[Senate Hearing 118-99]
[From the U.S. Government Publishing Office]


                                                         S. Hrg. 118-99

                             OPEN HEARING:
                    PERSONNEL VETTING MODERNIZATION

=======================================================================


                                HEARING

                               BEFORE THE

                    SELECT COMMITTEE ON INTELLIGENCE

                                 OF THE

                          UNITED STATES SENATE

                    ONE HUNDRED EIGHTEENTH CONGRESS

                             FIRST SESSION
                               __________

                             MARCH 29, 2023
                               __________

      Printed for the use of the Select Committee on Intelligence


                  [GRAPHIC NOT AVAILABLE IN TIFF FORMAT]


        Available via the World Wide Web: http://www.govinfo.gov

                               __________

                    U.S. GOVERNMENT PUBLISHING OFFICE
                    
52-514                    WASHINGTON : 2024           

                    SELECT COMMITTEE ON INTELLIGENCE

           (Established by S. Res. 400, 94th Cong. 2d Sess.)

                   MARK R. WARNER, Virginia, Chairman
                  MARCO RUBIO, Florida, Vice Chairman

DIANNE FEINSTEIN, California         JAMES E. RISCH, Idaho
RON WYDEN, Oregon                    SUSAN M. COLLINS, Maine
ANGUS S. KING, Jr., Maine            TOM COTTON, Arkansas
MARTIN HEINRICH, New Mexico          JOHN CORNYN, Texas
ANGUS S. KING, Maine                 JERRY MORAN, Kansas
MICHAEL F. BENNET, Colorado          JAMES LANKFORD, Oklahoma
ROBERT P. CASEY, Jr., Pennsylvania   MIKE ROUNDS, South Dakota
KIRSTEN E. GILLIBRAND, New York
JON OSSOFF, Georgia

                CHARLES E. SCHUMER, New York, Ex Officio
                 MITCH McCONNELL, Kentucky, Ex Officio
                  JACK REED, Rhode Island, Ex Officio
                ROGER F. WICKER, Mississippi, Ex Officio
                              ----------                              

                     Michael Casey, Staff Director
                  Brian Walsh, Minority Staff Director
                   Kelsey Stroud Bailey, Chief Clerk

                            C O N T E N T S

                              ----------                              

                           OPENING STATEMENTS

                                                                   Page
Mark R. Warner, U.S. Senator from Virginia.......................     1
Marco Rubio, U.S. Senator from Florida...........................     3

                               WITNESSES

Hon. Jason S. Miller, Deputy Director for Management, U.S. Office 
  of Management and Budget.......................................     6
    Prepared Statement...........................................     8
Hon. Stacey A. Dixon, Ph.D., Principal Deputy Director of 
  National Intelligence, Office of the Director of National 
  Intelligence...................................................    15
    Prepared Statement...........................................    17
Hon. Kiran A. Ahuja, Director, U.S. Office of Personnel 
  Management.....................................................    21
    Prepared Statement...........................................    23
Hon. Ronald Moultrie, Under Secretary of Defense for Intelligence 
  and Security, U.S. Department of Defense.......................    36
    Prepared Statement...........................................    37

 
            OPEN HEARING: ON PERSONNEL VETTING MODERNIZATION

                              ----------                              


                       WEDNESDAY, MARCH 29, 2023

                                       U.S. Senate,
                          Select Committee on Intelligence,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 2:42 p.m., in 
Room SH-216 in the Hart Senate Office Building, in open 
session, the Honorable Mark R. Warner, Chairman of the 
Committee, presiding.
    Present: Senators Warner (presiding), Rubio, Wyden, 
Heinrich, King, Bennet, Casey, Gillibrand, Ossoff, Collins, 
Cotton, Cornyn, Moran, Lankford, and Rounds.

 OPENING STATEMENT OF HON. MARK R. WARNER, A U.S. SENATOR FROM 
                            VIRGINIA

    Chairman Warner. All right everyone, I'm going to call this 
hearing to order. The Vice Chair will be joining in a moment. I 
had a slightly longer statement today, with apologies to my 
colleagues. But before I get to the statement--I shared this 
with Senator Rubio's staff--I want to make sure Members know, 
since we are all completely on the same page. I had what would 
be called a frank and candid exchange with the Deputy Attorney 
General today on the issue of the classified documents. Some of 
the Members who yesterday realized that the Attorney General 
was, in a sense saying, you know we got no problem. We--and I 
thank Senator Moran for raising this in separate testimony--and 
we've had DOD, and I point this way--DOJ, point this way.
    I think we're going to see some results very shortly. The 
position of the Administration cannot pass any kind of smell 
test. We have a job to do. You know, what is not about 
classification, the documents--responsibility for that is the 
Justice Department.
    But our intelligence responsibility is paramount. And this 
Committee is completely united. I just want to make sure I 
could share that, not only with Members but frankly, the public 
needs to hear this, as well.
    This hearing has had a little bit of a dark cloud over it. 
I think it's had to be rescheduled two or three times. Some of 
my colleagues who sit on the panel think I'm obsessed about 
this issue, which I partially am. I did not think security 
clearance reform, when we started this with Richard Burr about 
four years ago, was going to be a potentially career-ending 
task. I thought it could have been done relatively shortly. I 
think generally we're going to hear some good news today.
    So, I want to, again, welcome today's Executive Branch 
witnesses: the Honorable Jason Miller, who is the Deputy 
Director of OMB and Chair of the Performance Accountability 
Council of the PAC. The Honorable Kiran Ahuja, Director of OPM 
and the Government's Suitability, Fitness and Credit 
Credentialing Executive Agent; the Honorable Stacy Dixon, who 
has appeared before us many times--and we appreciate her recent 
appearance before the BRT on that China brief--Principal Deputy 
Director for National Intelligence, PDDNI, representing the DNI 
as the Government's Security Executive Agency; and the 
Honorable Ronald Moultrie, the Undersecretary of Defense for 
Intelligence and Security, who handles the DOD side of this.
    The Intelligence Committee has long prioritized the need to 
vet personnel for sensitive and national security positions 
effectively and efficiently to ensure classified information is 
properly protected. This is about getting the very best 
personnel into our intelligence agencies, and for that matter 
DOD, and into the contracting positions as well, in sensitive 
positions.
    But also trying to make sure that companies and our 
government agencies don't waste time and money to bring people 
on board to address critical issues and then find out that 
we've simply opened ourselves up to our adversaries. It's 
obviously an even more difficult road in recent years. Our 
legacy vetting system was anchored around granting clearances 
to a workforce employed by government for a lifetime, with 
minimum mobility between agencies and companies. And we did 
this in a way that focused on one-time investigations. And 
then, regardless of what happened, a five-year later, second 
review. It took way too long, deterred applicants, and made 
mistakes. I remember one of our earlier hearings on this 
subject, where I know Senator Burr and a couple of the Members 
mentioned they either had family members or friends who had 
wanted to serve, for example, at the CIA. And it was close to 
two years before they could get their clearances. We were 
losing people. We were finding people on the contracting side 
not able to do their jobs in a way that was appropriate. And 
the truth was, the backlog, ultimately in 2015, got to 725,000 
folks and it took over two years to get a top-secret clearance.
    Let me be clear that I want to give compliments to the 
predecessors in the Trump Administration. They worked hard to 
bring that down. We brought it down to about 225,000, 250,000. 
We had to bump up on the adjudication process. But we have now, 
frankly at a steady state, we're in a pretty good spot. But 
we've got to make sure that--. We've still got more work to do. 
And this is going to require a whole-of-government effort, 
started under the last Administration, continuing in this 
Administration, the Trusted Workforce 2.0 Initiative to 
reimagine, from end to end, how we vet personnel. But we've got 
to make sure that--we've still got more work to do.
    The truth is, we need to be able to do this on a continuous 
basis, not simply demonstrated by arbitrary timelines. We need 
to use the power of technology. We also need to make sure that 
we utilize machine learning, artificial intelligence, and other 
tools to make sure that we've got this appropriate information.
    One of the reasons why the Vice Chairman and I are so 
concerned about some of the national security risks of TikTok 
is because if people's data is ultimately ending up in Beijing 
and that's then used to potentially blackmail someone, that 
could obviously completely preclude somebody from serving in 
our government.
    So, the Trusted Workforce 2.0 Initiative rests on some core 
tenets.
    First, it integrates the frameworks for security, 
suitability, fitness, and credentialing.
    Second, it collapses, finally, the five tiers of 
determination for trust to three: low, medium, and high.
    Third, the new model operates around five common personnel 
actions: the initiation, maintenance, upgrading, transfer, and 
reestablishment of trust.
    Fourth, the new vetting. The new approach uses a behavioral 
model, as I mentioned, of continuous vetting to assess trust on 
an ongoing basis, rather than on this automatic five years, 
regardless of circumstances. And we've got to make sure this 
works not just for folks who work inside the government, but 
our industry partners, as well.
    There's still work to be done. The IT backbone that will 
deal with this Trusted Workforce 2.0, DOD is developing, and 
needs to be tested, verified, and validated. We need to make 
sure that this process, again, works for folks on both sides, 
because we do want to encourage people going, for a while, in 
the government, going into the private sector, being able to 
come back.
    And we need to make sure that, down to some of the nitty 
gritty we've gotten into--. For polygraphs on CIA personnel, 
others, how we make sure there is some reciprocity, for 
example, on those kinds of tests? We've got a lot of questions 
that we've had in some of the closed hearings: how we navigate 
issues like mental health, financial duress, marijuana usage, 
social media. We recognize the complexity of this.
    But we've got to get this done. For this hearing, because 
it's in public, what we're going to go ahead and go in order of 
seniority, although I am going to allow Senator Gillibrand, 
who's got something to go to, to take my round of questions 
after Senator Rubio and after our witnesses present, because 
I'm going to stick on this until we get it done.
    I very much appreciate the collaboration, cooperation, and 
our work with all of you so far. And with that, I'll turn it 
over to the Vice Chairman. Marco.

  OPENING STATEMENT OF HON. MARCO RUBIO, A U.S. SENATOR FROM 
                            FLORIDA

    Vice Chairman Rubio. Thank you, Mr. Chairman. Thank you all 
for coming here.
    Before we begin, just off topic--it's not what you're here 
to talk about. But I've sort of pledged to myself that any time 
we have any representatives of the Intelligence Community 
before us, that I would drive this point home, even though it's 
not directly under your jurisdictions.
    But nonetheless, and I think it's probably directed to 
Deputy Director Dixon and Undersecretary Moultrie. And that 
is--let me just make this broader point first. Intelligence by 
necessity, is something we keep out of the public eye. Right? 
Because we can't conduct it in the sunshine. But there has to 
be oversight.
    And so that's why these Committees were created. And I'm 
actually very proud to be a Member of this Committee. Most of 
our work is not on camera. Maybe that's why most of our work is 
productive, nonpartisan and--and serious. There's no reason to 
show off in front of the cameras because no one's in there to 
watch that.
    But I think also because all the Members on this Committee 
that are picked, individually by the respective leaders of the 
two parties, are people that take this task very seriously. And 
I'm very proud of the work that we do. But it only works if we 
have access, and we can conduct oversight. We have to know what 
the intelligence agency is, not because we're nosy.
    This is not like--we can't tell anybody anyways. It's 
because we need to know. Because when things go wrong down the 
road, people are going to want to know why wasn't there 
oversight being conducted? And we know that classified 
information was removed from at least three--from individuals 
that previously served in the government, two of them as 
President, one as Vice President.
    And we need to understand what that material was, so that 
we can determine whether the Intelligence Community has 
established both the appropriate mitigation and the appropriate 
risk calculus as to what was--could have been revealed. We do 
not have that. And the excuse is an unacceptable one, that 
there's a special prosecutor process going on and that, in no 
way--we're not interested in the criminal justice aspect of it. 
What we need to understand is, I would almost assure you we 
have access, already to almost all, most of the material.
    We just don't know which ones they are. How can we make a 
judgment as to whether the proper risk calculus is in place and 
whether the proper mitigation of any is being implemented, if 
we don't know what it is or what we're talking about?
    So again, I know it's not anything you two handle 
personally, directly, but I hope you'll go back and say that 
the Intelligence Committee raised it again today.
    Chairman Warner. Can I interrupt?
    Vice Chairman Rubio. Yeah.
    Chairman Warner. Because--just so that we show, Stacey, 
this was not pre-wired, before you got here, I shared with the 
Committee that I had a very frank and candid discussion with 
the Deputy Attorney General and basically said exactly the same 
things, that, while they promise documents, you know, within a 
week or so they have not performed, to date. And I think if we 
ask every Member on this Committee, we have a responsibility, 
the other 85 Senators--. So, I just want to echo what the Vice 
Chairman just said.
    Vice Chairman Rubio. Yeah. As I said, I think there's--
everyone is very serious about it, and I hope we can find 
resolution on it.
    The other one, and I'll be even briefer on this one, but I 
think is also important to us is, you know, we had a Chinese 
balloon go across the middle of the United States. It wasn't a 
weather balloon. Everybody acknowledges that it was a 
collection platform. We've had very little information or data 
provided to us. And in particular, no one's even truly informed 
us what role the All-domain Anomaly Resolution Office, AARO, 
has played in that regard. Again, I don't know what--maybe this 
is because it's a DOD/Intelligence Committee sort of overlap or 
whatever it is. These are things that we need answers to and we 
just--to think about how important that was and how little 
information has been provided to the Committees, particularly 
to this one, is something that I hope you will also take back 
as concern number two, in this regard.
    Now on the topic that we're on today, I think it's a pretty 
straightforward one, and that is we need to be able to hire 
good people to come in and work for the Government. We need to 
know who they are. I think this is a challenge because the 
backlog builds up. There's been improvement after the 2016 DOD 
system was implemented.
    But obviously, that doesn't apply to all of the IC. I think 
there are some issues with one agency not reciprocating the 
other. And then there's this--and I'm not saying it's 
unnecessary--but this Byzantine system of read into some 
programs, but not others. All of the different layers of 
compartments, and so forth.
    But the main point is, I think it's getting increasingly 
difficult. I'm just telling you, from people that I know, I've 
actively tried to encourage people to pursue serving their 
country at one of the agencies. And it's just really hard, 
because when you go see them and you tell them well, you know, 
it'll take three or four years to clear you, two or three years 
to clear you, who can sit around for two or three years to wait 
to be hired, especially when we're competing with the private 
sector for some of this talent?
    There are a lot of people willing to do it. So, I think 
that's where I'm most interested in learning. How do we balance 
the need to bring in people you can trust and understand who 
they are, with the desire to do it quickly enough so that this 
is a viable option for people that want to come work here and 
there?
    I think there are ways to do it. I also think it's going to 
get more challenging. In some ways, you know, it's hard--
probably easier to hire a 23-year-old, because they haven't 
traveled the whole planet. And frankly, I would imagine that 
for at least half that time of their lives, they weren't doing 
anything nefarious.
    And the other half, well, you know, but we can manage it. 
But when you're 23, there's limited windows, as opposed to 
somebody who's 55 and has worked in the private sector and you 
need to know more about their background and the like. But I 
think the flip side of it is, I think it's going to be 
impossible in the years to come to hire someone who hasn't had 
a substantial social media profile platform.
    What--and what that has exposed them to, whether it's data 
or places they've traveled or people they've interacted with or 
relationships they have. I also think the nature of espionage 
has changed. You know, it's not some James Bond figure 
rappelling off the side of a building. It might be someone who 
doesn't even know they're operating as a spy.
    They think--but they're operating as an influence agent, 
and those sorts of relationships. So, all that is to say is, is 
this is a tricky problem, but what we've got to figure out and 
we want to know what progress we're making on it, because we 
need to be able to attract talented people to serve our country 
in these roles.
    So, thank you for coming in.
    Chairman Warner. Well, thank you, Senator Rubio. And again, 
we've got lots of questions, lots of Members here. I'm going 
to--I hope you've been told, but we're going to expect each of 
your opening statements to be no longer than three to four 
minutes and I'm going to enforce that. So, I'm not sure who 
is--who's up first?
    Jason.

STATEMENT OF HON. JASON MILLER, DEPUTY DIRECTOR FOR MANAGEMENT, 
                OFFICE OF MANAGEMENT AND BUDGET

    Deputy Director Miller. Thank you, Chairman Warner, Vice 
Chairman Rubio, Members of the Committee for the opportunity to 
speak today. And thank you for your continued leadership on 
personnel vetting reform. I am honored to testify alongside my 
colleagues. Collectively, we serve as the principles of 
security, suitability, and credentialing for the Performance 
Accountability Council, or PAC, established by President Bush 
in 2008. The PAC is the interagency body accountable for 
transforming personnel vetting.
    Personnel vetting reform, as the Chairman noted, it has 
been a multi-year effort, spanning Administrations and 
benefiting from the consistent and bipartisan support of the 
Congress. Soon after my confirmation in April 2021, I convened 
the PAC Principles to consolidate the accomplishments of 
previous Administrations and make sure we were accelerating 
transformation.
    As chair of the PAC, I have three primary responsibilities. 
First, establishing the overall direction for our reform 
efforts; second, coordinating the complex choreography of 
implementation across the entire federal enterprise; and third, 
ensuring accountability for execution. I want to highlight four 
themes from the written testimony I submitted for the record.
    First, personnel vetting underpins a well-performing 
Federal government. Government service, whether military, 
civilian, or contractor, comes with important responsibility. 
The American public deserves a workforce they can trust who 
will not abuse access for personal gain to harm others or to 
undermine the country's security.
    Implementing transformational reform of our personnel 
vetting system will allow agencies to identify potentially 
problematic behavior more quickly and accurately before acting, 
while ensuring that federal agencies are able to efficiently 
hire and onboard the personnel necessary to faithfully serve 
the American people.
    Second, substantial progress has been made. Since the PAC 
last appeared before this Committee in January of 2020, the 
background investigation inventory has consistently remained 
below its target level of 200,000 cases, enabling sustained 
improvement in processing times. Since that hearing, the time 
needed to process top-secret and secret clearances have been 
reduced by more than 40 percent.
    That has enabled a real focus on transformation. We have 
transferred background investigation operations to DOD, issued 
many of the key framework policies, and enrolled the entire 
national security sensitive workforce into continuous vetting. 
These decisive steps ensure we moved away from solely 
addressing problems and towards implementing a wholly new 
system that will enable transformative impact.
    Third, hard work remains. For example, successful adoption 
of Trusted Workforce 2.0 relies on the phased development and 
deployment of the DOD's personnel vetting information 
technology platform, called National Background Investigation 
Services, or NBIS. In 2023, this year, this includes 
transitioning from the legacy equipment platform used to 
process background investigations, to the more user-friendly 
EAP system.
    Additionally, we must continue ensuring agencies will be 
prepared for upcoming reforms, such as the anticipated 
enrollment of non-sensitive public trust personnel into 
continuous vetting. Fourth, broad collaboration is critical to 
reform success. This includes cooperation across federal 
agencies and our partners in the federal contracting community.
    And just as importantly, I want to acknowledge the 
bipartisan backing Congress has shown on personnel vetting, 
again across Administrations. Your engagement helps keep us 
accountable and on track to reach our milestones.
    And thank you again for the opportunity to appear before 
the Committee today. I look forward to your questions.
    [The prepared statement of the witness follows:]

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
STATEMENT OF HON. STACEY DIXON, PhD, PRINCIPAL DEPUTY DIRECTOR 
 OF NATIONAL INTELLIGENCE, OFFICE OF THE DIRECTOR OF NATIONAL 
                          INTELLIGENCE

    Deputy Director Dixon. Chairman Warner, Vice Chairman 
Rubio, Members of the Committee, thank you for this 
opportunity. I'm here representing the Director of National 
Intelligence, Avril Haines, who serves as the security 
executive agent for the Federal government and a key member of 
the Performance Accountability Council. As a security executive 
agent, she oversees national security background investigations 
and adjudications that are conducted in order to determine an 
individual's eligibility to access classified information or 
hold a sensitive position. Her responsibilities include issuing 
guidance to ensure the vetting processes are effective, 
efficient, timely, fair, and secure. This includes the use of 
polygraphs for those agencies that use them in their process. 
Director Haines and I fully support the Trusted Workforce 2.0 
alignment of personnel vetting across suitability and fitness, 
credentialing, and security into one overall vetting model, 
with the tiers mentioned before.
    We're leveraging technology and automation for initial 
background checks and for our transition from the traditional 
periodic reinvestigation model to a continuous vetting model 
that will improve our ability to detect risk earlier and 
mitigate that risk proactively. This transition is helping to 
deliver talent faster and retain and move that talent within 
the government to support mission.
    Continuous vetting has now been successfully deployed for 
nearly all of the national-security-sensitive population, 
improving our ability to protect sensitive IT systems, 
facilities, people, and mission. Agencies with that sensitive 
population have been certified as having compliant personnel 
security programs that are able to implement the expanded 
capabilities that are now allowing us to identify concerning 
information sooner, so employers can intervene early and 
leverage resources, such as employee assistance programs that 
can help individuals and create the conditions for retaining 
them as valuable, productive members of the workforce.
    Working with OPM, we are entering the final stages of 
updating the personnel vetting questionnaire standard forms 
that applicants fill out. The updates are taking into account 
feedback that we receive from agencies and the public. Our goal 
is to ensure better alignment of information collection efforts 
and what we believe will be an improved, overall applicant 
experience.
    This effort also provides an opportunity to better align 
security vetting into our Nation's changing societal landscape 
by providing clarity on what information will be collected and 
reviewed, including on matters such as past marijuana use and 
mental health. Director Haines and I also believe that it is 
fundamental to our national security to ensure that we recruit 
and retain a diverse workforce that is representative of our 
American society.
    The Intelligence Community is making strides in this regard 
and remain dedicated to removing any structural and cultural 
barriers that might prevent or discourage qualified applicants 
from applying for jobs with the Federal government, including 
within the Intelligence Community. We're also focused on 
eliminating any perception of bias in the security clearance 
vetting process.
    We have been working to update our national training 
standards for security adjudicators and background 
investigators. The standards will include a renewed focus on 
treating candidates fairly and consistently throughout the 
entire vetting process. We're also committed to taking into 
account views from multiple partners, including interagency 
security personnel, civil liberties and privacy experts, hiring 
officials, legal advisers, Congressional Committees, and 
industry partners.
    Our dialog with industry partners in particular has never 
been stronger, and we are committed to working closely with 
them to tackle their concerns and challenges head on.
    Mr. Chairman, I will close my remarks by saying that this 
entire reform effort will continue to require strong senior 
agency leadership, support from Congress, especially this 
Committee, in order that we can achieve these goals that we 
share.
    I thank you and I look forward to your questions.
    [The prepared statement of the witness follows:]

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
 STATEMENT OF HON. KIRAN AHUJA, DIRECTOR, OFFICE OF PERSONNEL 
                           MANAGEMENT

    Director Ahuja. Chairman Warner, Vice Chairman Rubio, 
Members of the Committee. Thank you for the opportunity today 
to testify on personnel vetting reform. It is my honor to lead 
OPM and its work within the Suitability, Security, and 
Credentialing PAC. I look forward to discussing the progress we 
are making on Trusted Workforce 2.0, including reducing time to 
onboard new hires, continuous vetting, increased mobility, and 
improving the vetting experience for applicants, as well as our 
next steps on this important topic.
    The Federal government's most important asset is its 
people, and OPM is committed to helping federal agencies find 
and recruit the best talent. But it's not enough just to 
attract talent. We must sufficiently vet future employees and 
efficiently onboard them in a timely manner. Reducing time to 
onboard new hires while maintaining a trustworthy civil service 
is a key priority for OPM. Working with our PAC partners, 
Trusted Workforce 2.0 will transform and modernize how the 
Federal government vets individuals.
    For example, last May, Director of National Intelligence 
Haines and I issued new federal personnel vetting investigative 
standards to agencies, marking a key milestone in the 
initiative. The new standards make three improvements that I'd 
like to highlight today. First, technology and automated record 
checks make it easier and faster for agencies to make a 
preliminary determination, so an individual may start working 
in their position more quickly.
    Second, continuous vetting improvements assess risk in near 
real time by providing insight into whether an individual 
presents a risk to national security or an agency's mission.
    Third, a new, three-tiered structure for background 
investigations replaces the five-tiered model to streamline 
background investigations and more easily transfer trust 
determinations.
    These improvements have enabled us to establish an 
ambitious set of targets for initial vetting. Chief among them 
is we anticipate onboarding determinations can be made on the 
majority of individuals being vetted for positions that require 
top security clearances within 30 to 45 days, and a target of 
25 days for secret level positions. We are committed to 
achieving these targets as we realize the full potential of the 
Trusted Workforce model.
    Another critical piece of the Trusted Workforce 2.0 vision 
is improving the experience for individuals completing the 
investigative questionnaire. The updated PVQ, or Personnel 
Vetting Questionnaire, replaces four current questionnaires 
with one streamlined questionnaire.
    It also features clear instructions, simplified questions, 
and plain language, all of which is designed to benefit the 
applicant. Together with ODNI, DOD, and OMB, we have made 
tremendous progress on Trusted Workforce 2.0. As we continue to 
implement this initiative, we hope to see further improvements 
in reducing the time required to onboard new hires, enhancing 
risk management by identifying potential security threats 
sooner, and improving Workforce--Workforce mobility.
    I look forward to discussing the transformational framework 
we have established and how this will improve efficiency and 
accuracy of the vetting process. Thank you, again, Chairman 
Warner, Vice Chairman Rubio, and all the Members of the 
Committee.
    I look forward to your questions.
    [The prepared statement of the witness follows:]

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
     HON. RONALD MOULTRIE, UNDER SECRETARY OF DEFENSE FOR 
     INTELLIGENCE AND SECURITY, U.S. DEPARTMENT OF DEFENSE

    Secretary Moultrie. Chairman Warner, Vice Chairman Rubio, 
and distinguished Members of the Committee. It's a privilege to 
testify on behalf of the Department of Defense's intelligence 
and security professionals who work every day to address the 
threats facing our Nation. I wish to thank the Members of this 
Committee for your continued support and your partnership.
    As the Undersecretary of Defense for Intelligence and 
Security, I'm committed to using our tools, talents, and 
technologies to protect our strategic advantage, including our 
most important asset, our people. I'm also mindful that this is 
an important opportunity to raise public awareness about the 
vetting process for millions of Americans and the foreign 
nationals employed by the Department, including those holding 
government security clearances.
    As the largest department in the Federal government, the 
Department of Defense hosts the largest number of cleared 
personnel. Of the approximately 4.2 million Americans with 
security clearances, more than 3.6 million of them work as DOD 
civilian or contractor personnel. We deem it an imperative to 
embark on transformational initiatives to improve and enhance 
the security, sustainability, and vetting process for all.
    I also want to thank my colleagues from OPM, OMB, and ODNI 
and our PAC partners for the great collaboration on this 
effort. The Department's efforts to implement and support the 
Trusted Workforce 2.0, phased approach occurs on a much larger 
scale than anywhere else in the government. And we're making 
significant progress.
    Since October, all DOD personnel have been enrolled in 
Trusted Workforce 1.5. During the next two calendar years, DOD 
will continue driving towards Trusted Workforce 2.0, through a 
number of processes, including engagements with leaders in 
various sectors and through our Defense Trusted Workforce 
Implementation Group.
    Through the Defense Counterintelligence and Security 
Agency, and in close partnership with OPM, we are going to 
continue to deploy an enterprise-wide system, known as the 
National Background Investigation Services system, or NBIS. 
NBIS, our secure end-to-end IT infrastructure, will enable us 
to conduct comprehensive personnel vetting on a single 
platform, from subject initiation to background investigation 
through adjudication and continuous vetting.
    We look forward to continuing our drive towards full 
importation of Trusted Workforce 2.0, while implementing the 
policies and practices with the same care, attention, and 
expertise we use in our intelligence and security work.
    I want to thank every Member, again for your support and I 
look forward to your questions.
    [The prepared statement of the witness follows:]

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    
    Chairman Warner. Thank you all very much. And I've got a 
bunch of questions. I want to make sure I don't go beyond time. 
So, I'm going to ask for crisp, short answers. Ms. Ahuja, I 
think you may have even been--. I commend you on your 
timelines--25 days on secret. I thought you said 40 days on top 
secret. Is that right?
    Director Ahuja. Thirty to 45 days.
    Chairman Warner. Thirty to 45. All right. Because I thought 
Mr. Miller had said that we might get it at--more at 75 days, 
but I'll take your numbers better.
    Director Ahuja. I do want to clarify. That's for initial 
determinations. So, we have a new metric, actually a much more 
outward-facing metric, that allows us to actually put an 
individual in the seat through an initial determination, while 
the full adjudication takes place----
    Chairman Warner. While the full, but the adjudication----
    Director Ahuja [continuing]. Is still the original--the 
number that you have, the 75 days.
    Chairman Warner. But all of that is a huge improvement.
    And Dr. Dixon, I know we've got, you know, higher levels, 
greater secrets. You know, what we had been pressing in some of 
our earlier legislation is 180 days. Are you going to be able 
to try to get the intel community down to where the balance of 
the cleared community and the balance of the government is?
    Deputy Director Dixon. Our goal is to try to come as close 
to that as possible, given that we have additional steps 
required to get to the secret--the extra level of security 
clearance, as well as the polygraphs and the medical, in some 
cases.
    Chairman Warner. But can you get butts in the seat before 
you finish, the way the balance of the government is?
    Deputy Director Dixon. At the moment, that is not something 
we are able to do. We are looking at whether that would be 
worthwhile, both for the employee coming in, as well as for 
agencies.
    Chairman Warner. And while I have huge respect for Director 
Burns, CIA is still the laggard. So, I would like to get by 
each of the IC agencies, how their plan is to get as close to 
the balance of the government. Secretary Moultrie, on NBIS, you 
know, we've had some slowdowns. Things are picking up now.
    Big, big task. But how do we make sure that we don't bolt 
on cybersecurity? We build those security components in, so we 
don't have the kind of OPM, embarrassing leak we had before? 
Talk a little bit about cyber on that.
    Secretary Moultrie. Yes, I think one of the real virtues of 
NBIS is that we're actually building a system that moves at the 
speed of risk, something that we have not done in the past. One 
of the things that we're building this architecture on is zero 
trust. And I believe that you understand this very well, Sir. 
But in terms of looking at this, we're going to look at all 
aspects of it. And what we're building is something that looks 
at the data that we have coming in. It looks at the people who 
are going to manage that data, the credentialing of those 
people, ensuring that we have multifactor authentication, 
looking at behaviors while we monitor the network.
    And then lastly, ensuring that we have an alerting system 
that alerts us real time, or near real time, to what I would 
call anomalous behavior on the network. That's all being built 
in. It's got input from cybersecurity experts, some of the best 
in the government, some who are in the DOD, some who are in the 
private sector, and more importantly, sir, with the CIOs who 
really know this business.
    So, we've made that a framework and a foundation of what we 
are----
    Chairman Warner. We're going to want to get as fully 
briefed in the weeds as possible on making sure the security 
piece is taken care of.
    Back to you, Dr. Dixon, on this one. I'm going to do two, 
again so that I can make sure I don't go over time. One is 
reciprocity, reciprocity, reciprocity. And we know the IC is 
the toughest. But the notion that you get cleared in one 
component, even inside the IC, and you can't use that 
clearance. There may be certain roles. How are we going to do 
on that?
    And then, this maybe applies not just to the IC, but across 
the whole enterprise. When we think about our private sector 
partners, the idea that you may get a job and you've got 40 
slots and it may be a midsize firm and those 40 slots do not 
extend. So, you often times have the CEO or the CTO or the CFO, 
not even being able to get clearance to be aware of what 
projects they're working on. That's inappropriate oversight. It 
frankly doesn't make any sense. So, if you can take the 
reciprocity--and maybe Jason, you can also address this--issue 
of how we make sure that management in the private sector side 
is going to get slots, as well, beyond the actual need for the 
specific job.
    Deputy Director Dixon. Sure, Senator.
    So yes, reciprocity has been a challenge. I think with 
this, in particular, I know that contractors have raised, that 
the industry partners have raised that as a significant 
concern. As it is right now, 90 percent of contractors can go 
within IC agencies when there are the same processes.
    So, for example, if you've got a kind of polygraph in one, 
you've got a polygraph another of the same kind, you can go 
within five days. Ninety percent of our contractors go in that 
five-day timeline. The challenge is the other 10 percent that 
is not.
    Chairman Warner. The challenge also that you've got to 
polygraph here, but you don't have it and need it here, and 
having some uniformity--. My time is about out. Talk to me 
about how you're going to deal with the management that doesn't 
fall into the jobs perceived.
    Deputy Director Miller. So, on this issue--and you've 
raised this issue with me before. This is an issue that 
absolutely we need to address and we're working on it. We have 
a working group, and I'd be happy to follow up with you on the 
specifics of how we're going to try and drive this forward.
    Vice Chairman Rubio. The backbone of this whole thing is 
the--I'll use the right terminology--the National Background 
Investigation Services. That's basically what's going to hold 
all this information. It's the database. So, I just want to 
have a better understanding, without obviously endangering its 
security.
    Why is this more secure than the OPM database that was 
breached back in 2014? Are there features here that were not 
available? Is it because the OPM one was broader and this one 
was more categorized? How confident are we, especially since 
cybersecurity? Perhaps others may want to comment on it, but 
this is the Holy Grail, to some extent. Everyone's going to 
know it. We know the existence of it is public. How is it more 
secure than the OPM? Because a breach of this sounds like it 
would be catastrophic.
    Secretary Moultrie. So, thanks for the question. I can't 
speak to the OPM system that was developed over decades and the 
cyber security features that it may or may not have had. I 
suspect that during the time that it was built, we would not 
have had the capabilities and the advancements that we have 
today. So, I can speak to what we are----
    Vice Chairman Rubio. Neither did the hackers. I mean, 
they've developed, as well. And that's why this is a moving 
target.
    Secretary Moultrie. Exactly. And that's why what we're 
doing is building it on the latest frameworks that we have, 
that are cyber-security proven, that--the zero trust frameworks 
that we know are proven. We are getting the counsel of those 
who actually understand breaches and who have lived through 
breaches, and understand how hackers may want to get into 
systems and what they go after and how they actually do this. 
And building every component to actually withstand an insider 
threat, an external threat, or just a lapse in security.
    So, I think all that's being factored into a system that 
will be state of the art. I would say nothing is breach proof, 
but it will bring us, I believe, to an exponentially better 
place than where we were with the----
    Vice Chairman Rubio. Do you know which agencies are not 
using NBIS right now?
    Secretary Moultrie. I can get a list of those for you.
    Vice Chairman Rubio. Okay. Have we tested its usability 
with industry or with the government--the security directors of 
government agencies?
    Secretary Moultrie. So, what we are doing is agile software 
development. We are testing components as we go along. We are 
building that and testing, as we go along.
    Vice Chairman Rubio. Mr. Miller, are we testing the broader 
Trusted Workforce 2.0 with users in the industry? Is that part 
of the benchmarking?
    Deputy Director Miller. Yes, it is, and just to step back 
on the breadth of this. It's more than 13,000 industry partners 
that will touch these systems. There's a staged deployment as 
well as an engagement model to ensure that we're getting 
feedback.
    Vice Chairman Rubio. I understand that. Let's say you open 
it up to 100 of them, right? And have them try to use it and 
then they give you feedback as to: We encountered this problem; 
we encountered that problem. And you're making adjustments 
based on that feedback?
    Deputy Director Miller. That is part of the agile 
deployment, or the agile development model, that Mr. Moultrie 
was discussing. We're also phasing different developments. I 
would defer to Mr. Moultrie to talk that through. But in terms 
of building additional capabilities and running it as we go.
    Vice Chairman Rubio. Okay. Thank you.
    Chairman Warner. Senator Wyden.
    Senator Wyden. Thank you, Mr. Chairman. And thank you all.
    This Committee, ever since the days of one of our leaders, 
Pat Moynihan--I see Senator Gillibrand here, and I am sure she 
goes into the Moynihan train station often--Senator Moynihan 
always stood for the proposition that a big part of the job in 
intelligence is striking the balance between transparency and 
protecting sources and methods.
    And we continue to this day to do that. And I want to ask 
about declassification reform, because Senator Moran and I have 
made a major proposal to promote declassification reform. And I 
see a lot of my colleagues here, Senator Warner, we've all been 
talking about this for years. Senator Cornyn has been very 
constructive.
    Let me start this way. There are clearly too many jobs in 
the Federal government that require a security clearance. And 
one of the reasons is that there are too many secrets of 
matters that do not need to be secret. And there are at least 
two solutions. The first is reforming the rules that determine 
what information is declassified and when it gets declassified. 
Now at our Threats Hearing earlier this month, I asked Director 
Haines about a matter that I'm especially concerned about and 
that's the National Security Council's rewrite of the Executive 
Order that governs classification and declassification, and the 
prospect, based on everything I've heard, that this has 
stalled.
    So, I'd like to just go down the line of our witnesses, 
because I want to get your sense of what is going on, because I 
think that leaves us in the position of what to do next. Can 
any of our witnesses assure me that that is not the case? That 
we are not dealing with a situation where the National Security 
Council is stalling things?
    Let's start with you, Mr. Miller. Just go right down. I 
think I can get all five of you in my five minutes. Sir.
    Deputy Director Miller. Senator, Sir. Great. Thanks, 
Senator. Appreciate the importance of this issue. This specific 
issue is outside my remit. I would defer to my colleagues, but 
I can absolutely take that back, as well.
    Senator Wyden. Okay.
    Deputy Director Dixon. I know for a fact, that there are 
aspects of the classification reform are ongoing. As to which 
parts that are being referred to as being stalled, I am not 
sure.
    Senator Wyden. Ongoing is different than the question I'm 
asking. I'm concerned that things are stalling out there, that 
I've been talking to people who feel very strongly about the 
subject, and they're very loyal Americans. They want to get 
this done and they want to do it the Moynihan way. Let's 
protect transparency, and let's protect sources and methods.
    And they're concerned we're stalling out. So, if you could 
be a little bit clearer.
    Deputy Director Dixon. There are definitely aspects that 
are not stalled. There's many, many aspects of the conversation 
we need to have, with respect to reforming classification writ 
large. There are processes in place moving along certain 
aspects. The entire thing itself, that's going to take some 
time.
    So, I don't know whether it's--there is----
    Senator Wyden. How much time? How much time?
    Deputy Director Dixon. Sir, it's actually--it's not my 
process. So, I can't really comment on how much time it would--
is taking. But there's a commitment from all the parts of the 
interagency that want to get this done, that want to get this 
moving. We will, again, much like Jason, I'll take it back, 
too, and make sure they understand the importance of it and the 
interest that you have in making sure that there's a timeline 
that we meet.
    Senator Wyden. Ma'am.
    Director Arjuha. Yes, Senator. I would defer to my 
colleague, Deputy Director Dixon. It's not particularly in our 
purview, within OPM.
    Senator Wyden. This hearing is on classification issues. 
And if everybody shows up and says, ``not my purview,'' it 
gives me a pretty clear sense of what the remedy ought to be. 
But why don't we have you, Sir? And then I'll just wrap it up 
with my colleagues very quickly. Please, Secretary Moultrie.
    Secretary Moultrie. Sure. We are not responsible for the 
process. But I can tell you, within the DOD, we're committed to 
classification reform. There are things that we have talked 
about. There are policies that I've written and signed in the 
fall of last year, that get at classification reform and 
classification review. In closed hearing, I'd love to come back 
and talk to you about some of these things that we've done, and 
how they are going to get information, not only to warn 
individuals within our country, but also to some of our key 
allies and partners.
    Senator Wyden. Okay. Colleagues, let's just kind of tote 
this up, in terms of what we have just heard. We've had four 
very dedicated public servants, and I respect all of you. One 
of the four, a bear one, said things were moving a bit in some 
areas. And three out of four basically said, not my beat, not 
my purview. You all are entitled to share your views and I 
respect all of them.
    But I think what this tells us, colleagues--and Senator 
Warner and I have talked about it--is that this is more reason 
for the Congress and this Committee to step in and do this job 
and do it in a bipartisan way. In other words, we've had four 
very good public servants with expertise in this area, give me 
answers, as I have to run off and deal with the Senate Finance 
Committee, with a sense that this is not moving with the speed 
and the urgency it requires.
    And I've been very appreciative, because I've been pounding 
away in these precincts for a long time, to have Senator 
Warner, Senator Moran, and Senator Cornyn in particular, all 
making it clear that we've got to get something done. So, Mr. 
Chairman, I thank you.
    Chairman Warner. Let me just--and I think, frankly all of 
us, not just the four you called out, share this. And you know, 
I think we're going to have to deal with it, both 
legislatively--. But I also think in the interim, you know, 
we've got to have people back, in both open and closed--. On 
this very topic. Respectfully, I found the answers equally as 
frustrating, if not more than you.
    So, we will have another bite at this apple, I promise you. 
Senator Collins.
    Senator Collins. Thank you, Mr. Chairman.
    Director Ahuja, in 2016, after the OPM data breach, the 
timelines for processing clearances soared to over two years 
for a top-secret clearance, and the backlog swelled to 725,000. 
Think of the thousands of individuals who just gave up the 
prospect of working for the Federal government during that 
time, because they needed jobs. And there are a lot of 
alternatives.
    I'm concerned that we now have another major data breach 
and that is the Affordable Care Act breach in DC, which affects 
a lot of Hill employees who get their insurance through the--
get their ACA insurance through that DC system.
    First, is there an impact that you've seen from this latest 
data breach, which has exposed names, addresses, Social 
Security numbers, all sorts of information?
    And second, what can we do to make sure that we harden the 
systems that contain this information, because obviously, the 
data in the system is subject to identity theft, is going to 
make doing clearances much more difficult, as we saw in 2016.
    Director Ahuja. Thank you, Senator, for that question. You 
know, I can't speak specifically to the more recent data 
breach, but I can tell you, we've learned quite a bit at OPM, 
from the data breach from 2015, and the work that we've done to 
ensure that we have a secure system. My colleague here, Ron 
Moultrie, spoke to the work that's happening within NBIS to 
shore that up under zero trust architecture. I can tell you, 
with a lot of the IT modernization happening, moving to a 
Cloud-based system, especially within our organization--a very 
aggressive timeline that we have for its modernization within 
OPM. And we're not alone. This is happening across the Federal 
government, and the work that's being led by the Office of the 
National Cyber Director, focused on Federal government as well 
as across industry.
    So that's the work we're doing within OPM. But certainly, 
we've taken lessons. And Vice Chairman Rubio mentioned the 
difference: at the time of the breach in 2015, we were sitting 
on legacy systems at the time. And we very much are working 
hard, through the support of Congress, to move off those legacy 
systems in order to take advantage of the latest technological 
capabilities and to move to the Cloud, which inherently has 
more cybersecurity protections within it.
    Senator Collins. Thank you.
    Dr. Dixon, I want to get a better understanding of how the 
Intelligence Community does clearances versus the rest of 
government. It's my understanding that the Defense 
Counterintelligence and Security Agency is in charge of basic 
security clearances for approximately 95 percent of those in 
the U.S. government.
    However, that leaves five percent, approximately, in the 
Intelligence Community who utilize a different investigative 
service provider or providers. Why are there different security 
clearance programs and databases for DOD versus the IC?
    Deputy Director Dixon. Thank you, Senator Collins. The 
processes are different. And while we do similar things, with 
respect to figuring out if the person is fit to have the job, 
trustworthy to have the job, and then whether or not they are 
able to have a security clearance, we do that all in one 
process, as opposed to making the person go through multiple 
processes.
    So yes, we do have our own databases, but we follow the 
same types of rules and regulations. And if you look at the 
standards and the guidelines that have been put out as part of 
Trusted Workforce 2.0, it's similar processes. Just rather than 
using their service provider, we're doing it ourselves. We're 
following the same system, following the same types of 
questions. They are following the same types of information 
gathering.
    So, if you just think of it as having multiple, different 
ways to get the same information, that's the way that we're 
approaching it.
    Senator Collins. Do you honor the security clearances of 
DOD, if an employee goes from working at, let's say NGO to the 
CIA?
    Deputy Director Dixon. What this process will let us to do, 
is to know where their process stopped and what we need to do 
to continue to bring it up to the level of a person that 
actually has to have the clearance level that we have within 
our community. So, we will respect it. But it doesn't transfer 
completely, because there are other steps that have not been 
taken, with respect to that vetting.
    Senator Collins. I guess, then, I realize my time's 
expired. But I guess I'm trying to understand whether a TSI 
clearance is the same across the Federal government, or does it 
mean something different, depending on which agency you work 
for?
    Deputy Director Dixon. So, within the Intelligence 
Community, in addition to having, for example, the TS, will 
actually have a Sensitive Compartmented Information clearance 
level. It is a different level of clearance than the TS that is 
not--in the non-sensitive population. There are additional 
questions. There are additional processes that we will use that 
they will not, which is why it's not a one-to-one transfer.
    Chairman Warner. Senator Collins has hit the nail on the 
head. You know, my view is, belief is, we have a complete 
mishmash. And the lack of reciprocity, or even the kind of not 
knowing for sure if you're at DHS and you want to go to DOE, 
and then you want to go to NRO--. We've got a lot of work to do 
in this space. And there are differences, but sometimes, 
particularly when you get into the contractor world, it gets 
even--you don't even know.
    I appreciate that. Especially when you get 
compartmentalized areas on the IC side, there needs to be 
higher--. But that lack of clarity, you know, you got why I'm 
crazy about this. But it's just--we can do this. We can protect 
the enterprise, and we can be much more efficient. I really 
appreciate you raising it.
    Senator Collins. Thank you.
    Chairman Warner. Senator King.
    Senator King. I want to talk about a different aspect of 
that, and that is what happens after you're hired--the so-
called continuous vetting? Mr. Miller, can you tell me how that 
works? Because prior to that concept, there were periodic, 
timed revaluations, just to check in on the employee. Now 
that's no longer the case.
    So, give me the mechanics of continuous vetting. What does 
that mean?
    Deputy Director Miller. Absolutely. Yes, so the prior 
process, involving periodic re-investigations, could be a five-
year or a ten-year window before a periodic check on an 
individual. The continuous vetting model includes, but it's not 
only included--includes automated checks on a near-real-time 
basis, which provides any potentially problematic information 
to an agency.
    Senator King. What does an automated check mean? What does 
it check?
    Deputy Director Miller. For example, criminal databases. 
So, if an employee does not self-report, an agency might not 
know about that information. But a check on a criminal database 
would allow an agency to see that. It also requires the 
agencies to change their internal processes, which were 
previously built on a periodic reinvestigation model, for how 
they're going to intake that information and then make 
determinations based upon that information.
    I would defer to Mr. Moultrie on the specifics for DOD, but 
both DOD and other agencies have noted the dramatic change that 
that has made for them, in terms of their ability, on a near-
real-time basis to get information and make sure that we're 
maintaining trust in a much more effective model, is a dramatic 
and important shift.
    Senator King. Well, I want to be convinced of this, because 
I'm not sure that an automated records check is an adequate 
substitute for somebody actually doing a periodic 
investigation. So, convince me.
    Secretary Moultrie. In terms of thinking about the 
digitized system that we're developing, that digitized system 
takes the data on an individual. It is plugged in, Senator, to 
national databases, some that reside with the Federal Bureau of 
Investigation, some reside with national law enforcement 
systems. And we establish thresholds that if something happens 
to one of our personnel that meets the threshold--it may be an 
arrest, it may be that they had some conviction or some issue. 
There's a threshold that automatically alerts us to say, 
there's something you need to look at regarding one of your 
people. And that can happen near-real-time. And that allows us 
to really accelerate the timeline by which we know things. 
Instead of waiting for somebody to report that, which may be 
five years as you're saying, or maybe seven years in some 
instances. We have now accelerated that timeline to where, for 
top-secret issues and alerts that we may not have gotten for a 
while, we now get those, we think, some one-and-a-half years 
earlier than what we would have got if we would have waited for 
somebody to fill out a form and say: Oh, by the way I had this 
happen to me.
    Senator King. I understand that if you're talking about 
something obvious, like a conviction. But there may be more, so 
the question is, would this system have picked up Aldrich Ames?
    Secretary Moultrie. CIA--Aldrich Ames? I don't know. 
Without knowing the specifics of that. But what it might tell 
us, Sir, is if somebody is putting an inordinate amount of 
money in a bank account.
    Senator King. It would pick that up?
    Secretary Moultrie. It would be able to tell us, if it has 
the alerts on, it would be able to tell us that they have 
exceeded the threshold. And I believe one of the things with 
the case you are talk----
    Senator King. You say, if it has the alerts. Is that one of 
the--?
    Secretary Moultrie. I do not know, but I can take that 
question back, Sir.
    Senator King. Ms. Dixon.
    Deputy Director Dixon. Yes, it is. So, a suspicious 
financial alert is one of the alerts. If someone is depositing 
large sums of money, particularly from foreign accounts into a 
bank account? Yes, that will alert.
    Senator King. Are you comfortable, as an intelligence 
professional, with this automated system, as opposed to regular 
revisits to the classification?
    Deputy Director Dixon. I am. I believe, between the variety 
of things--the financial, the criminal, the credit--all those 
things together will provide a lot of information that frankly, 
again, we weren't getting, except every five years. And so, we 
have an opportunity to shorten that timeline.
    In terms of the insider threat that you mentioned, in Ames 
in particular, we've got other processes that are also in place 
within our counterintelligence organizations that will also 
assist in noticing when some----
    Senator King. Because if you've got a spy who's a 
professional, they're going to know about bank accounts and 
convictions.
    Deputy Director Dixon. They will. But strangely enough, 
with that, historically he actually was displaying a lot of----
    Senator King. The bank account might have picked him up.
    Deputy Director Dixon. The bank or his colleagues who 
noticed that he was all of a sudden spending a lot of money on 
clothes and cars, should have reflected something, and I think 
would now.
    Senator King. Quick question. Do you all red team this 
system? Do you ever try to send somebody through it that has an 
obvious, not an obvious, but a problem and to see whether the 
system is actually picking up potential security threats?
    Secretary Moultrie. The system is constantly red-teamed, 
Senator. Yes, it is.
    Senator King. Good. I think that's all I have.
    I want to thank you for what you're doing and the progress 
that you have made. I think the point of this hearing is, we're 
way ahead of where we were three or four years ago. And thank 
you all for the work that's made that happen.
    Thank you, Mr. Chairman.
    Chairman Warner. And I believe, and you can correct me if 
I'm wrong, whether Mr. Ames or some of the others, the five-
year periodic review didn't pick up any of these guys.
    Senator Cornyn.
    Senator Cornyn. Well, thank you all for the good work 
you've done modernizing the background check system and making 
the issuance of security clearances a whole lot more efficient.
    I have a pretty basic question, though. Mr. Moultrie 
mentioned that there are approximately 4.2 million security 
clearances that have been issued by the U.S. government.
    I think we have a more fundamental question, and Senator 
Wyden raised it. I'm not sure you're the panel to answer this, 
but I'd be interested in your views if you have them. It seems 
to me that before we figure out how many security clearances 
should be issued, we need to figure out what the range of 
classification of information should be, because the less 
information that's classified, the fewer security clearances 
the government is going to have to issue.
    And I would footnote that by saying, obviously, we all 
understand the importance of the classification system when it 
comes to national security. But unfortunately, we also know 
that there is just a human tendency to classify information in 
order to prevent accountability. And there's really a clash 
between those values, our democracy with the public's right to 
know, the need to receive information upon which to judge the 
performance of public officials. There's a real tension there. 
And we need to make sure that that line is drawn in the right 
place.
    Can I ask, maybe I'll start with Dr. Dixon and then Mr. 
Moultrie, how do you determine the number of clearances that 
your agencies--or for that matter, any intelligence agencies--
require?
    Deputy Director Dixon. I will say there are a couple of 
ways. So, Congress provides the authorizations for the number 
of government personnel that we have. In addition, we look at 
the number of contractors that we need to support the work. And 
so that will determine the number of clearances. But the 
initial number is authorized by Congress, in terms of the 
government.
    To your point, a look at the actual classification levels 
and whether or not we are over classifying is the conversation 
we were having earlier that needs to be in work, and that I 
think we're all committed to, on whatever timeline makes sense, 
given the enormity of the situation.
    I would just say that every year we are trained that 
classification is not used to hide information. It may be out 
of laziness that people are classifying things, over-
classifying. But I would just say very clearly: we are trained 
every year that we are not supposed to use it to hide 
information from oversight or from others outside of the 
government.
    And so, I would just--I wanted to push back on that one 
point, Sir, respectfully.
    Senator Cornyn. Well, no, I accept that. I understand. I'm 
not saying people are doing something nefarious or something 
improper. I'm just saying that there's a natural human tendency 
to want to hide your mistakes, or things that you don't want to 
explain. And it's the same reason I've worked closely with 
Senator Pat Leahy, when he was here, on the Freedom of 
Information Act reform, to make sure that the public had access 
to the information that they needed in order to make those 
decisions.
    But what I'm talking about is not something nefarious. It's 
basically a human tendency, or just the ease with which it's 
easy to stamp something classified. Or now, we know that the 
explosion of digital records is making it virtually impossible 
to keep up with this.
    But Mr. Moultrie, can you talk about the Department of 
Defense and how do you determine the number of clearances that 
you need?
    Secretary Moultrie. Once again, it's what we're authorized, 
in terms of the numbers that we're actually authorized. Two, I 
would say it's an assessment of the position itself and whether 
or not that position requires some degree of trustworthiness, 
and that determines whether or not that person gets into access 
and the clearance.
    And then also the risk assessment with that particular 
position determines what level of clearance and what access we 
need to provide there. I would say, to the issue of over-
classification, there are cultural issues that have been around 
for decades where there was probably a default to overclassify 
or highly classified things some 40, 50 years ago.
    And that's changing now. There are processes, and I would 
say there are policies that we have to rewrite, and there are 
systems that we have to do--some systems actually default to a 
classification. It will actually default to saying something's 
classified, even when it just may be an unclassified statement, 
if you will.
    We're getting at all that. We're looking within the 
Department of Defense. We are getting at all that. And I know 
that, at the Deputy Secretary's level, she has within the last 
month asked individuals to take a look at how we ensure that we 
are not defaulting to the wrong processes. How we're actually 
training people to actually write to release and to share 
things with, not just people within the community, but also 
with the American public.
    Senator Cornyn. Well, thank you. Thank you for that. We're 
going to look forward to working with you to try to understand 
that process a little bit better. I'm not sure whether Congress 
has the basic information we need to know how many security 
clearances we should authorize. I'm not sure that's a 
conversation we've had. Maybe we have and I just haven't been a 
party to it. But we look forward to working with you to address 
this--this issue.
    Thank you.
    Chairman Warner. And, Senator Cornyn, I think you hit the 
nail, that this notion of default or the old-fashioned term, 
CYA, not based upon malfeasance, but just--and I'm anxious to 
see the systems changes to move away from that default. And 
somebody who's actually been working on this issue for years is 
Senator Moran. Senator Moran, you are up.
    Senator Moran. Mr. Chairman, I thank you for your 
suggestion that I have credibility on this issue, but I don't. 
And at the moment, I'd just like to continue listening to the 
dialog. I apologize, however, for missing the moment in which 
you did compliment me earlier in the hearing.
    Chairman Warner. Let the record show that was--so Senator 
Lankford must have some brilliant questions coming up.
    Senator Lankford. No, he's just yielded his time to me. So, 
I've got ten minutes now.
    Thanks for your time. I do have a bunch of quick questions 
I want to be able to get to. I want to be able to ask about the 
personal vetting questionnaire. How is that different than the 
SF-86? I know there's been lots of conversation about we're 
narrowing it down, we're changing it. What's the real 
difference here?
    Director Ahuja. Thank you for that question, Senator.
    This has really been a big part of how we're thinking about 
the reforms and the Trusted Workforce 2.0.
    So, the personal vetting questionnaire, you know, we have 
to revise it periodically. This is one of the instances where 
it expires, so to speak. And so, in this instance within these 
reform measures, we wanted to streamline, we initially had four 
different questionnaires, depending on your risk level and how 
you were classified. And now we've combined it into one 
questionnaire, so into different subparts. And the benefit here 
is that, depending on your risk level, you fill out just the 
portion that you need to. And then when you come back, and 
let's say you move into a higher risk level, you just have to 
fill the gap, really, and go on to the next part of it. We've 
simplified the questions.
    We've removed double-barreled questions. We've heard from 
applicants that, oftentimes it's difficult to understand what 
you're asking of them, and we want them to be truthful. We 
wanted to ensure that there was clarity there. We put in longer 
segments of what we called preambles, to understand this is why 
we're asking the question.
    This has been an effort that we started in the last 
Administration, you know, underway--that was when the Trusted 
Workforce 2.0 was launched. And we're kind of coming to 
fruition. And now we're in the second public comment period 
that's about to end. We do look forward to that feedback to 
ensure this is really one big part of this effort--the 
guidelines that we've set together with my colleague at ODNI--
is the experience that an applicant goes through to ensure that 
not only is it a fluid experience, but that we can actually 
onboard them in a more efficient manner.
    Senator Lankford. So, let me ask a reciprocity question 
with this. Ms. Dixon, you were talking before about some of the 
time period they have to do additional work on it. If they've 
just gone through the process, they got a secret clearance, it 
is 25 days--Congratulations on that. That's a big change. 
They've done that.
    Now they want to be able to switch over. Now they've got 
additional items they've got to be able to do. Are they 
starting all over? Or is it a faster process now because 
they've already been through the first year?
    Deputy Director Dixon. They should be able to build on the 
process that's already happened.
    Senator Lankford. Should be or do?
    Deputy Director Dixon. Will.
    Senator Lankford. Okay, deal. So, your estimate, at that 
point, was you were hoping to be around 75 days or less in the 
process?
    Deputy Director Dixon. To get to just the top secret with--
not within the national security population.
    Senator Lankford. Correct. Okay. And so, if they've gone 
through these 25 days or 45 days for the clearance, they switch 
over to you, it should be another 20 days? Or it should--I get 
another--because I'm not going to hold you to this. I'm trying 
to get a feel of what this looks like.
    Deputy Director Dixon. No, and I appreciate the question. 
We've actually been looking at the entire timeline, so I don't 
actually have a goal for the exact apples-to-apples comparison. 
At this point in time, I think if you look at what we are on 
average, it's about 120 days. We're trying to get that lower 
for that particular part.
    Senator Lankford. Okay. That'd be very helpful. There's 
been a lot of conversation about the social media aspect as 
well. Is it reliable, is it not reliable? Should we look at it? 
Should we not look at it? Let me just say, from my perspective, 
you should look at it. I mean, to say it's not reliable, would 
be to say there's nothing we could really gain there.
    Clearly, there's information that we can gain--trends, 
information--at least questions to be able to follow up with 
people and say, hey, we saw this association, or we saw this 
connection, or we saw this post at this point. That's not an 
unreasonable thing. So, if there's some dispute to wonder 
whether we're going to say to you, you shouldn't look at that.
    No, I think you should. That's a pretty reasonable thing. 
The question is, how you use it. What is the plan at this point 
for how you're using social media? And are you?
    Deputy Director Dixon. As you pointed out, we are allowed 
to use it. We have the authority to use it. Right now, we're in 
exploratory phase trying to figure out what the utility is, 
what can we get out of it, based on the amount of information 
that is coming through. There have been several pilots that 
have been going on, and those will influence--and those will 
help us understand how we're actually going to be using it in 
the future.
    Senator Lankford. Okay. Other comments from anybody on 
that? Mr. Moultrie, you're nodding your head on that, as well.
    Secretary Moultrie. No, Director Dixon covered that the way 
I would have covered it.
    Senator Lankford. Okay. Let me ask one final question 
there. It's about the polygraph, because there's been--some 
agencies use it, some do not. There's been some conversation 
about ocular scanning instead, or a different resource or in 
addition to.
    Are there other conversations about how to use polygraph, 
where to use it? Other tools that may be out there that may be 
a better tool? What is the trend at this point? To try to 
figure out what to be able to do with that?
    Deputy Director Dixon. I will have to take that for the 
record. I am not actually aware that they're thinking about new 
technologies to be using for it. But right now, we plan to 
continue using it within the Intelligence Community itself.
    Senator Lankford. Okay. Mr. Moultrie.
    Secretary Moultrie. Our National Center for Credibility 
Assessment uses a polygraph. It is the tool, the gold standard 
that we have right now. We have had a discussion within the 
Department of Defense as to whether or not new technologies 
might be augmentative to polygraphs. Is there something out 
there that would allow us to monitor some of the same things 
that a polygraph monitors?
    But those are in the very early stages of discussion. But 
we believe that looking at technology and being able to enhance 
any process is a way that we ought to go.
    Senator Lankford. Okay. Thank you.
    Senator Rounds. Thank you, Mr. Chairman.
    In closed sessions, the Chairman suggests that I can take 
advantage of being the newbie on the Committee for as long as I 
would like. Let me begin just with a primer, if we could. If 
you're talking about the Department of Defense, who sets the 
guidelines for what the security clearance necessary for a 
secret or a top secret or a TS/SCI? Who's responsible for 
setting those on-the-job descriptions?
    Secretary Moultrie. We work within the Department of 
Defense, based on the criteria and the guidelines that we have. 
In my office----
    Senator Rounds. Who sets those guidelines?
    Secretary Moultrie. With policy and the Undersecretary of 
Defense for Intelligence Security, me. We actually look at 
national guidelines and we work off the national guidelines 
that are set for access to information. And we will set those 
policies to ensure that the Department of Defense is adhering 
to those policies.
    Senator Rounds. Thank you. It's a national policy?
    Secretary Moultrie. It is.
    Senator Rounds. Okay. How about if we're looking at DNI?
    Deputy Director Dixon. We set the policy for the community.
    Senator Rounds. You set the policy for the entire 
community. So, the definitions of what is necessary for a 
secret or a top secret or a TS/SCI, the conditions or the 
policies are consistent across all departments?
    Deputy Director Dixon. That's a good question. The answer 
should be yes.
    Senator Rounds. I'm wondering if it is, though, because 
that would be a little bit inconsistent with what I heard 
earlier, about differences in the way it's set in some areas. 
Explain to me if I'm missing something here.
    Deputy Director Dixon. I think what I was referring to 
earlier, is where TS, top secret itself stops and where SCI 
starts. There will be a difference in those two things.
    Senator Rounds. So, it's not a consistency across the 
board, then?
    Deputy Director Dixon. A TS is a TS. But a TS/SCI and a TS 
are different.
    Senator Rounds. Based upon the agency or upon national 
policy?
    Deputy Director Dixon. I am sorry. The IC will use the TS 
with the Sensitive Compartmented Information.
    Senator Rounds. So, what you'll do with it, with the IC, is 
if you're going to do the TS/SCI, it will all be with 
compartmented information as part of the thing--. So, you go 
deeper into it at a more advanced level, automatically?
    Deputy Director Dixon. Correct.
    Senator Rounds. Okay. That's helpful. Thank you.
    Sir, you're looking at me like are you agreeing with that 
or are you--?
    Secretary Moultrie. No, I am agreeing. I just think there 
may be another part to answer on this.
    Senator Rounds. Please.
    Secretary Moultrie. If someone has a top-secret clearance, 
the reciprocity process may be somewhat different. But once the 
top-secret clearance has been granted, whether it's TS or TS/
SCI, individuals get access to the same information. There's no 
such thing as this agency has this type of top secret.
    This one has a different type of top secret. It's top 
secret. They share that information across agencies. They can 
work on things, virtually and sometimes in groups together. 
They receive the same information. What I was worried about is 
some conflation of reciprocity, going into a different agency 
or looking at the same information that is shared, once you 
reach a certain level.
    So that's the only clarification.
    Senator Rounds. Well, I'm happy you do that, because that 
was my next question. When we talk about reciprocity, or 
perhaps I think by that you're talking about moving. If an 
individual is moving from one job location to another, and they 
have a TS versus a TS/SCI, that's where the challenge comes in?
    Director Ahuja. Could I offer something, Senator?
    Senator Rounds. Sure.
    Director Ahuja. You know, part of the Trusted Workforce 2.0 
has been--that my colleagues at ODNI and OPM have worked on--
are these investigative standards that we issued about 
streamlining the investigative requirements across all trust 
determinations. So, suitability, which OPM manages, and the 
security clearance, which ODNI manages.
    I just wanted to offer that up, that a part of this effort 
has really been to streamline the requirement, so you can have 
greater reciprocity and mobility. Before we had these 
distinctions, and now we have the--from the five-tier to the 
three-tier system, which is going to streamline that process 
completely throughout.
    I just wanted to add that.
    Senator Rounds. Okay. And thank you. I'm also just curious 
about one item leading up to this was mentioned that, while the 
principles are in place, with regard to leadership teams, there 
are two important positions that are being performed on an 
acting basis right now. And I'm going to ask the reason why.
    The position of Director of the National 
Counterintelligence and Security Center, the NSCS, and the 
ODNI's primary agent on clearance reform--which is interesting 
since that's what we're talking about today--has been vacant 
since January of 2021. An FBI agent is acting in that position. 
The senior position supporting the USD (I&S) is also vacant and 
performed on an acting basis by a detailee from DIA. I got a 
lot of acronyms involved in this thing, but what I'm getting at 
here is, apparently within the leadership teams themselves, 
you've got two vacant positions.
    Please don't tell me that it's because they're waiting for 
a clearance.
    Deputy Director Dixon. No, sir. We've definitely been 
trying to find the right political appointee, or nominee, to 
put into that position so that we can have it filled. The 
person holding has been doing a wonderful job. But yes, we 
recognize that we need to get that filled. And we've been 
working with the White House.
    Senator Rounds. And if the Chairman would indulge me for 
one last question, how long will it take to actually get a 
clearance for someone, once you have picked the right political 
appointee?
    Deputy Director Dixon. That process is probably a little 
faster than the average process. We are going from 180 days, 
from application to the person being offered a job, for the 
regular person. It will be a faster process for--.
    Senator Rounds. Okay. Thank you. Thank you, Mr. Chairman.
    Chairman Warner. But let me--you are also getting at this 
issue. This may not be the case, but the last time we did one 
of these----
    Senator Rounds. 2018.
    Chairman Warner [continuing]. Within DHS, I can't recall 
whether secret or TS, somebody had the clearance to move from 
one contracted DHS to another. Took 100 days. Even though the 
classification level is the same. I think everybody is working 
with good will here. But this reciprocity thing--Sue Gordon 
promised that before she left--and I love Sue to death--but 
it's a hard, gnarly one.
    Senator Rounds. It is, Mr. Chairman. And look, even whether 
we're talking about health care under artificial intelligence 
or what we could do there, or if we're talking about Spectrum, 
which Senator King has been so actively involved in--the over-
classification or the challenge of getting the appropriate 
people, even within our own staff, to get the right type of a 
category to get good information to do their job, has been 
challenging.
    Chairman Warner. Senator King has had a question. I got a 
quick lightning round. I want to hit three quick things. You 
know, and this first one is for Ms. Dixon, Mr. Moultrie.
    Number of polygraphs, the people that can provide the 
polygraph, and the number of even trainers for the polygraph 
examiners--we were way short. How are we on that, at this 
point?
    Deputy Director Dixon. I'm going to have to take the actual 
number for the record. What I do know is that Ron's 
organization has done a wonderful job of expanding the number 
of people who can go through the courses. They are doing their 
part to make sure that we have the certified people coming out, 
making sure that those seats----
    Chairman Warner. I want the numbers, both in terms of how 
many--there was a single training class in South Carolina. We 
had COVID. What are our numbers there? How are we doing in 
terms of total number of trained examiners? This is for Mr. 
Moultrie and Mr. Miller--tough question. But I think one we've 
got to sort through.
    We go through our process. We find something that--major 
red flag, you know, same person goes out and then is applying 
for a job in the private sector, that may end up ultimately 
resulting in a requirement for a security clearance. Well, 
obviously, we have the privacy protections of that individual.
    The idea that we can't give some ability to let the private 
contractor know that person X didn't vet. I hope we are trying 
to sort through, recognizing there are privacy issues.
    Deputy Director Miller. Yes. We recognize this issue and 
yes, we are trying to sort through it.
    Chairman Warner. You with us on that, Mr. Moultrie?
    Secretary Moultrie. That makes 100 percent sense.
    Chairman Warner. Last one before I go to Senator King. 
Again, Senator King was there that last time we did this.
    I have huge respect for former FBI agents who spend their 
career going into universities and checking somebody's academic 
records or going to a local courthouse and checking somebody's 
criminal records.
    One of the things that came out of COVID was we did a lot 
more online and virtual interviews. I think this one is for 
both Stacey and Ron. You know, are we continuing that? And are 
there still things we asked specifically, but we're further on 
in this process? If there are specific incentives we need to 
put in place with our friends in the higher ed world or our 
friends in the criminal justice world--that they should be able 
to share that information in a timely way so that we don't 
waste the time and money, candidly, of sending agents to go out 
and look and see if somebody's academic record was valid is 
really important. If you can address those two and then we'll 
go to any final questions from our colleagues.
    Deputy Director Dixon. We are looking to automate as much 
as possible--and yes, we learned a lot during the pandemic 
about doing things virtually--I think there's some aspect of 
things that we're still doing virtually, in terms of having 
conversations. The nice thing about the automated systems is 
that you will then only have to do the follow-ups for those 
times when they're alert.
    You're automatically decreasing those numbers of 
engagements that you have to have that would be person-to-
person.
    Chairman Warner. Ron.
    Secretary Moultrie. In terms of being able to add another 
aspect to what we are doing with continuous vetting, and 
plugging that into the NBIS system, that would be a logical 
add. And I know, as it pertains to academics and records and 
what we have, being able to import that data will be very 
important.
    Chairman Warner. And please, we may not be able to mandate 
that a local criminal justice system has to share or--higher 
ed, but there are ways we could do incentives. Please give us 
that guidance.
    Senator King.
    Senator King. I must say, I'm still a little confused about 
reciprocity. Let me be specific. You've got a Defense 
Intelligence Agency officer who is retiring, wants to go to 
work for the CIA. This individual has a top-secret clearance. 
Is there any further security clearance process that has to 
take place before he or she can go to work for the CIA?
    Deputy Director Dixon. There are definitely different 
processes that will need to take place to include, in some 
cases, some agencies will have a different psychological 
process, a medical process, in addition to a different, 
enhanced polygraph process.
    Senator King. Okay. So, in that case, there is no 
reciprocity.
    Deputy Director Dixon. There is for like things. But in 
this situation, and when you're trying to determine whether the 
person----
    Senator King. Well, ``like thing.'' I'm talking about a DIA 
officer who wants to go to the CIA. And it's either reciprocity 
or it isn't. If there's more forms, investigations, polygraphs, 
that isn't reciprocity.
    Deputy Director Dixon. I'll broaden it just a little bit. 
There are different workforce requirements. For example, in 
CIA, you gave that example, they have a lot more of time the 
officers being overseas. Being able to make sure that the 
person is medically able to do some of those jobs will be part 
of their process. That doesn't fall under a security clearance. 
It's more a fitness for duty.
    Senator King. Well, that's different. That's not what I'm 
talking about.
    But I think what you're telling me is we don't have 
reciprocity. How about if somebody that works for the NSA who 
retires and wants to go to work for the CIA as an analyst? Does 
the NSA top-secret clearance work? No more forms, no more 
polygraphs, no more checks when they go to the CIA?
    Deputy Director Dixon. There will be internal checks to 
make sure that the receiving agency doesn't have information 
that they need to bring up to speed, or to bring up to date, to 
make sure that it's current. The current process we have, as 
we're transitioning into continuous vetting, there's still some 
backlog. With more people in there, they should be less 
timelined----
    Senator King. I'm confused.
    Deputy Director Dixon. Okay.
    Senator King. If I have reciprocity as a lawyer in Maine, I 
don't have to do anything when I go to Massachusetts and go 
into court, except to say I have a law degree in Maine or a law 
license. You either have reciprocity or you don't. And I think 
what you're telling me is, you don't.
    Deputy Director Dixon. I would say it's broader than the 
simple term of reciprocity. I suppose that it is more 
complicated than one thing being exactly transferable to 
another.
    Senator King. I do not mean to be argumentative.
    Deputy Director Dixon. No, no, no.
    Senator King. We're being reassured about reciprocity, but 
it isn't happening. Reciprocity means you can do it here; you 
can do it over here if you quit. Don't use the term reciprocity 
if it's not reciprocity. Okay?
    Deputy Director Dixon. I would love to. That would be 
great. I will actually----
    Senator King. There is a different word.
    Deputy Director Dixon. Transfer of trust is the word that 
we're trying to use. And you can transfer the trust if it's the 
same thing. But if there's a difference in the type of work 
that's going to be done, it will be a a different process.
    Senator King. But then the question is, why not--why not? 
If they have a top-secret clearance at the Department of 
Defense, why isn't that good enough for the CIA? And you're 
talking about the same kind of documents.
    Mr. Moultrie testified that if you have the two clearances, 
you can all work together on the same documents. Right? You 
were saying that before. But you can't go over and get a job.
    Secretary Moultrie. Having worked at NSA and then 
transferred to CIA, resigned from NSA, and joined the CIA.
    Senator King. You're my case in point.
    Secretary Moultrie. Exactly. I can tell you how it worked 
for me, at least.
    There's clearance reciprocity, where it says everybody has 
the same top-secret clearance. There are access issues. And 
different agencies will have an access issue. You have the same 
clearance, so CIA recognizes, as you said, that you may have a 
top-secret clearance. They may have an additional bar, if you 
will, or additional criteria, to give you access to their 
systems. And so, they go through another check or another 
layer, because of the things that have happened in their 
history, and that gives you access. Even though you already 
have a top-secret clearance, there's an access component to 
this, Senator, that is factored in.
    Senator King. And how long does it take to go through that 
second process? One of the things this Committee is trying to 
get at is the length of time that's involved. And to our less-
expert eyes than yours, it seems to us that one way to 
streamline this is to say top secret means top secret. If you 
have it here, you have it over here.
    So how long does it take to do the additional?
    Secretary Moultrie. I can't speak specifically to the CIA 
and how long it takes. But I can say within non-CIA 
organizations, for the most part--and I have to exclude NSA, 
because they have other access issues and polygraph issues that 
they require--in addition to having your clearance, you can 
have a top-secret clearance and not have a polygraph.
    NSA and CIA require polygraph, which is an additional layer 
on top. So that will add time to the process, too.
    Senator King. Mr. Chairman, it sounds like we've got some 
work to do on reciprocity.
    Chairman Warner. We do. And you know, yes, it is. And 
unfortunately, I think Ron is being generous. This is 
oftentimes months. And I'd even give CIA, because of its unique 
responsibility, and even NSA, you know, a little slack on this.
    When we're talking about overhead, the one example I like 
to use is NGA to NRO or vice versa. You know, you're still 
dealing, pretty much, with the same pixels and how you analyze 
that. And there's still problems there. This is a gnarly issue 
and it has been around for a long time. I do think we have the 
focus, and people are working through to take this from five to 
three, to kind of get the culture right on that.
    And the--the chart I got here. Ms. Ahuja, you know, this 
would be wild--25, 40, and 75 days is the three categories. You 
get there, you'll never get any grief from me, because it's so 
much shorter. Now, Stacy, chances are we are never getting it. 
Some of you all see an end of that. But--but again, we're still 
at--I think the average number was north of 400 days. Now there 
are certain pieces on experiment. Director Burns has got down, 
but we're losing great personnel, because they just can't wait.
    Mike, do you want to do another round? Angus?
    Obviously, maybe I'm a little obsessed about this, but I 
think it's going to take a little bit of relentless obsession, 
because it's easier to stick with the status quo. It's easier 
not to make people uncomfortable. It's like the classification 
issue, which again, a lot of us on this Committee are going to 
push on, because I think we all know it's people, people, 
people, people. And if we don't, we can't attract and keep 
people and we can't even make it somewhat easy to move in and 
out of government, particularly in our defense and 
intelligence. We need that--that exchange back and forth.
    We appreciate how far you've come. Again, I want to be 
clear on this issue. With the last Administration, I had a lot 
of differences, but the last Administration made progress on 
this as well. I do feel like the Trusted Workforce 2.0 could 
have been potentially signed. I think it sat on the President's 
desk for a long time in the last Administration.
    But you know we will be your support. We'll help give you 
some cover. But we are going to stay on this. And I thank all 
of your commitment. I also know there's lots and lots of people 
who are not just here in this room, but back at your respective 
entities, please thank them. You have our attention. You have 
our focus.
    Any last words for anybody on the panel?
    Deputy Director Miller. I just want to add one thing on the 
chart that you showed, because I think it does speak to the 
transformative impact of what we can accomplish over time. It 
requires rewiring how these processes work. Those numbers are 
for the vast majority of people that go through the system. The 
75 days that people talked about--the 400-plus days that it 
took people to get a top-secret clearance before--75 days is 
even more ambitious than the comparison to that, because we're 
measuring everything.
    The current system only measures the 90 percent fastest. We 
have a huge tail that we're not even measuring. We're trying to 
measure everything so we can manage it and make sure that we're 
really driving transformative impact.
    Chairman Warner. Jason, you buried the lead. You should 
have said that when we were all here. I mean, that's right, you 
share that. But that is a kind of a fundamental commitment to 
transparency that you're not just going to take the 90 percent 
universe. You're going to do 100 percent universe. Good news. 
And I hope, again, staff will share with their Members that 
that's the right goal to have.
    Anything else?
    We're adjourned. Thank you.
    (Whereupon at 4:08 p.m. the hearing was adjourned.)

                                  [all]