116 S314 IS: Modernizing the Trusted Workforce for the 21st Century Act of 2019
U.S. Senate
2019-01-31
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.
1.Short title; table of contents
(a)This Act may be cited as the Modernizing the Trusted Workforce for the 21st Century Act of 2019
.
(b)The table of contents for this Act is as follows:Sec. 1. Short title; table of contents.Sec. 2. Definitions.Sec. 3. Reports and plans relating to security clearances and background investigations.Sec. 4. Improving the process for security clearances.Sec. 5. Goals for promptness of determinations regarding security clearances.Sec. 6. Security Executive Agent.Sec. 7. Report on unified, simplified, Governmentwide standards for positions of trust and security clearances.Sec. 8. Report on clearance in person concept.Sec. 9. Budget request documentation on funding for background investigations.Sec. 10. Reports on reciprocity for security clearances inside of departments and agencies.Sec. 11. Intelligence community reports on security clearances.Sec. 12. Periodic report on positions in the intelligence community that can be conducted without access to classified information, networks, or facilities.Sec. 13. Information sharing program for positions of trust and security clearances.Sec. 14. Report on protections for confidentiality of whistleblower-related communications. 2.In this Act:
(1)Appropriate congressional committeesThe term appropriate congressional committees means— (A)the congressional intelligence committees;
(B)the Committee on Armed Services of the Senate; (C)the Committee on Appropriations of the Senate;
(D)the Committee on Homeland Security and Governmental Affairs of the Senate; (E)the Committee on Armed Services of the House of Representatives;
(F)the Committee on Appropriations of the House of Representatives; (G)the Committee on Homeland Security of the House of Representatives; and
(H)the Committee on Oversight and Reform of the House of Representatives. (2)Appropriate industry partnersThe term appropriate industry partner means a contractor, licensee, or grantee (as defined in section 101(a) of Executive Order 12829 (50 U.S.C. 3161 note; relating to National Industrial Security Program)) that is participating in the National Industrial Security Program established by such Executive Order.
(3)Congressional intelligence committeesThe term congressional intelligence committees has the meaning given such term in section 3 of the National Security Act of 1947 (50 U.S.C. 3003).
(4)The term continuous vetting has the meaning given such term in Executive Order 13467 (50 U.S.C. 3161 note; relating to reforming processes related to suitability for Government employment, fitness for contractor employees, and eligibility for access to classified national security information).
(5)The term Council means the Security, Suitability, and Credentialing Performance Accountability Council established pursuant to such Executive Order, or any successor entity.
(6)The term intelligence community has the meaning given such term in section 3 of the National Security Act of 1947 (50 U.S.C. 3003).
(7)Suitability and
Credentialing Executive AgentThe term Suitability and Credentialing Executive Agent means the Director of the Office of Personnel Management acting as the Suitability and Credentialing Executive Agent in accordance with Executive Order 13467 (50 U.S.C. 3161 note; relating to reforming processes related to suitability for Government employment, fitness for contractor employees, and eligibility for access to classified national security information), or any successor entity.
3.Reports and plans relating to security clearances and background investigations
(a)It is the sense of Congress that— (1)ensuring the trustworthiness and security of the workforce, facilities, and information of the Federal Government is of the highest priority to national security and public safety;
(2)the President and Congress should prioritize the modernization of the personnel security framework to improve its efficiency, effectiveness, and accountability;
(3)the current system for security clearance, suitability and fitness for employment, and credentialing lacks efficiencies and capabilities to meet the current threat environment, recruit and retain a trusted workforce, and capitalize on modern technologies; and
(4)changes to policies or processes to improve this system should be vetted through the Council to ensure standardization, portability, and reciprocity in security clearances across the Federal Government.
(b)Accountability plans and reports
(1)Not later than 90 days after the date of the enactment of this Act, the Council shall submit to the appropriate congressional committees and make available to appropriate industry partners the following:
(A)A plan, with milestones, to reduce the background investigation inventory to 200,000, or an otherwise sustainable steady-level, by the end of year 2020. Such plan shall include notes of any required changes in investigative and adjudicative standards or resources.
(B)A plan to consolidate the conduct of background investigations associated with the processing for security clearances in the most effective and efficient manner between the National Background Investigation Bureau and the Defense Security Service, or a successor organization. Such plan shall address required funding, personnel, contracts, information technology, field office structure, policy, governance, schedule, transition costs, and effects on stakeholders.
(2)Report on the future of personnel security
(A)Not later than 180 days after the date of the enactment of this Act, the Chairman of the Council, in coordination with the members of the Council, shall submit to the appropriate congressional committees and make available to appropriate industry partners a report on the future of personnel security to reflect changes in threats, the workforce, and technology.
(B)The report submitted under subparagraph (A) shall include the following: (i)A risk framework for granting and renewing access to classified information.
(ii)A discussion of the use of technologies to prevent, detect, and monitor threats. (iii)A discussion of efforts to address reciprocity and portability.
(iv)A discussion of the characteristics of effective insider threat programs. (v)An analysis of how to integrate data from continuous evaluation, insider threat programs, and human resources data.
(vi)Recommendations on interagency governance. (3)Not later than 180 days after the date of the enactment of this Act, the Chairman of the Council, in coordination with the members of the Council, shall submit to the appropriate congressional committees and make available to appropriate industry partners a plan to implement the report’s framework and recommendations submitted under paragraph (2)(A).
(4)Congressional notificationsNot less frequently than quarterly, the Security Executive Agent shall make available to the public a report regarding the status of the disposition of requests received from departments and agencies of the Federal Government for a change to, or approval under, the Federal investigative standards, the national adjudicative guidelines, continuous evaluation, or other national policy regarding personnel security.
4.Improving the process for security clearances
(a)Not later than 180 days after the date of the enactment of this Act, the Security Executive Agent, in coordination with the members of the Council, shall submit to the appropriate congressional committees and make available to appropriate industry partners a report that includes the following:
(1)A review of whether the information requested on the Questionnaire for National Security Positions (Standard Form 86) and by the Federal Investigative Standards prescribed by the Office of Personnel Management and the Office of the Director of National Intelligence appropriately supports the adjudicative guidelines under Security Executive Agent Directive 4 (known as the National Security Adjudicative Guidelines
). Such review shall include identification of whether any such information currently collected is unnecessary to support the adjudicative guidelines.
(2)An assessment of whether such Questionnaire, Standards, and guidelines should be revised to account for the prospect of a holder of a security clearance becoming an insider threat.
(3)Recommendations to improve the background investigation process by— (A)simplifying the Questionnaire for National Security Positions (Standard Form 86) and increasing customer support to applicants completing such Questionnaire;
(B)using remote techniques and centralized locations to support or replace field investigation work; (C)using secure and reliable digitization of information obtained during the clearance process;
(D)building the capacity of the background investigation labor sector; and (E)replacing periodic reinvestigations with continuous evaluation techniques in all appropriate circumstances.
(b)Policy, strategy, and implementationNot later than 180 days after the date of the enactment of this Act, the Security Executive Agent shall, in coordination with the members of the Council, establish the following:
(1)A policy and implementation plan for the issuance of interim security clearances. (2)A policy and implementation plan to ensure contractors are treated consistently in the security clearance process across agencies and departments of the United States as compared to employees of such agencies and departments. Such policy shall address—
(A)prioritization of processing security clearances based on the mission the contractors will be performing;
(B)standardization in the forms that agencies issue to initiate the process for a security clearance; (C)digitization of background investigation-related forms;
(D)use of the polygraph; (E)the application of the adjudicative guidelines under Security Executive Agent Directive 4 (known as the National Security Adjudicative Guidelines
);
(F)reciprocal recognition of clearances across agencies and departments of the United States, regardless of status of periodic reinvestigation;
(G)tracking of clearance files as individuals move from employment with an agency or department of the United States to employment in the private sector;
(H)collection of timelines for movement of contractors across agencies and departments; (I)reporting on security incidents and job performance, consistent with section 552a of title 5, United States Code (commonly known as the Privacy Act of 1974
), that may affect the ability to hold a security clearance;
(J)any recommended changes to the Federal Acquisition Regulations (FAR) necessary to ensure that information affecting contractor clearances or suitability is appropriately and expeditiously shared between and among agencies and contractors; and
(K)portability of contractor security clearances between or among contracts at the same agency and between or among contracts at different agencies that require the same level of clearance.
(3)A strategy and implementation plan that— (A)provides for periodic reinvestigations as part of a security clearance determination only on an as-needed, risk-based basis;
(B)includes actions to assess the extent to which automated records checks and other continuous evaluation methods may be used to expedite or focus reinvestigations; and
(C)provides an exception for certain populations if the Security Executive Agent— (i)determines such populations require reinvestigations at regular intervals; and
(ii)provides written justification to the appropriate congressional committees for any such determination.
(4)A policy and implementation plan for agencies and departments of the United States, as a part of the security clearance process, to accept automated records checks generated pursuant to a security clearance applicant’s employment with a prior employer.
(5)A policy for the use of certain background materials on individuals collected by the private sector for background investigation purposes.
(6)Uniform standards for agency continuous evaluation programs to ensure quality and reciprocity in accepting enrollment in a continuous vetting program as a substitute for a periodic investigation for continued access to classified information.
5.Goals for promptness of determinations regarding security clearances
(a)In this section, the term reciprocity means reciprocal recognition by Federal departments and agencies of eligibility for access to classified information.
(b)The Council shall reform the security clearance process with the objective that, by December 31, 2021, 90 percent of all determinations, other than determinations regarding populations identified under section 4(b)(3)(C), regarding—
(1)security clearances— (A)at the secret level are issued in 30 days or fewer; and
(B)at the top secret level are issued in 90 days or fewer; and (2)reciprocity of security clearances at the same level are recognized in 2 weeks or fewer.
(c)The Council shall reform the security clearance process with the goal that by December 31, 2021, reinvestigation on a set periodicity is not required for more than 10 percent of the population that holds a security clearance.
(d)
(1)If the Council develops a set of performance metrics that it certifies to the appropriate congressional committees should achieve substantially equivalent outcomes as those outlined in subsections (b) and (c), the Council may use those metrics for purposes of compliance within this provision.
(2)If the Council uses the authority provided by paragraph (1) to use metrics as described in such paragraph, the Council shall, not later than 30 days after communicating such metrics to departments and agencies, notify the appropriate congressional committees that it is using such authority.
(e)Not later than 180 days after the date of the enactment of this Act, the Council shall submit to the appropriate congressional committees and make available to appropriate industry partners a plan to carry out this section. Such plan shall include recommended interim milestones for the goals set forth in subsections (b) and (c) for 2019, 2020, and 2021.
6.
(a)Title VIII of the National Security Act of 1947 (50 U.S.C. 3161 et seq.) is amended— (1)by redesignating sections 803 and 804 as sections 804 and 805, respectively; and
(2)by inserting after section 802 the following: 803. (a)The Director of National Intelligence, or such other officer of the United States as the President may designate, shall serve as the Security Executive Agent for all departments and agencies of the United States.
(b)The duties of the Security Executive Agent are as follows: (1)To direct the oversight of investigations, reinvestigations, adjudications, and, as applicable, polygraphs for eligibility for access to classified information or eligibility to hold a sensitive position made by any Federal agency.
(2)To review the national security background investigation and adjudication programs of Federal agencies to determine whether such programs are being implemented in accordance with this section.
(3)To develop and issue uniform and consistent policies and procedures to ensure the effective, efficient, timely, and secure completion of investigations, polygraphs, and adjudications relating to determinations of eligibility for access to classified information or eligibility to hold a sensitive position.
(4)Unless otherwise designated by law, to serve as the final authority to designate a Federal agency or agencies to conduct investigations of persons who are proposed for access to classified information or for eligibility to hold a sensitive position to ascertain whether such persons satisfy the criteria for obtaining and retaining access to classified information or eligibility to hold a sensitive position, as applicable.
(5)Unless otherwise designated by law, to serve as the final authority to designate a Federal agency or agencies to determine eligibility for access to classified information or eligibility to hold a sensitive position in accordance with Executive Order 12968 (50 U.S.C. 3161 note; relating to access to classified information).
(6)To ensure reciprocal recognition of eligibility for access to classified information or eligibility to hold a sensitive position among Federal agencies, including acting as the final authority to arbitrate and resolve disputes among such agencies involving the reciprocity of investigations and adjudications of eligibility.
(7)To execute all other duties assigned to the Security Executive Agent by law. (c)The Security Executive Agent shall—
(1)issue guidelines and instructions to the heads of Federal agencies to ensure appropriate uniformity, centralization, efficiency, effectiveness, timeliness, and security in processes relating to determinations by such agencies of eligibility for access to classified information or eligibility to hold a sensitive position, including such matters as investigations, polygraphs, adjudications, and reciprocity;
(2)have the authority to grant exceptions to, or waivers of, national security investigative requirements, including issuing implementing or clarifying guidance, as necessary;
(3)have the authority to assign, in whole or in part, to the head of any Federal agency (solely or jointly) any of the duties of the Security Executive Agent described in subsection (b) or the authorities described in paragraphs (1) and (2), provided that the exercise of such assigned duties or authorities is subject to the oversight of the Security Executive Agent, including such terms and conditions (including approval by the Security Executive Agent) as the Security Executive Agent determines appropriate; and
(4)define and set standards for continuous evaluation for continued access to classified information and for eligibility to hold a sensitive position..
(b)Report on recommendations for revising authoritiesNot later than 30 days after the date on which the Chairman of the Council submits to the appropriate congressional committees the report required by section 3(b)(2)(A), the Chairman shall submit to the appropriate congressional committees such recommendations as the Chairman may have for revising the authorities of the Security Executive Agent.
(c)Section 103H(j)(4)(A) of such Act (50 U.S.C. 3033(j)(4)(A)) is amended by striking in section 804
and inserting in section 805
. (d)The table of contents in the matter preceding section 2 of such Act (50 U.S.C. 3002) is amended by striking the items relating to sections 803 and 804 and inserting the following:
Sec. 803. Security Executive Agent.Sec. 804. Exceptions.Sec. 805. Definitions..
7.Report on unified, simplified, Governmentwide standards for positions of trust and security
clearancesNot later than 90 days after the date of the enactment of this Act, the Security Executive Agent and the Suitability and Credentialing Executive Agent, in coordination with the other members of the Council, shall jointly submit to the appropriate congressional committees and make available to appropriate industry partners a report regarding the advisability and the risks, benefits, and costs to the Government and to industry of consolidating to not more than 3 tiers for positions of trust and security clearances.
8.Report on clearance in person concept
(a)It is the sense of Congress that to reflect the greater mobility of the modern workforce, alternative methodologies merit analysis to allow greater flexibility for individuals moving in and out of positions that require access to classified information, while still preserving security.
(b)Not later than 90 days after the date of the enactment of this Act, the Security Executive Agent shall submit to the appropriate congressional committees and make available to appropriate industry partners a report that describes the requirements, feasibility, and advisability of implementing a clearance in person concept described in subsection (c).
(c)Clearance in person conceptThe clearance in person concept— (1)permits an individual who once held a security clearance to maintain his or her eligibility for access to classified information, networks, and facilities for up to 3 years after the individual’s eligibility for access to classified information would otherwise lapse; and
(2)recognizes, unless otherwise directed by the Security Executive Agent, an individual’s security clearance and background investigation as current, regardless of employment status, contingent on enrollment in a continuous vetting program.
(d)The report required under subsection (b) shall address— (1)requirements for an individual to voluntarily remain in a continuous evaluation program validated by the Security Executive Agent even if the individual is not in a position requiring access to classified information;
(2)appropriate safeguards for privacy; (3)advantages to Government and industry;
(4)the costs and savings associated with implementation; (5)the risks of such implementation, including security and counterintelligence risks;
(6)an appropriate funding model; and (7)fairness to small companies and independent contractors.
9.Budget request documentation on funding for background investigations
(a)As part of the fiscal year 2020 budget request submitted to Congress pursuant to section 1105(a) of title 31, United States Code, the President shall include exhibits that identify the resources expended by each agency during the prior fiscal year for processing background investigations and continuous evaluation programs, disaggregated by tier and whether the individual was a Government employee or contractor.
(b)Each exhibit submitted under subsection (a) shall include details on—
(1)the costs of background investigations or reinvestigations;
(2)the costs associated with background investigations for Government or contract personnel; (3)costs associated with continuous evaluation initiatives monitoring for each person for whom a background investigation or reinvestigation was conducted, other than costs associated with adjudication;
(4)the average per person cost for each type of background investigation; and (5)a summary of transfers and reprogrammings that were executed in the previous year to support the processing of security clearances.
10.Reports on reciprocity for security clearances inside of departments and agencies
(a)Reciprocally recognized definedIn this section, the term reciprocally recognized means reciprocal recognition by Federal departments and agencies of eligibility for access to classified information.
(b)Reports to Security Executive AgentThe head of each Federal department or agency shall submit an annual report to the Security Executive Agent that—
(1)identifies the number of individuals whose security clearances take more than 2 weeks to be reciprocally recognized after such individuals move to another part of such department or agency; and
(2)breaks out the information described in paragraph (1) by type of clearance and the reasons for any delays.
(c)Not less frequently than once each year, the Security Executive Agent shall submit to the appropriate congressional committees and make available to industry partners an annual report that summarizes the information received pursuant to subsection (b) during the period covered by such report.
11.Intelligence community reports on security clearancesSection 506H of the National Security Act of 1947 (50 U.S.C. 3104) is amended— (1)in subsection (a)(1)—
(A)in subparagraph (A)(ii), by adding and
at the end; (B)in subparagraph (B)(ii), by striking ; and
and inserting a period; and
(C)by striking subparagraph (C); (2)by redesignating subsection (b) as subsection (c);
(3)by inserting after subsection (a) the following: (b)Intelligence community reports(1)(A)Not later than March 1 of each year, the Director of National Intelligence shall submit a report to the congressional intelligence committees, the Committee on Homeland Security and Governmental Affairs of the Senate, the Committee on Homeland Security of the House of Representatives, and the Committee on Oversight and Reform of the House of Representatives regarding the security clearances processed by each element of the intelligence community during the preceding fiscal year.
(B)The Director shall submit to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives such portions of the report submitted under subparagraph (A) as the Director determines address elements of the intelligence community that are within the Department of Defense.
(C)Each report submitted under this paragraph shall separately identify security clearances processed for Federal employees and contractor employees sponsored by each such element.
(2)Each report submitted under paragraph (1)(A) shall include, for each element of the intelligence community for the fiscal year covered by the report, the following:
(A)The total number of initial security clearance background investigations sponsored for new applicants.
(B)The total number of security clearance periodic reinvestigations sponsored for existing employees. (C)The total number of initial security clearance background investigations for new applicants that were adjudicated with notice of a determination provided to the prospective applicant, including—
(i)the total number of such adjudications that were adjudicated favorably and granted access to classified information; and
(ii)the total number of such adjudications that were adjudicated unfavorably and resulted in a denial or revocation of a security clearance.
(D)The total number of security clearance periodic background investigations that were adjudicated with notice of a determination provided to the existing employee, including—
(i)the total number of such adjudications that were adjudicated favorably; and (ii)the total number of such adjudications that were adjudicated unfavorably and resulted in a denial or revocation of a security clearance.
(E)The total number of pending security clearance background investigations, including initial applicant investigations and periodic reinvestigations, that were not adjudicated as of the last day of such year and that remained pending, categorized as follows:
(i)For 180 days or shorter. (ii)For longer than 180 days, but shorter than 12 months.
(iii)For 12 months or longer, but shorter than 18 months. (iv)For 18 months or longer, but shorter than 24 months.
(v)For 24 months or longer. (F)For any security clearance determinations completed or pending during the year preceding the year for which the report is submitted that have taken longer than 12 months to complete—
(i)an explanation of the causes for the delays incurred during the period covered by the report; and (ii)the number of such delays involving a polygraph requirement.
(G)The percentage of security clearance investigations, including initial and periodic reinvestigations, that resulted in a denial or revocation of a security clearance.
(H)The percentage of security clearance investigations that resulted in incomplete information. (I)The percentage of security clearance investigations that did not result in enough information to make a decision on potentially adverse information.
(3)The report required under this subsection shall be submitted in unclassified form, but may include a classified annex.; and
(4)in subsection (c), as redesignated, by striking subsection (a)(1)
and inserting subsections (a)(1) and (b)
. 12.Periodic report on positions in the intelligence community that can be conducted without access to classified information, networks, or facilitiesNot later than 180 days after the date of the enactment of this Act and not less frequently than once every 5 years thereafter, the Director of National Intelligence shall submit to the congressional intelligence committees a report that reviews the intelligence community for which positions can be conducted without access to classified information, networks, or facilities, or may only require a security clearance at the secret level.
13.Information sharing program for positions of trust and security clearances
(a)
(1)Not later than 90 days after the date of the enactment of this Act, the Security Executive Agent and the Suitability and Credentialing Executive Agent shall establish and implement a program to share between and among agencies of the Federal Government and industry partners of the Federal Government relevant background information regarding individuals applying for and currently occupying national security positions and positions of trust, in order to ensure the Federal Government maintains a trusted workforce.
(2)The program established under paragraph (1) shall be known as the Trusted Information Provider Program
(in this section referred to as the Program
). (b)The Security Executive Agent and the Suitability and Credentialing Executive Agent shall ensure that the Program includes such safeguards for privacy as the Security Executive Agent and the Suitability and Credentialing Executive Agent consider appropriate.
(c)Provision of information to the Federal GovernmentThe Program shall include requirements that enable investigative service providers and agencies of the Federal Government to leverage certain pre-employment information gathered during the employment or military recruiting process, and other relevant security or human resources information obtained during employment with or for the Federal Government, that satisfy Federal investigative standards, while safeguarding personnel privacy.
(d)The information and records considered under the Program shall include the following: (1)Date and place of birth.
(2)Citizenship or immigration and naturalization information. (3)Education records.
(4)Employment records. (5)Employment or social references.
(6)Military service records. (7)State and local law enforcement checks.
(8)Criminal history checks. (9)Financial records or information.
(10)Foreign travel, relatives, or associations. (11)Social media checks.
(12)Such other information or records as may be relevant to obtaining or maintaining national security, suitability, fitness, or credentialing eligibility.
(e)
(1)Not later than 90 days after the date of the enactment of this Act, the Security Executive Agent and the Suitability and Credentialing Executive Agent shall jointly submit to the appropriate congressional committees and make available to appropriate industry partners a plan for the implementation of the Program.
(2)The plan required by paragraph (1) shall include the following: (A)Mechanisms that address privacy, national security, suitability or fitness, credentialing, and human resources or military recruitment processes.
(B)Such recommendations for legislative or administrative action as the Security Executive Agent and the Suitability and Credentialing Executive Agent consider appropriate to carry out or improve the Program.
(f)Plan for pilot program on two-Way information sharing
(1)Not later than 180 days after the date of the enactment of this Act, the Security Executive Agent and the Suitability and Credentialing Executive Agent shall jointly submit to the appropriate congressional committees and make available to appropriate industry partners a plan for the implementation of a pilot program to assess the feasibility and advisability of expanding the Program to include the sharing of information held by the Federal Government related to contract personnel with the security office of the employer of those contractor personnel.
(2)The plan required by paragraph (1) shall include the following: (A)Mechanisms that address privacy, national security, suitability or fitness, credentialing, and human resources or military recruitment processes.
(B)Such recommendations for legislative or administrative action as the Security Executive Agent and the Suitability and Credentialing Executive Agent consider appropriate to carry out or improve the pilot program.
(g)Not later than 1 year after the date of the enactment of this Act, the Security Executive Agent and the Suitability and Credentialing Executive Agent shall jointly submit to the appropriate congressional committees and make available to appropriate industry partners a review of the plans submitted under subsections (e)(1) and (f)(1) and utility and effectiveness of the programs described in such plans.
14.Report on protections for confidentiality of whistleblower-related communicationsNot later than 180 days after the date of the enactment of this Act, the Security Executive Agent shall, in coordination with the Inspector General of the Intelligence Community, submit to the appropriate congressional committees a report detailing the controls employed by the intelligence community to ensure that continuous vetting programs, including those involving user activity monitoring, protect the confidentiality of whistleblower-related communications.