H. Rept. 110-916 - 110th Congress (2007-2008)

Report text available as:

Formatting necessary for an accurate reading of this legislative text may be shown by tags (e.g., <DELETED> or <BOLD>) or may be missing from this TXT display. For complete and accurate display of this text, see the PDF.


House Report 110-916 - SECURITY CLEARANCE REFORM--UPGRADING THE GATEWAY TO THE NATIONAL SECURITY COMMUNITY SUBMITTED BY MR. REYES, CHAIRMAN, PERMANENT SELECT COMMITTEE ON INTELLIGENCE

[House Report 110-916]
[From the U.S. Government Publishing Office]



                                                 Union Calendar No. 591
110th Congress                                                   Report
  2d Session            HOUSE OF REPRESENTATIVES                110-916
                                                               _______________________________________________________________________

   SECURITY CLEARANCE REFORM--UPGRADING THE GATEWAY TO THE NATIONAL 
                           SECURITY COMMUNITY

    SUBMITTED BY MR. REYES, CHAIRMAN, PERMANENT SELECT COMMITTEE ON 
                              INTELLIGENCE


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]


 November 20, 2008.--Committed to the Committee of the Whole House on 
            the State of the Union and ordered to be printed

                               ----------
                         U.S. GOVERNMENT PRINTING OFFICE 

79-006 PDF                       WASHINGTON : 2008





























           SUBCOMMITTEE ON INTELLIGENCE COMMUNITY MANAGEMENT

                    ANNA G. ESHOO, California, Chair
RUSH HOLT, New Jersey                DARRELL ISSA, California, Ranking 
C.A. ``DUTCH'' RUPPERSBERGER,            Member
    Maryland                         MAC THORNBERRY, Texas
MIKE THOMPSON, California            TODD TIAHRT, Kansas
PATRICK J. MURPHY, Pennsylvania      PETER HOEKSTRA, Michigan, ex 
SILVESTRE REYES, Texas, Chairman,        officio
    ex officio
                Mieke Eoyang, Professional Staff Member
                Diane La Voy, Professional Staff Member
                    Josh Resnick, Research Assistant
                 Jamal Ware, Professional Staff Member










































                            C O N T E N T S

                              ----------                              
                                                                   Page
Methodology......................................................     1
Summary..........................................................     1
Security Clearances in the U.S. Government.......................     4
Security Clearances in the Intelligence Community................     6
Long-Standing Congressional Concerns.............................     7
Views of Industry................................................     9
Requirements of the Intelligence Reform and Terrorism Prevention 
  Act of 2004....................................................    11
Implementation Authorities and Plans.............................    13
Assessing Performance Against IRTPA Requirements.................    14
Current Reforms: Issues for Oversight............................    20










                                                 Union Calendar No. 591
110th Congress                                                   Report
  2d Session                 HOUSE OF REPRESENTATIVES           110-916
                                                      
=======================================================================


   SECURITY CLEARANCE REFORM--UPGRADING THE GATEWAY TO THE NATIONAL 
                           SECURITY COMMUNITY

                                _______
                                

 November 20, 2008.--Committed to the Committee of the Whole House on 
            the State of the Union and ordered to be printed

                                _______
                                

    Mr. Reyes, from the Permanent Select Committee on Intelligence, 
                        submitted the following

                              R E P O R T

                              Methodology

    This report was prepared on the basis of transcripts and 
statements for the record used in subcommittee hearings held in 
open session, reports by the Government Accountability Office 
and other publicly available materials. No classified material 
was used in the preparation of this report.

                                Summary

    Security clearances, which are determinations that a person 
is eligible for access to classified information, enable 
millions of Americans to serve our country in the arenas of 
national security, homeland security, and foreign policy. The 
number of federal government employees and contractors 
requiring clearances has expanded in recent decades, especially 
in the aftermath of the September 11, 2001, terrorist attacks. 
As a result, backlogs developed and the length of time for 
processing security clearances grew. In turn, greater awareness 
of the need to share information and promote collaboration 
across government agencies drew attention to the cumbersome and 
outdated nature of the process for granting security clearances 
and for ensuring that clearances granted by one agency permit 
access to the others.
    Under Title III of the Intelligence Reform and Terrorism 
Prevention Act of 2004 (IRTPA), the Office of Personnel 
Management (OPM) assumed responsibility for the majority of 
security clearance investigations, previously performed by the 
Department of Defense (DOD); and the Office of Management and 
Budget (OMB) became the entity responsible for security 
clearance policy and procedures across the U.S. Government.
    Throughout the 110th Congress, the House Permanent Select 
Committee on Intelligence's Subcommittee on Intelligence 
Community Management (the Subcommittee or ICM) has monitored 
the implementation of reforms of the security clearance process 
embodied in IRTPA. It has focused its attention on the 
Intelligence Community, whose personnel hold approximately 10 
percent of the total number of security clearances. The 
Subcommittee's oversight has built on over 25 years of 
congressional concerns about security clearances, including 
numerous studies by Congress's Government Accountability Office 
(GAO).
    A key feature of Title III of IRTPA, which aims to bring 
greater efficiency, speed and interagency reciprocity to the 
clearance process, is the centralization of responsibility. The 
following is a summary of how the requirements of Title III 
have been met.

Centralization of policy oversight and management

            Assessment: Actions have been taken, but progress has been 
                    mixed
    In 2005, President George W. Bush selected OMB to be 
responsible for policy and oversight of the security clearance 
process. OMB, in turn, delegated to OPM responsibility for 
security clearance investigations, to ``maintain security 
clearances, and to integrate security clearance information 
across all agencies.'' \1\
---------------------------------------------------------------------------
    \1\ IRTPA. Sec. 3001(c).
---------------------------------------------------------------------------
    In April 2008, the Administration announced a change to 
that structure, designating a collaborative effort consisting 
of representatives of DOD, OMB, the Office of the Director of 
National Intelligence (ODNI), and OPM, called the Joint 
Security and Suitability Reform Team. The structure, formalized 
by executive order in June 2008, creates a Performance 
Accountability Council to achieve the goals of security 
clearance reform. This Council, to be chaired by OMB's Deputy 
Director for Management, includes the DNI as the ``Security 
Executive Agent'' responsible for security clearances 
government-wide; and affirms the Director of OPM as responsible 
for the federal government's workforce.
    While both the old and new structures seem to meet the 
law's requirements, the first structure did not demonstrate 
concrete results towards several of the IRTPA's requirements. 
While it is too early to evaluate the success of the new 
structure, it appears that steps have been taken to improve the 
system.

Single agency for investigations

            Assessment: The requirement has been partially met
    This provision, which requires that a single agency shall, 
``to the maximum extent practicable,'' be responsible for 
conducting security clearance investigations, has been 
partially implemented. The statute also requires this entity to 
integrate security clearance applications, investigations, and 
determinations into a database, and ensure security clearance 
investigations are conducted under uniform standards and 
requirements.
    For practical purposes, OPM conducts most security 
clearance investigations in the government, but few of the 
investigations for the Intelligence Community. OPM has not met 
the requirements regarding databases. The DNI, as the new 
Security Executive Agent, is undertaking a review of the 
investigative standards and adjudicative guidelines.

Interagency reciprocity

            Assessment: The standard set forth by IRTPA has not been 
                    met
    Although the law requires that ``all security clearance 
background investigations and determinations . . . shall be 
accepted by all agencies,'' policy interpretations by OPM and 
the DNI, and language in various executive orders and 
Administration reports, have been inconsistent. Most 
problematic is that the Administration still does not measure 
progress toward full reciprocity. In practice, security 
clearance adjudications are not fully accepted reciprocally 
across the U.S. Government, and anecdotal information shows 
that even among the elements of the Intelligence Community 
there are impediments and sometimes lengthy delays in granting 
clearances to employees detailed from one agency to another.

Integrated, secure database

            Assessment: The requirement has not been met
    The law calls for a database ``into which appropriate data 
. . . shall be entered from all [emphasis added] authorized 
investigative and adjudicative agencies.'' \2\
---------------------------------------------------------------------------
    \2\ IRTPA. Sec. 3001(e).
---------------------------------------------------------------------------
    OPM and DOD databases have been linked, but they do not 
include data about clearances that are not investigated by OPM, 
such as the Department of Homeland Security and the Department 
of State. Neither do they include Intelligence Community data, 
which is held separately.
    In practice, neither the OPM nor the Intelligence Community 
has enabled the Administration to respond to questions from the 
Subcommittee regarding the number of security clearances that 
are held or how the number has grown.

Evaluate the use of available technologies

            Assessment: This requirement has been met
    The law requires that, by December 2005, OMB submit a 
report to the President and Congress on the results of an 
evaluation of the use of available information technology to 
expedite clearance processes. No such report was produced.
    However, the Joint Reform Team did oversee a series of 
demonstration projects to evaluate new information technology 
(IT) services for the clearance process. The demonstrations 
included evaluations of paperless applications, fingerprint 
scanners, computerized interviews, automated record checks, 
automated reinvestigations, and automated adjudications. An 
integrated, end-to-end pilot is supposed to be conducted in 
coming months. These efforts were reported to Congress in 2008.

Reduce the length of the clearance process

            Assessment: The interim standards for timeliness that were 
                    to have been met by December 2006 were met on 
                    average across all the agencies processing security 
                    clearances
    IRTPA set interim standards for timeliness which required 
that determinations be reached on at least 80 percent of all 
applications within an average of 120 days after receiving the 
application. The Administration reports that the interim 
standard was met in the first quarter of FY 2007. The data 
provided suggest that this standard was not met by each agency, 
and its presentation creates the best possible picture from 
what is, upon closer inspection, a mixed record. Nevertheless, 
the improvement in timeliness achieved by late 2006 was a 
remarkable achievement, particularly by OPM, which had 
inherited large backlogs of clearances to be processed when it 
assumed responsibility for the vast majority of the 
government's security clearances in 2005.
    IRTPA standards require that by December 2009, 90% of all 
applications shall be processed within an average of 60 days. 
This continues to pose a significant challenge for almost all 
agencies.
    The standards for timeliness set forth in IRTPA aggregate 
Top Secret (TS) level clearances with those at the Secret (S) 
or Confidential (C) level. More meaningful measures of progress 
would consider timeliness of the TS clearances separately.

Reporting

            Assessment: The Administration has met the requirements for 
                    annual reports required by IRTPA's Section 3001(h)
    The Administration has missed many of the deadlines set in 
IRTPA, but has met the requirement or made progress towards the 
goals since the deadline. Although progress in security 
clearance reform has been slow, the Subcommittee remains 
committed to ensuring that the security clearance system fully 
accomplishes the mission set forth by the IRTPA. The 
Subcommittee intends to consider legislation early in the 111th 
Congress that would spur security clearance reform by requiring 
agencies to report to Congress on key metrics of the security 
clearance process.

               Security Clearances in the U.S. Government

    A security clearance is a determination that a person is 
eligible for access to classified information. For millions of 
Americans, at least 2.5 million of whom are military service 
members, DOD civilian employees, legislative personnel or 
industry personnel working for DOD and most of the other 
federal agencies,\3\ security clearances are the gateway to 
national service and employment in the arenas of national 
security, homeland security, and foreign policy.
---------------------------------------------------------------------------
    \3\ This estimate excludes personnel in the Intelligence Community, 
Department of State, and the Federal Bureau of Investigation. U.S. 
Government Accountability Office (GAO). Testimony Before the 
Subcommittee on Oversight of Government Management, the Federal 
Workforce, and the District of Columbia, Committee on Homeland Security 
and Governmental Affairs, U.S. Senate ``PERSONNEL CLEARANCES: Key 
Factors for Reforming the Security Clearance Process.'' GAO-08-776T. 
May 22, 2008.
---------------------------------------------------------------------------
    National security information is classified according to 
its level of sensitivity, which is determined by the amount of 
national security damage that its disclosure might cause. 
Determinations of access to classified information, or security 
clearances, are granted according to the same three levels: 
Confidential (C), Secret (S), and Top Secret (TS). Access to 
``sensitive compartmented information'' (SCI) is provided as a 
way of managing certain national security programs in the 
Intelligence Community, while the designation ``Special Access 
Program'' (SAP) is used in the DOD.
    The security clearance process consists of three stages: 
application, investigation, and adjudication. In most cases, 
the first stage consists of completing an application form 
known as an SF-86. Stage two, the investigation, is currently 
done by sending investigators to the field to interview 
neighbors, co-workers, and others. Since 2005, OPM has 
conducted investigations for DOD and all agencies except those 
within the Intelligence Community, the Department of Homeland 
Security and Department of State. These entities conduct their 
own investigations. Stage three, adjudication, occurs when the 
agency reviews the results of the investigation to make a 
determination of fitness for a security clearance. The 
clearance process also includes reinvestigations every five 
years for persons holding TS and TS/SCI clearances, every 10 
years for Secret level clearances, and every 15 years for 
Confidential clearances. Longer and more detailed 
investigations are required for access to the TS and TS/SCI 
level than for the Secret and Confidential level.
    Determinations of suitability for employment are distinct 
from the determinations granting access to classified 
information and facilities. Suitability determinations consider 
whether an individual's character and conduct may have an 
impact on the integrity or efficiency of the service he or she 
would provide as an employee. Security clearance determinations 
consider factors that may make the person a risk to national 
security.
    The number of positions requiring security clearances 
throughout the federal government and the contracting community 
is over two and a half million, and appears to have grown 
substantially in the years since the attacks of September 11, 
2001. Reasons cited for the increase include the growth in 
defense and homeland security jobs; a decade-long trend toward 
privatizing federal jobs; and the increasingly sensitive 
technology that military personnel, government employees and 
contractors come into contact with through their jobs. More and 
more, requests for clearances are for TS level rather than 
Secret. For example, for DOD industry personnel in 1995, 17% of 
the requests were for the TS level, while in 2003, 27% were for 
TS clearances.\4\ The number of security clearances had also 
grown substantially during the decades before 9/11, although it 
is believed to have decreased to some extent in the 1980s and 
early 1990s as a result of efforts to limit government exposure 
to espionage.
---------------------------------------------------------------------------
    \4\ GAO. Testimony before the Subcommittee on Intelligence 
Community Management, Permanent Select Committee on Intelligence, House 
of Representatives. ``Personnel Clearances: Key Factors for Reforming 
the Security Clearance Process. GAO-08-352T. February 27, 2008.
---------------------------------------------------------------------------
    Unfortunately, comprehensive information about the number 
of clearances being processed, or currently held, across the 
U.S. Government is not available. Little historical data is 
available that would permit one to track changes over time.\5\ 
This challenge is indicative of some of the problems to be 
addressed in reforming the security clearance process.
---------------------------------------------------------------------------
    \5\ Responses to HPSCI staff inquiries from OMB, OPM, and ODNI.
---------------------------------------------------------------------------
    Processing large numbers of security clearances and job-
related suitability clearances, as well as keeping up with 
periodic reinvestigations, constitutes a huge management 
challenge. For example, as of January 2007, the federal 
government was processing approximately 1.9 million requests 
for background investigations annually for security clearances 
or for eligibility for employment or to fulfill agencies' other 
requirements.\6\ The DOD, whose uniformed, civilian, and 
industry personnel hold most of the security clearances, has in 
recent years been faulted by Congress for not producing 
accurate projections of the number of clearances that it 
requires or reliable budget predictions for the processing of 
those clearances.\7\
---------------------------------------------------------------------------
    \6\ Report of the Security Clearance Oversight Group Consistent 
with Title III of the Intelligence Reform and Terrorism Prevention Act 
of 2004, February 2007, transmitted by OMB.
    \7\ For example, GAO Testimony before the Subcommittee on 
Intelligence Community Management, Permanent Select Committee on 
Intelligence, House of Representatives. ``Personnel Clearances: Key 
Factors for Reforming the Security Clearance Process. GAO-08-352T. 
February 27, 2008.
---------------------------------------------------------------------------

           Security Clearances in the Intelligence Community

    Approximately one-tenth of the security clearances in the 
federal government are provided by the Intelligence Community, 
consisting of sixteen agencies ranging widely in size and 
function. The clearances are held by both civilian and contract 
personnel.
    The situation with regard to security clearances in the 
Intelligence Community is distinctive in several ways. First, 
for employees or contractors working in the Intelligence 
Community, a security clearance is essential to employment 
because their jobs require access to classified material and to 
intelligence facilities.\8\ Therefore, the security clearance 
performs much of the role that a suitability clearance plays in 
other parts of the government.
---------------------------------------------------------------------------
    \8\ There are a few exceptions, including work at CIA's Open Source 
Center.
---------------------------------------------------------------------------
    Second, a high percentage of the clearances for 
intelligence personnel are at the TS or TS/SCI level \9\, 
whereas in other parts of the government many of the clearances 
are at the Secret or Confidential level. Investigations for the 
TS level require more steps and more time than those conducted 
at the Secret or Confidential level.
---------------------------------------------------------------------------
    \9\ Data maintained by ODNI pertains only to personnel cleared to 
the TS/SCI level; ODNI was not able to tell the Committee what 
proportion of the security clearances in the IC were at that level. 
July 28, 2008, e-mail response from ODNI Kathleen Butler of Legislative 
Affairs to Diane La Voy.
---------------------------------------------------------------------------
    Third, the widespread use by the Intelligence Community of 
classified information may heighten awareness of the need to 
protect sources and methods. This has resulted in each of the 
intelligence agencies developing its own standards for 
investigations and adjudications of security clearances.\10\ 
This situation has not changed since the enactment of IRTPA, 
which required that a single agency in the federal government 
conduct all the investigations ``to the maximum extent 
practicable,'' and that there be one single entity to ensure 
``uniform and consistent policies and procedures'' for all 
security clearance adjudications.
---------------------------------------------------------------------------
    \10\ An exception is that since 2005, reinvestigations of security 
clearances held by DIA and NSA personnel are conducted by OPM, the 
entity selected by the President to conduct the investigations ``to the 
maximum extent practicable.''
---------------------------------------------------------------------------
    Fourth, congressional oversight of security clearances in 
the Intelligence Community has not been as intense or public as 
has oversight of DOD clearances. Until 2008, when the 
Subcommittee requested assistance from GAO, Congress had not 
requested that GAO study security clearances across the 
Intelligence Community.

                  Long-Standing Congressional Concerns

    Reports by GAO show that Congress has had concerns about 
the security clearance process for over twenty-five years. The 
principal concerns in these reports, which have dealt primarily 
with DOD, have varied over time.
    Excessive number of clearances. A number of well-publicized 
espionage cases in the mid-1980s spurred congressional interest 
in limiting the number cleared individuals. One of these cases 
was the John A. Walker, Jr. espionage case in 1985, in which 
the former U.S. Navy communications specialist was accused of 
running a spy ring that was passing classified information to 
the U.S.S.R.
    In response, the Permanent Subcommittee on Investigations 
of the Senate Committee on Governmental Affairs held a week-
long hearing on federal government security clearance 
programs.\11\ During the hearing, that subcommittee expressed 
its concern that the abundance of clearances made the 
protection of state secrets too difficult and recommended that 
the number of cleared individuals should be kept to a minimum. 
In June 1985, the Navy announced that in response to concerns 
about vulnerability to espionage it would reduce cleared 
personnel by 50 percent.\12\ GAO confirmed that during the next 
two years, the number of employees and contractors holding DOD 
clearances fell by about 40 percent.\13\
---------------------------------------------------------------------------
    \11\ Hearing #99-166. April 16-25, 1985.
    \12\ Halloran, Richard. Navy Orders Cut of 50% in Access to 
Security Data. The New York Times. June 12, 1985.
    \13\ GAO. ``DOD Clearance Reduction and Related Issues.'' NSIAD-87-
170BR. September 18, 1987.
---------------------------------------------------------------------------
    In recent years, Congress has been concerned less about 
limiting the overall number of clearances and more concerned 
about how well the executive branch, particularly DOD, 
estimates the number of clearances it will need and then 
manages the cost and workload of processing them all.
    Delays, backlogs. While congressional attention to security 
clearances diminished in the 1990s, the topic became a focus of 
concern in the wake of the terrorist attacks of September 11, 
2001. Recognizing the Intelligence Community's urgent need for 
analysts with foreign language expertise and the increasing 
demand for cleared personnel for homeland security jobs, both 
Congress and the executive branch turned their attention to the 
need to speed up the security clearance process, which by FY 
2004 was taking an average of 392 days for a TS clearance.\14\
---------------------------------------------------------------------------
    \14\ Report of the Security Clearance Oversight Group Consistent 
with Title III of the Intelligence Reform and Terrorism Prevention Act 
of 2004, February 2007, page 3.
---------------------------------------------------------------------------
    A 2004 report by GAO, for example, estimated that DOD had a 
backlog of 270,000 investigations and 90,000 adjudications.\15\ 
In particular, clearances for industry personnel were a growing 
problem. GAO reported that in FY 2003 it took an average of 375 
days to process clearances of all levels needed by 
contractors.\16\ A 2006 GAO study, which looked at 2,259 cases 
of defense industry personnel, found that TS clearances for 
defense industry employees took 446 days, on average.\17\
---------------------------------------------------------------------------
    \15\ GAO. ``DOD Personnel Clearances: Additional Steps Can be Taken 
to Reduce Backlogs and Delays in Determining Security Clearance 
Eligibility for Industry Personnel.'' GAO-04-632. May 26, 2004.
    \16\ Ibid.
    \17\ GAO. Report to Congressional Requesters. ``DOD Personnel 
Clearances: Additional OMB Actions Are Needed to Improve the Security 
Clearance Process. GAO-06-1070. September, 2006.
---------------------------------------------------------------------------
    Congress was concerned about the impacts caused by long 
delays in processing security clearances. Long delays 
discouraged job applicants from pursuing employment with 
federal agencies or contractors and deprived the federal 
government of needed talent. The financial costs of lengthy 
security clearance processes are eventually passed from 
contractors to the federal government and the U.S. taxpayer.
    Consistency of standards and reciprocity. One of the 
earliest issues that Congress pursued with regard to security 
clearances was that of ensuring consistency of standards across 
government agencies. This concern persists. For example, a 1983 
GAO report pointed to the need for the Navy to require 
consistency across its different commands in adjudicating 
security clearances, while an April 2001 GAO report called for 
more consistency across the entire DOD.\18\
---------------------------------------------------------------------------
    \18\ GGD-83-66 and GAO-01-465.
---------------------------------------------------------------------------
    Since the attacks of September 11, 2001, Congress has 
called for government-wide consistency that would permit full 
reciprocity, that is, that all clearances issued by authorized 
agencies across the U.S. Government would be accepted by all 
other agencies. Heightened awareness after 9/11 of the need for 
elements of the Intelligence Community and law enforcement to 
share information and to work together increased the urgency of 
reforming the security clearance process.
    Congress has been particularly concerned about cases in 
which federal government employees and contractors who are 
moving or are detailed from one government agency to another 
have been required to undergo lengthy reinvestigations and 
adjudications by a new employer. While Congress has sometimes 
framed this as one aspect of the timeliness problem, it has 
increasingly focused on issues of interagency reciprocity in 
its own right.
    In 2006, the Oversight and Investigations Subcommittee of 
the House Permanent Select Committee on Intelligence conducted 
a review of IRTPA implementation and published its findings. 
With regard to security clearances, the Oversight and 
Investigations Subcommittee acknowledged improvements in 
clearance timeliness, but it found little progress in other 
areas. According to the report, the DNI had done little to 
ensure reciprocity and had no way of measuring progress toward 
that goal. In response, ODNI staff pledged to be more 
proactive, and said that new guidance would be issued in 2006 
to replace the outdated Director of Central Intelligence 
Directive (DCID) 6/4.\19\ Intelligence Community Directive 704, 
the intended replacement for DCID 6/4, has still not been 
issued.
---------------------------------------------------------------------------
    \19\ Director of Central Intelligence Directive 6/4, Personnel 
Security Standards and Procedures Governing Eligibility for Access to 
Sensitive Compartmented Information (SCI).
---------------------------------------------------------------------------
    Quality. GAO reports have repeatedly urged greater 
attention to quality of the investigation and adjudication 
processes. Problems such as inadequate training of adjudicators 
and infrequent reinvestigation of existing clearance holders 
have been cited over the years. Lack of confidence in the 
quality of clearance processes has often been cited as an 
impediment to full reciprocity in accepting security clearances 
granted by other agencies. Clear metrics on quality would 
increase confidence in the security clearance process across 
agencies. Backlogs can sometimes result in reduced rigor. For 
example, in the 1990s, GAO reported cases in which long delays 
in completing security clearances led agencies to waive 
investigative requirements. In a 1999 report to the Ranking 
Member of the House Armed Services Committee, GAO reported that 
92% of background investigations were deficient in one 
investigative area, 77% were deficient in multiple areas, and 
16% of investigations failed to pursue information about an 
applicant's criminal history, alcohol or drug use, financial 
trouble, or other significant problems.\20\
---------------------------------------------------------------------------
    \20\ GAO. Report to the Ranking Minority Member, Committee on Armed 
Services, House of Representatives. ``DOD Personnel: Inadequate 
Personnel Security Investigations Pose National Security Risks.'' GAO-
04-344. May 26, 2004.
---------------------------------------------------------------------------
    Recently, the Subcommittee urged OMB, which in 2005 assumed 
responsibility for overall management and policy for security 
clearances, to focus more attention on issues of quality and to 
establish clear metrics for quality of security clearance 
investigations and adjudications.
    Workforce diversity. Analyses of Intelligence Community 
performance immediately preceding the attacks of September 11, 
2001, brought public attention to the lack of personnel with 
diverse language skills and cultural backgrounds. The 9/11 
Commission Report made it clear that, because very few American 
colleges or universities offered programs in Middle Eastern 
languages or Islamic studies, the Intelligence Community needed 
urgently to recruit personnel from among first- or second-
generation Americans with the needed backgrounds.\21\ However, 
the report also found that the clearance process was hindering 
the Intelligence Community's ability to hire people with the 
needed expertise:
---------------------------------------------------------------------------
    \21\ The National Commission on Terrorist Attacks Upon the United 
States. ``The 9/11 Commission Report.'' July 22, 2004.

          Security concerns also increased the difficulty of 
        recruiting officers qualified for counterterrorism. . . 
        . Many who had traveled much outside the United States 
        could expect a very long wait for initial clearance. 
        Anyone who was foreign-born or had numerous relatives 
        abroad was well-advised not even to apply.\22\
---------------------------------------------------------------------------
    \22\ Ibid.

    The clearance process that had been designed to weed out 
applicants with relationships to hostile foreign nationals was 
preventing the hiring of applicants whose knowledge of foreign 
languages and cultures could help protect the United States 
from terrorist threats. This recruiting barrier has become a 
principal bipartisan concern that has prompted legislative 
provisions calling for ``multi-level security clearances'' in 
the intelligence authorizations bills for FY 2006 through FY 
2009.

                           Views of Industry

    Private firms carrying out contracts for DOD and the 
Intelligence Community have provided Congress useful 
information about the state of the security clearance process. 
They, along with other private firms who support the security 
clearance process itself, have also offered valuable insights 
into the ways in which the process might be updated.
    Across the government, employees working on federal 
contracts and as individual contractors hold many of the 
security clearances. A 2004 report by GAO found that nearly 
one-third of DOD-issued clearances, nearly 700,000 out of two 
million, were held by industry personnel.\23\ These contracts 
can be vital to the success of the defense and intelligence 
missions, as contractors provide valuable personal services as 
well as technical and industrial expertise.
---------------------------------------------------------------------------
    \23\ GAO-04-632.
---------------------------------------------------------------------------
    For corporations working on intelligence contracts, long 
processing times for security clearances can have serious 
staffing and schedule implications. Representatives of industry 
have told the subcommittee that delays in putting personnel to 
work on federal contracts can cause cost and schedule overruns 
for the contracting agency. Ultimately, these costs are borne 
by taxpayers. The problem is even greater for small businesses, 
which may lack the cleared staff required to review classified 
requests for proposals, and therefore cannot compete for 
contracts.\24\
---------------------------------------------------------------------------
    \24\ Informal round-table discussions held by Subcommittee on 
Intelligence Community Management on June 15, 2007, and related staff 
conversations.
---------------------------------------------------------------------------
    The 2004 GAO report cited above found that DOD's clearance 
process was not fit to provide high-quality, prompt clearance 
determinations for industry personnel. As of March 2004, DOD 
had a backlog of 188,000 defense industry clearance cases and 
an average processing time of 375 days. In light of the large 
backlogs and severe delays experienced by industry personnel, 
DOD considered the option of establishing a single adjudicative 
facility for industry. In 2007, a working group of government 
and industry representatives was created to monitor industry 
clearance timeliness and provide recommendations on 
improvements. The working group expressed concern about the 
timeliness of industrial clearances, and reported that 80% of 
clearance requests were not acted upon within an average of 120 
days and that adjudication times were lengthening.\25\
---------------------------------------------------------------------------
    \25\ Office of Management and Budget. ``Report of the Security 
Clearance Oversight Group.'' February 14, 2008.
---------------------------------------------------------------------------
    Even though the timeliness of security processing has 
improved greatly across all levels of clearances, clearances 
for industry personnel still take longer than those for 
government employees. In the first quarter of FY 2008, for 
example, the average time required by the most timely 80% of 
the clearances for DOD military and civilian employees was 104 
days, while the time required for the comparable group of DOD 
industry personnel was 151 days.\26\
---------------------------------------------------------------------------
    \26\ Ibid.
---------------------------------------------------------------------------
    Industry groups have grown more vocal about the need for 
change in the personnel security system. In 2007, the 
Intelligence and National Security Alliance (INSA), a 
professional organization of industry representatives, 
intelligence employees, and academics, published a white paper 
on reforming the clearance system.\27\ The INSA paper argued 
that the system is weighted so heavily toward keeping dangerous 
individuals out, that it fails to allow in the right 
individuals. The system is outdated, Cold War-oriented, and 
technologically backward. The clearance regime's 
administrative, investigative, and adjudicative techniques are 
stuck in decades past, and need to be adapted to the social 
ramifications of our mobile, networked, and dynamic, culture. 
The system is keeping out first- and second-generation 
Americans and other potential employees. Furthermore, 
industrial security clearance delays and backlogs have made 
clearance holders a commodity, driving up the cost of 
government contracts. According to INSA, use of commercial 
databases in investigations, end-to-end automation, and 
especially a shift in emphasis from up-front investigations to 
a continuous monitoring of personnel who hold clearances, are 
all necessary to reform the system.
---------------------------------------------------------------------------
    \27\ Intelligence and National Security Alliance Council on 
Security and Counterintelligence. ``Improving Security While Managing 
Risk: How Our Personnel Security System Can Work Better, Faster, and 
More Efficiently.'' October 2007.
---------------------------------------------------------------------------

Requirements of the Intelligence Reform and Terrorism Prevention Act of 
                                  2004

    Citing the need for a fundamental restructuring of the 
Intelligence Community in the wake of the 9/11 terrorist 
attacks and the new challenges posed by terrorism and other 
21st century threats, Congress approved the IRTPA,\28\ the most 
comprehensive reform of the Intelligence Community since its 
creation over a half century earlier. Principal among the 
congressionally mandated changes was the establishment of a new 
position of Director of National Intelligence (DNI), with 
strengthened authorities to centralize and unify control over a 
community long viewed as more of a loose confederation of 16 
separate intelligence entities than as an integrated 
Intelligence Community.
---------------------------------------------------------------------------
    \28\ P.L. 108-458, Dec. 17, 2004.
---------------------------------------------------------------------------
    By centralizing authority over the Intelligence Community, 
Congress attempted to address one of the principal problems 
underscored by the 9/11 Commission, which likened the elements 
of the Intelligence Community to a set of specialists in a 
hospital, each ordering tests, looking for symptoms, and 
prescribing medications.\29\ What was missing, according to the 
9/11 Commission, was an attending physician to make sure they 
work as a team. As outlined by Congress, the job of the DNI was 
to be the ``attending physician,'' with the authority to make 
sure the Intelligence Community works as a team to confront 
terrorism and the other emerging threats of the 21st century, 
threats the 9/11 Commission said increasingly called for quick, 
imaginative, and agile responses.\30\
---------------------------------------------------------------------------
    \29\ The 9/11 Commission Report, p. 353.
    \30\ Ibid, p. 399.
---------------------------------------------------------------------------
    One of a number of problems Congress expected the DNI to 
confront with his new authorities was that of the security 
clearance process, often criticized as typifying what the 9/11 
Commission characterized as an Intelligence Community that had 
become ``too complex and secret.'' \31\ In Title III of IRTPA, 
Congress sought ``to bring greater efficiency, speed, and 
interagency reciprocity to the security clearance process.'' 
\32\ A key feature is the centralization of responsibility for 
security clearances.
---------------------------------------------------------------------------
    \31\ Ibid, p. 410.
    \32\ Conference report to accompany S. 2845, Intelligence Reform 
and Terrorism Prevention Act of 2004, December 7, 2004 Title III.
---------------------------------------------------------------------------
    The following paragraphs set forth the main provisions of 
Title III of the Act. Implementation of the provisions is 
discussed later in greater detail.
    Uniform policies and unity of responsibility. Section 
3001(b) of IRTPA requires that, within 90 days of enactment, 
the President make one entity responsible for ``directing day-
to-day oversight of investigations and adjudications'' of 
security clearances throughout the U.S. Government. That entity 
is charged with developing and implementing ``uniform and 
consistent policies and procedures to ensure the . . . timely 
completion'' of all clearances. It has the final word in 
authorizing agencies to conduct investigations and to 
adjudicate clearances.
    Under Section 3001(c), the President was required, within 
180 days of enactment, to ``select a single agency . . . to 
conduct, to the maximum extent practicable, security clearance 
investigations'' of all employees and contractor personnel 
``and to provide and maintain all security clearances of such 
employees and contractor personnel.''
    Reciprocity. Section 3001(d) requires, ``All security 
clearance background investigations and determinations 
completed by an authorized investigative agency or authorized 
adjudicative agency shall be accepted by all agencies.'' This 
language specifies that ``determinations'' as well as 
``investigations'' by one agency shall be accepted by all other 
agencies.
    Database on security clearances. Section 3001(e) requires 
that, within a year, OPM is to establish and have operating an 
integrated, secure database that integrates data relevant to 
security clearances for all government employees and 
contractors. This database shall integrate information from all 
other federal clearance tracking systems. Each agency must 
check the database to determine whether an individual requiring 
a security clearance has already been granted or denied one or 
had one revoked. To enforce this provision, the extent to which 
an agency is submitting information to this database will be 
evaluated and this will help determine whether to certify the 
agency as an authorized investigative or adjudicative agency.
    Use of information technology. Section 3001(f) requires the 
policy oversight entity to evaluate the use of available 
information technologies and databases for expediting 
investigative and adjudicative processes, doing ongoing 
verification of personnel with clearances; or augmenting 
periodic reinvestigations. The law requires that, no later than 
a year after enactment, the policy oversight entity submit a 
report to the President and Congress on the results of this 
evaluation.
    Reduction in the length of the clearance process. The most 
frequently-referenced requirements of Title III are in Section 
3001(g). These include a plan, to be developed by the policy 
oversight entity within 90 days after that entity is selected, 
to reduce the length of the personnel security clearance 
process. The plan is to be developed in consultation with the 
appropriate committees in Congress and each authorized 
adjudicative agency, and is to take effect five years after 
enactment. ``To the extent practical the plan . . . shall 
require that each authorized adjudicative agency make a 
determination on at least 90 percent of applications for a 
personnel security clearance within an average of 60 days after 
. . . receipt of a completed application,'' or 40 days for 
investigation and 20 for adjudication. An interim standard, to 
be met not later than 2 years after enactment, is that each 
agency shall make a determination on at least 80 percent of 
applications with an average of 120 days after receiving the 
application.
    Annual progress reports. Under Section 3001(h), the policy 
oversight entity is to submit progress reports by February 15, 
2006, and annually through 2011.

                  Implementation Authorities and Plans

    E.O. 13881, issued June 27, 2005, in response to the 
requirements of IRTPA's Title III, affirmed a policy that 
``agency functions relating to determining eligibility for 
access to classified national security information shall be 
appropriately uniform, centralized, efficient, effective, 
timely, and reciprocal.'' It gave OMB the authority to assure 
implementation of that policy. Pursuant to that authority, OMB 
delegated to OPM the central role for security clearance 
investigations called for in Title III, Section 3001(c).
    On June 30, 2008, E.O. 13381 was replaced by E.O. 13467, a 
new executive order reforming clearance processes and 
formalizing a new governance structure for the processes of 
hiring and clearing federal government personnel. The Joint 
Security and Suitability Reform Team proposed a governance 
structure, including a Performance Accountability Council, 
which is a collaborative effort consisting of representatives 
of DOD, OMB, DNI, and OPM. The new council is to be accountable 
for achieving the goals of security clearance reform. To be 
chaired by OMB's Deputy Director for Management, the Council 
includes the DNI as the ``Security Executive Agent'' 
responsible for security clearances government-wide; and 
affirms the Director of OPM as responsible for the federal 
government's workforce.
    In April 2007, DNI Mike McConnell issued the United States 
Intelligence Community 100-Day Plan for Integration and 
Collaboration. The plan committed the Intelligence Community to 
a ``culture of collaboration,'' to ``modernize business 
practices'' and to ``accelerate information sharing,'' among 
other broad objectives intended to overcome the obstacles to 
interagency collaboration on security issues identified 
following the attacks of 9/11.
    One specific problem targeted in the DNI's 100-Day Plan was 
that ``multiple, complex and inconsistent security clearance 
systems slow the pace in filling open positions and moving 
personnel.'' The plan envisioned ``timely granting of 
clearances and the ability to enter all IC agencies with the IC 
One Badge without having to send clearances.'' At the end of 
the 100-day period, the DNI reported having taken a first step 
by developing ``a pilot program that will pave the way for a 
standard and uniform clearance process. . . .'' \33\
---------------------------------------------------------------------------
    \33\ Follow-Up Report, July 27, 2007.
---------------------------------------------------------------------------
    A 500-Day Plan for Integration and Collaboration, which the 
DNI issued in October 2007 and would extend until the end of 
the current administration, outlined a strategy to deliver an 
``end to end security clearance process'' in which the 
``performance of IC agency personnel security programs meet or 
exceed IRTPA guidelines for clearance case processing times.'' 
The new plan, however, made no reference to an ``IC One Badge'' 
that would be accepted by all agencies.

            Assessing Performance Against IRTPA Requirements

    One entity responsible for uniform policies and 
implementation. Actions have been taken, but in practice, the 
requirement has not been fully met. The principal provision of 
this section, the selection of OMB as the lead entity, was 
implemented through E. O. 13381, which the President issued 
approximately 190 days after the law's enactment.\34\ That 
order was replaced on June 30, 2008, by E.O. 13467, which has 
taken a different approach to implementing this IRTPA 
provision, as discussed below.
---------------------------------------------------------------------------
    \34\ The law required this selection within 90 days of enactment.
---------------------------------------------------------------------------
    To implement IRTPA'S requirement that the entity selected 
be ``the final authority to designate an authorized 
investigative agency or authorized adjudicative agency,'' E.O. 
13381 specified that the Director of OMB might assign to any 
agency any process relating to determinations of eligibility, 
and that OMB was to supervise the agencies in carrying out the 
investigatory or adjudicatory activities. The E.O. authorized 
OMB, after consulting with the Secretary of Defense, the DNI, 
and certain other department heads, to issue guidelines to the 
agencies ``to ensure appropriate uniformity, centralization, 
efficiency, effectiveness, and timeliness in processes relating 
to determinations by agencies of eligibility for access to 
classified national security information.''
    In practice, the centralization of authority required by 
the law has not been fully realized. OMB's policy oversight has 
not succeeded in setting forth a consistent interpretation of 
interagency reciprocity, nor has it ensured implementation of 
other Title III requirements.
    The new executive order, E.O. 13467, replaces OMB as the 
central authority with a committee, the Suitability and 
Security Clearance Performance Accountability Council (``the 
Council''). The Council's members include the Director of OPM 
and the DNI, and it is chaired by OMB's Deputy Director for 
Management. The Council is accountable for ``aligning'' 
executive branch policies and procedures regarding security and 
suitability clearances. The specific responsibilities for 
policy and oversight of the security clearance process, which 
had been assigned to OMB, are now assigned to the DNI. These 
include the responsibility to designate agencies to conduct 
security investigations and to ``ensure reciprocal recognition 
of eligibility for access to classified information among the 
agencies.''
    By naming the DNI as the ``Security Executive Agent,'' the 
new executive order may make it possible to achieve greater 
alignment of policies regarding Sensitive Compartmented 
Information (SCI). E.O. 13381 had restricted OMB's authority 
with regard to certain types of access. For determining access 
to SCI and intelligence-related Special Activity Programs 
(SAPs), OMB would have required the concurrence of the DNI; 
while OMB guidelines on non-intelligence (military operational, 
strategic and tactical) SAPs would have required the 
concurrence of the head of the agency responsible for that 
program.
    A single entity for investigations. This provision, which 
requires that a single agency shall, ``to the maximum extent 
practicable,'' be responsible for conducting security clearance 
investigations, has been partially implemented. The statute 
also requires this entity to integrate security clearance 
applications, investigations, and determinations into a 
database, and ensure security clearance investigations are 
conducted under uniform standards and requirements.
    In practical terms, OPM is this single entity because it 
conducts 90% of the background investigations for security 
clearances, and has done so since 2005. Prior to that, these 
investigations were conducted by DOD. The shift from DOD to OPM 
was authorized by Congress in the National Defense 
Authorization Act for FY 2003, and occurred in 2005. In 
addition, in June 2005, OMB designated OPM as the single entity 
responsible for security clearance investigations.\35\
---------------------------------------------------------------------------
    \35\ June 30, 2005, OMB Memorandum for Heads of Executive 
Departments and Agencies, ``Allocation of Responsibilities for Security 
Clearances under the Executive Order, Strengthening Processes Relating 
to Determining Eligibility for Access to Classified National Security 
Information.''
---------------------------------------------------------------------------
    OPM has not fully exercised the government-wide management 
role for the other requirements of this section, nor does the 
OMB designation make reference to these other requirements. 
Although IRTPA calls on ``the selected agency'' to integrate 
the work related to security clearances across the government, 
in practice, OPM's role is limited to providing investigative 
services to DOD and certain other agencies.\36\ Rather than 
``provide and maintain all security clearances . . .'' and 
``integrate reporting of security clearance applications, 
security clearance investigations and determinations,'' into a 
single database, OPM maintains records only of the clearances 
for which it provides the investigations. It does not even 
maintain records of the number of cases investigated or 
adjudicated by other agencies.\37\
---------------------------------------------------------------------------
    \36\ ``OPM provides background investigation products and services 
to agencies to assist them with making security clearance or 
suitability decisions . . .'' Ibid.
    \37\ In response to ICM staff phone request for information about 
the number of security clearances across the Federal Government, an OPM 
legislative affairs officer said, ``We have information only about the 
clearances that we (at OPM) do.'' Phone conversation, July 18, 2008.
---------------------------------------------------------------------------
    While the federal government had standards for 
investigation and adjudication prior to IRTPA, OPM did not 
issue new guidance under the statute. However, E.O. 13467 
issued in 2008, creates a Security Executive Agent who will 
have responsibility for ``developing uniform and consistent 
policies and procedures'' for investigations and adjudications. 
Under the executive order the Security Executive Agent is the 
DNI. On September 17, 2008, the DNI's representative testified 
to the Subcommittee that a review of the policies and 
procedures for investigations and adjudications is underway.
    Reciprocity. Under IRTPA, ``all security clearance 
background investigations and determinations completed by an 
authorized investigative agency or authorized adjudicative 
agency shall be accepted by all agencies.'' This standard has 
not been met.
    The law specifies that in determining whether to grant a 
clearance to someone who already has the same level clearance 
from another agency, no new investigations may be required; and 
there may be no additional investigative or adjudicative 
requirements, other than a requirement of a polygraph 
examination, that exceed requirements specified in the 
executive orders establishing those security requirements. The 
section provides, however, for the head of the policy oversight 
entity to make exceptions necessary for national security 
purposes.
    The interpretation and application of reciprocity by the 
current Administration has been inconsistent.
     Presidential guidance on reciprocity has changed 
over time. E.O. 12968, issued August 2, 1995, required that 
background investigations and eligibility determinations would 
be reciprocal. E.O. 13381 issued in June 2005 loosened the 
standard so that only ``agency functions relating to 
determining eligibility for access'' would be reciprocal, 
without requiring that final determinations be accepted. Then, 
in June 2008, E.O. 13467 went back to the stronger language in 
the 1995 order, requiring that ``background investigations and 
adjudications shall be mutually and reciprocally accepted by 
all agencies.'' \38\
---------------------------------------------------------------------------
    \38\ 38 E.O. 13467, Section 2.1(c). Section 3(c) of this Order 
states that the Order does not supersede the provisions in the 1995 
Order cited above.
---------------------------------------------------------------------------
     In July 2007, the DNI suggested that agencies 
would not re-adjudicate clearances that have already been 
granted by other agencies when he described the goal of 
``modernizing business practices'' in security clearances as 
the ``timely granting of clearances and the ability to enter 
all IC agencies with the IC One Badge . . .''
     In testimony to the Subcommittee, Administration 
witnesses argued that each agency should adjudicate clearances 
for its own personnel. At the Subcommittee's open hearing on 
February 27, 2008, Mr. Clay Johnson, OMB Deputy Director for 
Management, testified, ``If you asked . . . anybody in the 
executive branch, senior capacity, whether your access to Top 
Secret information at Interior would qualify you for access to 
Top Secret information at CIA, you would hear a resounding 
`no.' '' Ambassador Eric Boswell, then Assistant Deputy 
Director of National Intelligence for Security, explained that 
a condition of employment at an intelligence agency is that 
everyone is cleared at the Top Secret level and has SCI access. 
Thus, the security clearance process is indistinguishable from 
the determination that the applicant is suitable for employment 
at that agency. Mr. Johnson testified to the Subcommittee at 
its September 17, 2008, open hearing that the final 
determination for suitability and access to secure information 
ought to be made by the agency that is employing the person.
     Even today, the Administration acknowledges 
exceptions to reciprocity. Pressed by ICM members at their 
September 2008 hearing about the extent of reciprocity in 
adjudications, Mr. Johnson and other Administration witnesses 
indicated that OMB allows four reasons for which agencies may 
determine not to recognize a clearance issued by another 
agency: 1) if the position requires a polygraph and the 
applicant's current position does not; 2) if the existing 
clearance was issued as an interim clearance; 3) if the 
position requires adjudication of foreign national family 
members issues, which were not made earlier; and 4) if the job 
requires disqualifying applicants because of certain 
disqualifying conduct.
    The standard for reciprocity set by the law contains some 
ambiguity. The law could be interpreted to require that one 
agency's Top Secret clearance must be automatically recognized 
by all other agencies as though the bearer of that clearance 
were wearing the ``IC One Badge.'' Alternatively, reciprocity 
might mean that, when one agency considers whether to provide a 
security clearance to someone already holding a clearance, the 
agency must accept the existing clearance unless it falls into 
one of the four listed exceptions. Or reciprocity might be 
interpreted to mean only that when the receiving agency 
adjudicates the security clearance, it must not re-do the 
existing investigatory work or revisit the particular issues 
that were considered previously in reaching the security 
clearance determination.
    OPM's role as investigator for the vast majority of 
clearances means that investigative reciprocity is less of an 
issue than adjudicative reciprocity. There is no definitive 
information on the actual practice of the intelligence agencies 
with regard to accepting each other's security adjudications. 
Senior officials have insisted that each agency readily accepts 
clearances adjudicated by the others. However, no measures 
exist to substantiate that claim. At the Subcommittee's hearing 
on September 17, 2008, Mr. Johnson acknowledged, ``We don't 
have metrics for measuring reciprocity. We rely on anecdotal 
evidence. We poll the contractor community and we notice trends 
in the anecdotal reporting of nonreciprocal behavior.'' \39\
---------------------------------------------------------------------------
    \39\ Testimony of Mr. Clay Johnson, Deputy Director, OMB, before 
the Subcommittee, September 17, 2008.
---------------------------------------------------------------------------
    Concerned by persistent anecdotal information about cases 
in which reciprocity appears not to have been the rule, the 
House Permanent Select Committee on Intelligence included in 
the FY 2009 authorization bill a provision requiring the 
Inspector General of the Intelligence Community to audit 
security clearance reciprocity in the Intelligence Community.
    An integrated, secure database. The law calls for a 
database ``into which appropriate data . . . shall be entered 
from all authorized investigative and adjudicative agencies.'' 
This requirement has not been met.
    At present, there are two separate databases, the Joint 
Personnel Adjudication System (JPAS), which covers DOD, and 
Scattered Castles, used by the Intelligence Community. 
Moreover, JPAS does not include data about clearances that are 
not investigated by OPM, such as the Department of Homeland 
Security and the Department of State, which are maintained in 
other databases.
    At an ICM hearing held on February 27, 2008, the OPM 
witness reported that OPM and DOD had linked their databases in 
order to ensure ``that database is made accessible across the 
government to all agencies.'' However, she noted, ``Now, it 
does not include the clearances in the Intelligence Community. 
If we had tied those systems together, it would have made the 
whole system classified, and then it would not be usable to a 
broad section of the government.'' \40\
---------------------------------------------------------------------------
    \40\ Testimony of Kathy L. Dillaman, Associate Director, Federal 
Investigative Services Division, OPM, before Subcommittee on 
Intelligence Community Management of the House Permanent Select 
Committee on Intelligence, June 27, 2008.
---------------------------------------------------------------------------
    At the same hearing, Mr. Eric Boswell, then-Assistant 
Deputy Director of National Intelligence for Security, added, 
``The IC is served by one common database. . . . It is a 
classified database, for good reasons.'' Reflecting on this 
situation, he acknowledged, ``Reciprocity is not well served by 
the existing IT structure. We are working, in the Joint Team, 
to try to find some way to make that happen.''
    The provision in this subsection requiring OMB to 
``evaluate the extent to which an agency is submitting 
information to, and requesting information from, the database . 
. . as part of a determination of whether to certify the agency 
as an authorized investigative agency or authorized 
adjudicative agency'' appears not to have been applied.
    Evaluating the use of information technology. This 
requirement has been met, though belatedly. A report about the 
results of an evaluation of the use of available IT to expedite 
clearance processes was to be submitted by December 2005. As of 
2008, no such report had been produced.
    As a complement to the April 2008 Joint Reform Team report, 
the team prepared an appendix outlining the purpose, methods, 
and key findings of pilot programs that examined potential 
changes to the clearance system.\41\ Many of these pilot 
programs evaluated the application of modern IT systems to the 
clearance process. Until very recently, all fingerprints were 
taken with ink, applications filled out on paper, and every 
stage of every investigation and adjudication, no matter how 
simple, conducted by security personnel. The demonstrations 
evaluated automated or electronic approaches to these tasks.
---------------------------------------------------------------------------
    \41\ Appendix to the Security and Suitability Process Reform 
Initial Report, 30 April 2008: Demonstration Activity Results, 19 June 
2008.
---------------------------------------------------------------------------
    These IT systems have been tested and proven independently 
of each other. The outdated processes are now being replaced. 
Testifying at the Subcommittee's September 17, 2008 hearing, 
the OPM witness reported that ``94 percent, almost all, of 
submissions [to OPM] for national security investigations were 
done electronically, and almost half of the fingerprints were 
captured using digital capturing equipment.'' \42\ The next 
critical step is to test these systems as part of an end-to-end 
process to ensure that they work together seamlessly. Such a 
demonstration is scheduled to take place by the end of 
2008.\43\ Although the undertaking of this evaluation is 
belated, the Subcommittee applauds the effort and looks forward 
to reviewing the results.
---------------------------------------------------------------------------
    \42\ Testimony of Ms. Kathy Dillaman, Associate Director for 
Federal Investigative Services, OPM, before the Subcommittee on 
Intelligence Community Management on September 17, 2008.
    \43\ Testimony of Ms. Elizabeth McGrath, Principal Deputy Under 
Secretary of Defense for Business Transformation, before the 
Subcommittee on Intelligence Community Management on September 17, 
2008.
---------------------------------------------------------------------------
    Reduction in the length of the clearance process. IRTPA 
specified that within two years of enactment each authorized 
adjudicative agency shall make a determination on at least 80% 
of all applications for a personnel security clearance within 
an average of 120 days from the date the investigative agency 
receives the application. The language further stipulated that 
the 120 days should allow no more than 90 days for the 
investigative phase and no more than 30 days for the 
adjudicative phase.
    The Administration reported that this interim standard had 
been met on average across the adjudicating agencies. However, 
their data suggests that this standard was not met by each 
agency. Moreover, its presentation creates the best possible 
picture from what is, upon closer inspection, a mixed record. 
For example, in order to argue that the security clearances for 
which OPM conducts investigations had met the IRTPA standard, 
the report: 1) considered only the adjudications begun and 
reported during the first quarter of FY 2007; 2) considered 
only initial investigations, not reinvestigations; 3) did not 
include ``the time to hand-off applications to the 
investigative agency, hand-off investigation files to the 
adjudicative agency, return the files to the investigative 
agency for further information, if necessary; and/or generally 
complete the security clearance process within the agency once 
the investigation and adjudication are complete''; \44\ and 4) 
interpreted the standard as requiring no more than 90 days for 
investigations and 30 days for adjudications, ignoring the 
requirement that the total amount of time for the security 
clearance process should not exceed 120 days.
---------------------------------------------------------------------------
    \44\ Ibid., p.1.
---------------------------------------------------------------------------
    It should be noted that the requirements for timeliness in 
IRTPA also lack specificity in some regards. For example, the 
law aggregates TS-level clearances with those at the Secret and 
Confidential level. More meaningful measures of progress would 
consider the timeliness of the TS-level clearances separately. 
Also, since the law does not mention the time to transmit an 
application to OPM from the agency that receives the 
application, the Administration reinterpreted the IRTPA 
standard of 120 days to mean 130 days for ``end-to-end'' 
processing, including a period of 14 days for initial 
transmission of the application, 25 days for adjudication, and 
91 days for investigation.\45\
---------------------------------------------------------------------------
    \45\ Ibid., footnote 1.
---------------------------------------------------------------------------
    Nevertheless, the improvement in timeliness achieved by the 
December 2006 interim deadline was a remarkable achievement, 
particularly by OPM, which had inherited large backlogs in 
2005. Looking at the timeliness of the investigation phase for 
initial clearances, the average for 80% of all those completed 
during the first quarter of FY 2007 was 101 days. While this 
average falls short of the IRTPA standard of 90 days for 
investigations, it shows marked progress over previous years. 
While initial investigations for clearances at the TS level 
required 392 days in FY 2004 and 347 days in FY 2005, in FY 
2006 they were completed, on average, in 286 days. For Secret/
Confidential levels, the required time was reduced from an 
average of 179 days in FY 2004 to 155 days and 157 days in FY 
2005 and FY 2006, respectively.\46\
---------------------------------------------------------------------------
    \46\ Ibid., p.1.
---------------------------------------------------------------------------
    Across the federal government, performance against the 
interim IRTPA standards was uneven:
     The adjudications by agencies whose investigations 
are performed by OPM averaged 39 days, falling short of the 
IRTPA standard of 30 days.
     Data from the individual agencies of the 
Intelligence Community was not provided, but the Intelligence 
Community as a whole appears to have met or exceeded the 
standard. On average, 83% of all investigations and 
adjudications that were completed in the first quarter of FY 
2007 and the preceding fiscal year took 103 days to 
process.\47\ This figure does not include the time for initial 
transmittal and other processing, which would be counted in an 
end-to-end measurement.
---------------------------------------------------------------------------
    \47\ Report of the Security Clearance Oversight Group Consistent 
with Title III of the Intelligence Reform and Terrorism Prevention Act 
of 2004, February 2007, p.5.
---------------------------------------------------------------------------
     The agencies outside of the Intelligence Community 
that conduct their own investigations showed mixed results. The 
State Department exceeded the IRTPA standard, requiring an 
average of only 51 days to accomplish both the investigation 
and adjudication. Data was insufficient to report on Department 
of Homeland Security performance, although the units that 
reported fell short of the IRTPA standard. The Department of 
Justice/FBI performance fell well short of the IRTPA standard 
for investigation, although it conducted adjudications in less 
time than the IRTPA standard.
    The second set of milestones established under IRTPA will 
come due in December 2009. At that point, 90% of all 
applications are to be processed within an average of 60 days. 
Given past performance, meeting that standard will pose a 
significant challenge for almost all agencies. In an effort to 
move toward those standards, in February 2008, the Security 
Clearance Oversight Group set goals to be met by September 
2008, including:
           providing initial security clearances to 90% 
        of industry employees in same time it takes to provide 
        them to non-industry employees;
           90% of TS initial investigations in less 
        than 90 days; and
           90% of Secret/Confidential initial 
        investigations in less than 65 days.
    Annual progress reports. In February 2007 and February 
2008, OMB submitted to Congress the annual reports required 
under this section. These provide detailed information about 
progress achieved in reducing the processing time for security 
clearances. The February 2007 report also describes efforts to 
improve reciprocity, a subject that is absent from the February 
2008 report.

                 Current Reforms: Issues for Oversight

    The Subcommittee remains concerned that the process has 
been driving with the emergency brake on, and that four years 
after IRTPA, the clearance process has not been dramatically 
streamlined, but instead consists of layers and layers of 
planning.\48\ The Subcommittee has been troubled by the quality 
of the security clearance process. It has pressed OMB 
repeatedly and unsuccessfully to establish metrics for the 
quality of security clearance investigations and adjudications. 
Without clearly established methods of evaluating and assessing 
the security clearance process, there is no way to ensure that 
the process reaches the intended result of providing access to 
trustworthy Americans while protecting our national security.
---------------------------------------------------------------------------
    \48\ Subcommittee Chairwoman Eshoo, July 30, 2008, hearing of the 
Subcommittee on Intelligence Community Management of the House 
Permanent Select Committee on Intelligence.
---------------------------------------------------------------------------
    The lack of full reciprocity among agencies continues to 
exact financial costs across the government and the contracting 
community, as well as the intangible cost of lost opportunities 
for collaboration. Members of the Subcommittee expressed dismay 
that, despite Congress's intent to bring the security clearance 
process under a single authority, information and authority 
remain so dispersed that no one knows how many people in the 
U.S. Government hold security clearances.\49\ As the Ranking 
Member has stated, ``The problems with security clearance 
reform do not seem to be ones of money or even ideas. The real 
issues seem to be stubbornness and a refusal to embrace system-
wide efficiency over agencies' proprietary desire to control 
the clearance process.'' \50\
---------------------------------------------------------------------------
    \49\ Ibid.
    \50\ Ibid, opening statement of Ranking Member Darrell Issa, July 
30, 2008.
---------------------------------------------------------------------------
    In March 2008, the Committee formally requested that GAO 
conduct its first assessment of the security clearance process 
in the Intelligence Community. This study, to be completed in 
the fall of 2008, includes an evaluation of the ongoing joint 
pilot reform effort being conducted by the DNI and DOD and a 
review of the criteria that the administration is using to 
assess the effectiveness of its efforts.
    On July 30, 2008, the Subcommittee held an open hearing to 
receive preliminary results of GAO's review and to consider the 
impact of the Administration's new reform plan on the security 
clearance reform process.\51\ The sole witness was GAO's 
Director for Military and Civilian Personnel and Medical 
Readiness, Defense Capabilities and Management, Ms. Brenda 
Farrell. Ms. Farrell based her remarks on GAO's initial review 
of the reform plan and the new executive order, as well as 
GAO's prior work on security clearance processes and its 
knowledge of best practices in organizational transformation.
---------------------------------------------------------------------------
    \51\ ``Security and Suitability Process Reform,'' April 30, 2008, 
Initial Report of Joint Security and Suitability Reform Team; and E.O. 
13467, issued June 30, 2008.
---------------------------------------------------------------------------
    In her testimony, Ms. Farrell emphasized that the new 
reform plan, unlike the plan issued in 2005 as required by 
IRTPA, identifies some near-term actions. She also underscored 
the importance, as in any major organizational change, of 
ensuring the full support of senior officials and the 
significance of the collaboration among the DNI, DOD, OMB, and 
OPM. She noted that such collaboration did not exist in 2005. 
However, she found the new plan, like the previous plan, 
deficient with regard to setting specific interim goals and 
metrics with which to track the progress of the reform effort.
    GAO's review will focus particularly on the structure and 
role of the Performance Accountability Council created by the 
E.O. 13467. In her testimony, Ms. Farrell expressed the GAO's 
intention to evaluate OMB's role as chair of the Council and 
the DNI's functions as Executive Agent for security clearances 
and as a member of that council.\52\ GAO will address how best 
to achieve full reciprocity of security clearances across the 
U.S. Government, including an assessment of the willingness of 
the elements of the Intelligence Community to establish a 
cross-agency clearance database.\53\
---------------------------------------------------------------------------
    \52\ Testimony of Ms. Brenda Farrell, Director, Defense 
Capabilities and Management, GAO, before Subcommittee, July 30, 2008.
    \53\ Ibid.
---------------------------------------------------------------------------
    The Subcommittee discussed the results of the GAO study at 
its September 17, 2008, at which the responsible leaders of the 
key institutions, including the DNI, DOD, OMB and OPM, 
testified.
    As the Subcommittee concludes its security clearance 
oversight activities during the 110th Congress, it finds that 
progress over the past five years has been disappointing. 
Recognizing that security clearance reform is one of the most 
vital workforces issues facing the Intelligence Community 
today, the Subcommittee remains committed, on a bipartisan 
basis, to ensuring that the relevant agencies fully accomplish 
the mission of reform.
    It is the intention of the Subcommittee to hold hearings on 
legislative proposals early in the 111th Congress that would 
spur security clearance reform by requiring agencies to report 
to Congress on key metrics on the security clearance process. A 
standard method of evaluation would allow tracking of 
improvements from year to year and enable agencies to judge the 
effectiveness of one another's security clearance process, 
thereby improving confidence in the system. The legislation 
would also clarify congressional intent concerning the meaning 
of reciprocity and the degree to which responsibility for 
security clearance adjudications must be consolidated.