Review of the Security and Emergency Planning Staff's Management of Background Investigations
Evaluation and Inspections Report I-2005-010
Office of the Inspector General
The Office of the Inspector General (OIG) conducted this review to examine the Department of Justice’s (Department) Security and Emergency Planning Staff’s (SEPS) background investigation program. Specifically, we evaluated SEPS’s management of four program areas: (1) managing background investigations of political appointees, attorneys, and other personnel whose investigations are not delegated to the components; (2) granting clearances for access to Sensitive Compartmented Information (SCI) materials for all Department employees; (3) providing policy guidance and training on background investigations; and (4) providing oversight of the components’ background investigation programs.
All federal agencies must ensure that only trustworthy individuals are hired to work in national security or public trust positions.9 The primary means for determining whether an individual is trustworthy is the background investigation, authorized by Executive Order 10450 and 5 C.F.R. Parts 731, 732, and 736. The background investigation is not an evaluation of the subject’s character, but is instead a determination of the likelihood that a particular person will adhere to all Department security requirements in the future.
Each federal agency determines the required security level of each position according to the duties that the employee holding the position will fulfill. Once the security level of a position has been determined, an investigation appropriate to that level is supposed to be conducted. There are several types of background investigations, each varying in scope and complexity. All background investigations begin with a request to the employee to fill out a questionnaire targeted to the position’s responsibilities.10 This is usually followed by an in-person interview with the applicant and, in most cases, a number of interviews with the applicant’s colleagues and personal associates. Currently, there are no federal timeliness requirements for the field investigation portion of the background investigation process.11
The Office of Personnel Management (OPM), through contracts with private companies, conducts the vast majority of field investigations of federal employees and contractors.12 The Federal Bureau of Investigation (FBI) conducts the field investigations for all of the Department’s political appointees and attorneys. SEPS is responsible for managing the background investigations of political appointees, attorneys, and personnel in the Offices, Boards and Divisions (see Appendix I.). Depending on the nature of the position to be filled, either OPM or the FBI conducts the field investigations for SEPS. In FY 2004, SEPS submitted more than 3,133 requests to OPM for field investigations.13 These investigations ranged in cost from $425 to $3,300 each, depending on the type of investigation requested and whether an expedited processing premium was paid.
At one time, OPM estimated that its investigations took 35 days, 75 days, or 120 days, depending on the premium paid for expedited processing. However, OPM has not been able to meet those processing estimates since FY 2001 and, for FY 2004, changed its categories from completion estimates to “priority,” “accelerated,” and “standard,” with priority having the most expedited completion. In FY 2004, OPM’s priority (formerly categorized as 35-day) cases took an average of 100 days, accelerated (formerly 75-day) cases took an average of 227 days, and standard (formerly 120-day) cases took an average of 324 days.14
A SEPS adjudicator reviews the information collected during the OPM or FBI field investigation and makes the final determination on whether the applicant is suitable. Adjudicators rely on standards established by the Central Intelligence Agency, OPM, the Department, and the Department’s components to evaluate the information provided by the field investigation.15 These standards encourage adherence to a “whole person” approach to reviewing the issues presented by each individual case. Under that approach, when the investigation identifies derogatory information about the person, the adjudicator should consider factors such as the relevance of the information to position responsibilities, the circumstances surrounding the derogatory information, and the person’s candor in disclosing relevant information. Federal regulations require that the adjudication be completed and the results transmitted to OPM within 90 days after receipt of a completed investigative case file.16
Federal law further requires that employees and contractors holding a security clearance who have been employed in their jobs for certain periods of time be subject to a reinvestigation to verify that they are still suitable for their positions. Reinvestigation is required once every 5 years for individuals possessing a Top Secret clearance, once every 10 years for individuals possessing a Secret clearance, and once every 15 years for individuals possessing a Confidential clearance.17 Individual federal agencies may impose additional requirements to expand the number of individuals subject to reinvestigation or to require more frequent reinvestigations.
The Department requires all its employees to be reinvestigated once every 5 years.18 For contractors, the Department only requires reinvestigations for individuals holding national security positions; these reinvestigations are required on the same schedule as those of employees. The Department does not require that contractors in public trust positions be reinvestigated, but some components, including the ATF and USMS, require that these contractors be reinvestigated.
SEPS is the primary office responsible for developing, implementing, and overseeing compliance with security policy throughout the Department.19 SEPS is a unit of the Justice Management Division (JMD), the administrative component of the Department. The director of SEPS, who is formally known as the Department Security Officer, reports to the Deputy Assistant Attorney General for Human Resources and Administration and to the Assistant Attorney General for Administration.
SEPS has direct adjudicative responsibility for background investigations on certain Department employees. In addition, SEPS has delegated adjudicative responsibility to some components for their employees, but it retains oversight responsibility over the delegated functions. Consequently, SEPS has four responsibilities related to background investigations in the Department: (1) managing background investigations for political appointees, attorneys, and other personnel not delegated to the components; (2) granting clearances for access to SCI materials for all Department employees; (3) providing policy guidance and training on background investigations; and (4) providing oversight of the components’ background investigation programs.20
SEPS staff is divided into 4 groups, which are further subdivided into 10 sections. (See Appendix II for a SEPS organizational chart.) In FY 2005, SEPS had 84 employees and 7 contractors, and a budget of $10 million. SEPS’s personnel security and compliance review functions are carried out by four sections in the Personnel Security Group (PERSG) and the Office of Information Safeguards and Security Oversight.
Within PERSG, the Operations Section is responsible for conducting adjudications of completed background investigations and maintaining investigation files on Department employees. The Policy, Training, and Oversight Section is responsible for drafting and distributing official Department policy on all background investigation and reinvestigation matters. In FY 2005, PERSG had 17 employees and 3 contractors.21 Five of the employees were adjudicators whose positions were funded by the components for whom they adjudicate reinvestigations.
Within the Office of Information Safeguards and Security Oversight, the Compliance Review Section (CRS) is responsible for conducting compliance reviews of all Department offices to determine their adherence to Department security policy. In FY 2005, CRS had three employees, including the chief. The Technical Security Section is responsible for the security of technology used to store and transmit classified information. Personnel in the Technical Security Section also manage SEPS’s background investigation inventory software.
Prior External Reviews Involving SEPS Staffing and Structure. Two external reviews since FY 2001 relating to SEPS’s responsibilities have reported that SEPS has inadequate resources and have made recommendations for improving the processing of background investigations. However, we found that these recommendations had not been implemented. First, in March 2002, the Webster Commission report raised concerns about SEPS’s inadequate resources and lack of standing within the Department hierarchy.22 In a footnote to the discussion of its recommendation to create an Office of Security within the FBI that reports to the Director, the Webster Commission stated:
[SEPS] is responsible for developing security policy and overseeing its implementation in Department components, such as the FBI. Although we have not examined SEPS in detail, the program seems to suffer from many of the structural weaknesses that led us to recommend creation of an Office of Security in the [FBI], weaknesses such as inadequate resources and insufficient stature within the Department’s structure. We recommend that the Department address this issue.23
On July 15, 2004, a report issued by the National Archives and Records Administration’s Information Security Oversight Office expressed concern that the Department had neglected to address the Webster Commission’s recommendation. The new report recommended that the Department move SEPS out of JMD and commit sufficient resources to its security programs. In his October 13, 2004, response to the National Archives and Records Administration report, the Assistant Attorney General for Administration agreed on the need for additional resources but declined to move SEPS out of JMD, stating that being a part of JMD did not hinder SEPS from fulfilling its responsibilities.24
SEPS retains direct responsibility for background investigations for all employees of the Department’s Offices, Boards and Divisions, all employees of the United States Attorneys’ Offices (USAO), all political appointees, all attorneys, and certain other designated positions.25 SEPS is also responsible for the background investigations of some contractors. At present, therefore, SEPS is responsible for the background investigations of approximately 27,000 of the Department’s 103,000 employees, as well as for 7,000 contractors.
As part of its responsibilities, PERSG obtains the required paperwork from political appointees who do not require Senate confirmation and certain other employees and contractors, schedules background investigations with OPM or the FBI, submits requests for FBI name checks, adjudicates the completed files, and processes waivers. 26,27 As Figure 1 shows, for certain categories of cases one of the Department’s components initiates, receives, and evaluates the field investigation before the personnel file is sent to SEPS for adjudication. For political appointees requiring Senate confirmation, the Office of Legal Policy (OLP) provides SEPS the background investigation file after Senate review. For attorneys, the Office of Attorney Recruitment and Management (OARM) initiates and reviews the FBI field investigation. For its employees who are not attorneys or political appointees, the Executive Office of the United States Attorneys (EOUSA) conducts an internal review of the OPM investigation before forwarding the file to SEPS. Figure 1 shows the typical work flow for these responsibilities. PERSG is responsible for initiating reinvestigations from this caseload of 27,000 employees and 7,000 contractors. Currently, all stages of the background investigation are paper-based and manual, no imaging functions are available to convert paper documents to digital files, and none of the stages for managing background investigations or reinvestigations are automated. PERSG tracks the physical location of its files using an inventory management software application called TRAQ.28 Only SEPS uses the software; none of the components has access to TRAQ.
PERSG is responsible for interpreting federal policies and guidance on all issues related to background investigations and reinvestigations. PERSG is also responsible for issuing Department policies for all Department components to follow. DOJ Order 2610.2A, dated August 21, 1990, is currently the official Department policy on background investigation and reinvestigation procedures.29 However, from 1990 through 2005, SEPS has issued over 40 separate update memorandums to supplement or amend the order. PERSG also provides formal training on the guidance and adjudicative standards for background investigations and reinvestigations, and provides informal guidance, primarily over the phone or via e-mail, to component staff.
SEPS has delegated to components’ personnel security staff the authority to adjudicate background investigations and reinvestigations for their employees and contractors, and the authority to grant waivers so new employees can begin work before their investigations are complete. In total, 20 components have delegated adjudication authority – 7 have the authority for employees and contractors, and 13 have the authority only for contractors (see Appendix I).
Approximately 76,000 employees, as well as a large number of contractors, work in the components with delegated authority.30 SEPS also has delegated to some components the authority to grant security clearances up to and including the level of Top Secret, upon an individual’s successful completion of an investigation. When delegating authority to a component, SEPS issues a memorandum that specifies the authorities being delegated as well as any restrictions imposed. The memorandum specifies that SEPS retains oversight of the delegated areas.
Although SEPS delegates to components the authority for background investigations, it remains responsible for overseeing the function. As described below, the various elements of SEPS’s oversight of the components with delegated authority are carried out by CRS and PERSG.
CRS Oversight Functions. SEPS’s primary oversight mechanism is the security compliance review conducted by its Compliance Review Section (CRS). CRS’s three Security Specialists are responsible for conducting security compliance reviews of the Department’s 3,000 to 3,500 offices and sub-offices worldwide. They travel to components’ locations, conduct the security compliance reviews, write reports describing the results of the review, and follow up with components that require corrective action. In selecting offices to review, CRS considers: (1) whether the office handles classified information; (2) whether SEPS has ever reviewed the office or when it last reviewed; (3) whether the office recently moved into a new building; and (4) the size of the office (larger offices are typically reviewed more often). CRS also considers input it receives from Security Programs Managers on potential security risks or problems at offices in their components. CRS issues a list of the offices it plans to review to the components’ Security Programs Managers at the beginning of each fiscal year.
Each review typically lasts 2 to 3 days and covers physical, personnel, contractor, information, computer, and communications security as well as safety and health and continuity of operations and occupant emergency plans. The highest priority of the review is ensuring that the physical security of Department offices is adequate and in compliance with applicable regulations.31 Only a small portion of most compliance reviews (3 to 4 hours) is dedicated to reviewing personnel security issues.32
Before visiting a site, the CRS staff reviews a sample of background investigation files maintained by the component’s headquarters office. The CRS staff estimated that, for large offices, it requests up to one third of the employee files for review and a higher percentage for smaller offices. While on site, Security Specialists use checklists for each of the security disciplines to guide them in conducting interviews with relevant security officials and recording findings and observations. The Personnel Security Checklist covers the following areas: (1) the minimum requirements of a waiver; (2) the background investigation requirements for temporary appointments; (3) the number of national security and public trust positions; (4) resignation and reinstatement procedures; (5) reinvestigation processes; (6) national security information access, training, and security clearances; and (7) SCI access procedures. The CRS staff asks for a roster of locally hired contractors, and checks the files kept on site. CRS will also talk to the General Services Administration about shared contract staff, such as janitors. Security Specialists interview the individual responsible for conducting security clearance briefings, and may also interview one or more employees with security clearances, to ensure that employees who access classified materials have received required training and signed required disclosure forms.
The CRS staff compiles its findings, observations, and recommendations into written reports and sends them to the component’s Security Programs Manager for corrective action.33 CRS has no requirement to issue reports within a particular time frame, but CRS has established an internal goal of issuing its reports approximately 4 to 6 weeks after the completion of the site visit.
There are no Department regulations or orders that establish requirements for the security compliance reviews or CRS’s authority for enforcing its security findings.34 SEPS has not established a formal performance measure for the number of security reviews it conducts each year, but has an informal internal goal of 60 reviews a year. SEPS also established an internal requirement for Security Programs Managers to respond in writing to CRS’s findings within 60 days of the report publication date. CRS staff may conduct a follow-up review after components respond to ensure that recommendations were addressed.35
PERSG Oversight Functions. In addition to the CRS compliance reviews, PERSG also conducts some oversight of the components with delegated authority. PERSG receives yearly reports from OPM on the percentage of adjudications each component is completing within 90 days, as regulations require. PERSG can also request that OPM perform an appraisal, or substantive audit, of a component’s ability to perform suitability adjudications. For example, PERSG requested an appraisal of the ATF’s performance following its transfer to the Department. OPM certified that the ATF was performing these duties well. The results of this appraisal led to PERSG’s decision to delegate to the ATF the authority to perform investigations and adjudications, and to grant security clearances up to and including the level of Top Secret.
Oversight Enforcement Mechanisms. If any of the oversight mechanisms described above indicates that a component is not adhering to Department security policy, SEPS may recommend that the Department Security Officer modify or revoke the component’s delegation of authority. The revocation option, used rarely, is the only sanction available to SEPS to ensure that components with delegated authority follow policy. It was last used in 2000 to transfer the responsibility for conducting field investigations from the Drug Enforcement Administration (DEA) to OPM. This decision was made after an OPM review of the DEA’s program revealed that many of the investigations the DEA conducted did not meet government standards for sufficiency or due process.
Three recent developments have the potential to significantly affect background investigations and clearances. These developments are the passage of the Intelligence Reform and Terrorism Prevention Act of 2004 (the Intelligence Reform Act, Pub. L. 108-458), the issuance of Homeland Security Presidential Directive 12 (HSPD-12), and OPM’s e Clearance initiative.
The Intelligence Reform Act. On July 22, 2004, the National Commission on Terrorist Attacks Upon the United States (the 9/11 Commission) released a report documenting numerous intelligence and security failures throughout the federal government and made over 40 recommendations for reforming the intelligence community and the intelligence-related activities of the United States government. Included among them was a recommendation that “[a] single federal agency should be responsible for providing and maintaining security clearances, ensuring uniform standards – including uniform security questionnaires and financial report requirements, and maintaining a single database.”36
Several of the 9/11 Commission’s recommendations were incorporated into the Intelligence Reform Act. These provisions have two major goals – to consolidate background investigations and the issuance of security clearances under a single government agency and to significantly reduce the time it takes to complete investigations. The Act first requires the President to name a single agency to be responsible for government-wide oversight of the security clearance process. This agency will also be responsible for standardizing and streamlining the process across agencies and ensuring reciprocal recognition of security clearances across agencies. In June 2005, the President assigned this role to the Office of Management and Budget (OMB). The Act also prohibits individual agencies from imposing any investigative or adjudicative requirements beyond those outlined in any Executive Orders establishing security requirements for access to classified information.
In addition to designating an oversight agency, the Act requires the President to designate a single federal agency to be responsible for conducting background investigations on all federal employees and issuing all security clearances.37 These investigations are to be conducted in accordance with the standards to be developed by OMB. The investigating agency is also expected to create a single, government-wide database to store information on the background investigations and clearance status of all federal employees.
In addition, the Act sets strict deadlines for the completion of various phases of the investigation. The Act mandates that, by the end of 2006, 80 percent of investigations must be completed within an average of 90 days and adjudications within an average of 30 days, for an overall average of 120 days for a case to be completed. By the end of 2009, 90 percent of investigations must be completed in an average of 40 days and adjudications in an average of 20 days, for an overall average of 60 days for a case to be completed.
HSPD-12. On August 27, 2004, President Bush signed HSPD-12, which requires a standardized form of official identification for both government employees and contractors. Implementation, in stages, will begin on October 27, 2005. The Office of the Chief Information Officer was designated to coordinate implementation for the Department, with SEPS providing input on personnel security issues. The directive states that official identification cards necessary to access government offices should be issued only to those employees with certain pre-employment background checks completed and that the validity of these checks must be updated or verified every 5 years. OMB is responsible for issuing government-wide implementation guidance on the directive.
Originally, the minimum requirement for issuing an identification card was that all National Agency Checks be completed, with additional paper inquiries completed after employment.38 This type of background investigation is called the NACI (National Agency Checks with Inquiries). As of FY 2004, OPM reported that the NACI process was taking an average of 89 days to complete. In August 2005, OMB reduced the pre-employment requirement. Currently, although the NACI must be initiated before a new employee enters on duty and the fingerprint check completed, an agency can issue an identification card if it has not received the remaining elements of the NACI within 5 days.
e-Clearance Initiative. OPM has proposed a transition to electronic recordkeeping to minimize the burden of background investigations. It is focusing on three specific improvements to the paper-based recordkeeping process. The first element of this program, called e-QIP, would provide automated online versions of the different background investigation questionnaires. Under OPM’s current system, an individual must fill out the security questionnaire from scratch each time an investigation is required, and OPM must manually enter the data into its system. Once fully implemented, e-QIP would allow for electronic transmission of the forms to appropriate agencies and for maintenance of historical data. OPM has further proposed the creation of an electronic version of the form used to update the original application, a change that it envisions would save both time and money when reinvestigations are required.
The second element calls for a government-wide database that would allow personnel security staff to verify the clearances of individuals in most government agencies.39 The ultimate goal is for the system to display clearance information in real time. The third element of the initiative calls for the imaging of all documentation related to background investigations. Imaging would allow for electronic transmittal of records to the appropriate offices, eliminating mailing delays. It would also allow OPM to maintain historical information. Providing quick access to previous investigations would minimize requests for duplicate investigations, thereby saving time and money. OPM has asked all government agencies that conduct background investigations to image the files of completed background investigations.