granted reciprocity). [12] The Performance Accountability Council timeliness reports on initial clearance include DOD secret/confidential renewal cases. [13] The Intelligence Authorization Act for Fiscal Year 2010 extended this reporting requirement beyond 2011. Pub.L. No. 111-259, § 367 (2010). [14] Pub. L. No. 108-458, § 3001(d) (2004) (codified at 50 U.S.C. 435b(d)). [15] ODNI Intelligence Community Policy Guidance 704.4, Reciprocity of Personnel Security Clearance and Access Determinations (Oct. 2, 2008). [16] Office of Management and Budget, Memorandum for Deputies of Executive Departments and Agencies: Reciprocal Recognition of Existing Personnel Security Clearances. (Dec. 12, 2005); Office of Management and Budget, Memorandum for Deputies of Executive Departments and Agencies: Reciprocal Recognition of Existing Personnel Security Clearances (July 17, 2006). [17] Intelligence Community Standard 2008-700-1 defines scope as the time period to be covered and the sources of information to be contacted during the prescribed course of a personnel security investigation. OMB considers significant scope deficiencies to be deviations. Therefore, agencies are not required to honor a previous clearance that is not "in-scope". Furthermore, challenges identified in this section of the report may not apply to "out-of-scope" clearances. [18] GAO, Personnel Clearances: Key Factors to Consider in Efforts to Reform Security Clearance Processes, [hyperlink, http://www.gao.gov/products/GAO-08-352T] (Washington, D.C.: Feb. 27, 2008). [19] GAO, Personnel Security Clearances: An Outcome-Focused Strategy Is Needed to Guide Implementation of the Reformed Clearance Process, [hyperlink, http://www.gao.gov/products/GAO-09-488] (Washington, D.C.: May 19, 2009). [20] [hyperlink, http://www.gao.gov/products/GAO-08-352T]. [21] Pub. L. No. 108-458, § 3001 (e) (2004) (codified at 50 U.S.C. § 435b(e)). [22] Joint Security Clearance Process Reform Team, Enterprise Information Technology Strategy (Washington, D.C., Mar. 17, 2009); Joint Security Clearance Process Reform Team, Security and Suitability Process Reform (Washington, D.C., April 2008 and updated December 2008); and Joint Security and Suitability Reform Team, Security and Suitability Process Reform: Strategic Framework (Washington, D.C.: February 2010). [23] Joint Security and Suitability Reform Team, Enterprise Information Technology Strategy (Washington, D.C.: Mar. 17, 2009). [24] Joint Security and Suitability Reform Team, Security and Suitability Process Reform: Strategic Framework (Washington, D.C.: February 2010). [25] DOD data available through this single entry point include names, Social Security numbers, and date and type of investigation. [26] Sensitive Compartmented Information is classified intelligence information derived from intelligence sources, methods, or analytical processes that is required to be protected within formal access control systems established and overseen by the Director of National Intelligence. [27] The nonintelligence, non-DOD agencies include the Department of Energy, Department of Justice, Department of the Treasury, Department of Homeland Security, Department of Health and Human Services, and Department of Veterans Affairs. [28] The Army Central Adjudication Facility said that its access was on a case-by-case basis. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s Web site, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: