cloud security

DISA pushes continuous monitoring for security clearances

The Defense Information Systems Agency is spearheading a continuous monitoring solution that it hopes will virtually eliminate the reinvestigation process for security clearance holders and reduce the backlog of more than 700,000 cases.

"Fundamentally, the National Background Investigation System is designed to replace and modernize the existing systems that were being operated by OPM," Terry Carpenter, DISA's services development executive and acting program executive officer for NBIS, told FCW. "The solution is to automate … it's about modernizing the process, not just building a more secure system."

Carpenter said DISA has been working with the Office of Personnel Management's National Background Investigation Bureau and Defense Department's Defense Security Services "to really look hard at what they're trying to do to improve the time to get clearances and meet targets that are pretty aggressive and at the same time reduce the backlog, which only increases our risk."

The move comes as the White House is looking to take the Office of Personnel Management out of the loop entirely when it comes to background investigations and clearances as part of an overall government reorganization plan. The Trump administration hopes to place the clearance process functions exclusively within DOD. Congress will have to weigh in before any such changes become reality.

DISA was tapped to take over security clearance tech in the wake of the 2015 hack of OPM systems in which more than 20 million federal employment records were stolen, presumably by Chinese government or military operatives.

Systems changes being made at DISA won't affect the overall clearance process, Carpenter said. "It's how we collect the data from different sources, whether that be a human investigator going out and meeting the people or data coming from a data source. It's those kinds of things that are providing the biggest benefit."

One of the most significant changes will be implementing a continuous vetting process that allows people seeking clearances, or those who are up for reinvestigation to self-report information. That data will be checked against publicly available data and commercial information, such as financial records, instead of being manually re-evaluated every few years, said NBIS Program Manager Raju Shah.

"The objective of this effort is to prototype a new end-to-end architecture that will integrate commercial and government systems into one platform by building multiple new interfaces, enhancing the current technology and providing the investigative workflow," Shah said.

The continuous evaluation capability is set to debut in full Oct. 1, but it is being slowly integrated across the system over the summer.

Additionally, DISA is working on other changes pertaining to investigation workflow, such as form validation and automation.

"For example, the system will consolidate investigative items for field investigators within a geographic region. This will improve the efficiency of the investigative process, reducing investigators' need for multiple visits to the same source," Shah said.   

DISA announced a limited-release user pilot in early June that allows clearance applicants to apply via app, replacing OPM's e-QIP or Electronic Questionnaires for Investigations Processing system. The app is in the final testing phase and expected to be deployed this fall along with a position designation tool.

Such changes may seem small, but they address a core issue slowing down the background investigation process: human error. Shah said modifying the application interface is necessary because the error rate on the e-QIP forms averages 18 percent to 20 percent -- and up to 30 percent in some cases. That includes issues such as a wrong address or transposed dates.

DISA's new form process aims to eliminate those kinds of errors by "having automatic checks and other countermeasures like making sure the required fields are complete" before the form is submitted and accepted, Shah said.

But overall, Carpenter said the changes could yield immediate results simply because investigators will have better, more complete information.

"Once you get a system put in like this, end to end, you can see things you couldn't see before -- where data is slowing down, where you're missing things, and where there needs to be additional changes to make it better," Carpenter said.

Featured

Charter Sponsors