Federal Personnel Vetting Core Doctrine

AGENCY:

Office of Personnel Management (OPM) and Office of the Director of National Intelligence (ODNI).

ACTION:

General statement of policy.

SUMMARY:

This action by the Acting OPM Director in the capacity as the Suitability and Credentialing Executive Agent, in consultation with the Director of National Intelligence (DNI) in the capacity as the Security Executive Agent, establishes a Federal Personnel Vetting Core Doctrine to guide transformative efforts to reform the U.S. Government personnel security vetting processes. This policy statement is consistent with direction established by the President in an Executive order entitled Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information, mandating the Executive Agents to align, to the greatest extent practicable, the Federal workforce vetting processes to promote mobility, improve efficiencies and move towards an enhanced risk management approach. With the issuance of this general statement of policy, the Federal Personnel Vetting Core Doctrine establishes the philosophy for the Government's personnel vetting program and will guide development of Government-wide and agency policy. This Core Doctrine defines the personnel vetting mission, its guiding principles, key supporting processes, and policy priorities.

DATES:

Comments must be received on or before February 12, 2021.

ADDRESSES:

You may submit comments, identified by the docket number or Regulation Identifier Number (Z-RIN) for this document, by any of the following methods:

• Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions for sending comments.

All submissions received must include the agency name and docket number or RIN (RIN 3206-ZA02, October 2020) for this document. The general policy for comments and other submissions from members of the public is to make these submissions available for public viewing at http://www.regulations.gov as they are received without change, including any personal identifiers or contact information. OPM will prepare and post a public response to major concerns raised in the comments, as appropriate, on its guidance Web portal, either before or when the guidance document is finalized and issued.

FOR FURTHER INFORMATION CONTACT:

Dorianna Rice at Suitability Executive Agent Programs, OPM, SuitEA@opm.gov or (202) 606-8460 and/or National Counterintelligence and Security Center, ODNI, at SecEA@dni.gov.

SUPPLEMENTARY INFORMATION:

Authority for This Action

Executive Order 13467, Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information (June 30, 2008), as amended, established the DNI as the Security Executive Agent and the Director of OPM as the Suitability & Credentialing Executive Agent. ODNI and OPM are the primary entities responsible for policy and oversight of the Federal Government's personnel vetting process. The ODNI and OPM are issuing this general statement of policy to inform Federal agencies and the public of a new framework designed to guide the fundamental transformation of the Federal Government's personnel vetting process. All other applicable authorities are cited within the body of the general statement of policy below. 5 U.S.C. 552(a)(1)(D) provides that agencies publish their general statements of policy in the Federal Register for the guidance of the public.

The contents of this document do not have the force and effect of law and are not meant to bind the public in any way, except as authorized by law or incorporated into a contract. This document is intended to provide clarity to the public regarding existing requirements under the law or agency policies and to inform agencies of the framework that will guide their implementation of existing legal requirements, and any new requirements that are adopted. This document was created to explain to agencies the underlying philosophies that should animate the implementation of their responsibilities with respect to adjudicating suitability or fitness, eligibility to hold a position that is national security sensitive, and eligibility for logical or physical access to agency systems or facilities.

Regulatory Impact

Executive Orders 13563 and 12866 direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). Executive Order 13563 emphasizes the importance of quantifying both costs and benefits, of reducing costs, of harmonizing rules, and of promoting flexibility. This guidance has been reviewed by OMB and designated a “significant regulatory action,” under Executive Order 12866. However, it is not economically significant.

Promoting International Regulatory Cooperation

As required by Executive Orders 13891 and 13609, OPM and ODNI have concluded that this guidance document is not a significant regulation having significant international impacts.

Reducing Regulation and Controlling Regulatory Costs

This guidance is not expected to be subject to the requirements of E.O. 13771(82 FR 9339, February 3, 2017) because it is expected to impose no more than de minimis costs.

Regulatory Flexibility Act

OPM and ODNI certify that this guidance document will not have a significant economic impact on a substantial number of small entities because it will apply only to Federal agencies.

Unfunded Mandates Act of 1995

This guidance will not result in the expenditure by state, local, and tribal governments, in the aggregate, or by the private sector, of $100 million or more in any year and it will not significantly or uniquely affect small governments. Therefore, no actions were deemed necessary under the provisions of the Unfunded Mandates Reform Act of 1995.

Congressional Review Act

The Congressional Review Act (5 U.S.C. 801 et seq.) requires rules (as defined in 5 U.S.C. 804) to be submitted to Congress before taking effect. OPM will submit to Congress and the Comptroller General of the United States a report regarding the issuance of this action before its effective date, as required by 5 U.S.C. 801. This action is not major as defined by the Congressional Review Act (CRA) (5 U.S.C. 804).

Paperwork Reduction Act

This guidance does not impose any new reporting or record-keeping requirements subject to the Paperwork Reduction Act.

I. Background: Trusted Workforce 2.0

Effective Government operations require that the Federal Government's workforce be trusted to deliver on the mission, provide excellent service, and demonstrate effective stewardship of taxpayer funds. Recognizing that establishing and maintaining trust is the core goal of the Federal personnel vetting program, the Security Executive Agent and the Suitability and Credentialing Executive Agent in coordination and consultation with the Under Secretary of Defense for Intelligence and Security (USD(I&S)) and the Deputy Director for Management of OMB, in their roles as Principal Members of the Security, Suitability and Credentialing Performance Accountability Council (PAC), have initiated the “Trusted Workforce 2.0” (TW 2.0) transformational efforts to provide a roadmap for reformed and innovative Federal personnel vetting.

In March 2018, ODNI and OPM launched the TW 2.0 effort, in consultation with other agencies across the U.S. Government, to fundamentally overhaul the Federal personnel vetting process. The effort was organized into two phases. Phase One was designed to reduce and eliminate the then extant background investigation inventory, which had grown substantially due to a confluence of prior events, while Phase Two sought to establish a new Government-wide approach to personnel vetting. This general statement of policy addresses Phase Two of TW 2.0.

II. Discussion of the Policy

With the issuance of this General Policy Statement, the Federal Personnel Vetting Core Doctrine establishes the philosophy of the Government's personnel vetting program and will guide development of Government-wide and agency policy. This Core Doctrine defines the personnel vetting mission, its guiding principles, key supporting processes, and policy priorities.

After the issuance of this Federal Personnel Vetting Core Doctrine, the next steps involve consulting with Federal agencies through interagency processes to refine and begin issuing and implementing the policies across the Federal Government to bring about change. In the coming months, ODNI and OPM anticipate several Executive Branch policies to be issued that will provide high-level direction, establish an aggressive path forward, and outline immediate steps to bridge to the future state. Public participation will be provided through applicable statutory procedures, such as notice-and-comment rulemaking under the Administrative Procedure Act for substantive rules, and 60-day and 30-day notices under the Paperwork Reduction Act for information collections.

Federal Personnel Vetting Core Doctrine

RIN 3206-ZA02, October 2020

I. Overview

This Federal Personnel Vetting Core Doctrine (Core Doctrine) sets forth the defining elements of a successful program for vetting the individuals who make up a trusted Federal workforce. It provides the philosophy for and guides all personnel vetting policy, including all Executive Branch-wide and agency-specific policy and procedures. The Executive Agents will review the Core Doctrine regularly, at least every five years, to ensure it is current and that Federal personnel vetting business operations at all times further the principles, outcomes, and management and policy priorities set forth herein. Department and agency heads should review their departmental and agency policies and procedures periodically to ensure those policies and procedures further the principles, outcomes, and management and policy priorities set forth herein.

The contents of this document do not have the force and effect of law and are not meant to bind the public in any way, except as authorized by law or incorporated into a contract. This document is intended only to provide clarity to the public regarding existing requirements under the law or agency policies and guidance to Federal agencies implementing the legal requirements relating to Federal vetting processes. The guidance is not intended to revise or replace any previously issued guidance.

II. Authorities

This Core Doctrine is issued by the Security Executive Agent and the Suitability & Credentialing Executive Agents pursuant to the following authorities:

A. 50 U.S.C. 3341 and 3352a.

B. 5 U.S.C. 1103, 1104, 3301, 7301, and 11001.

C. E.O. 12968, Access to Classified Information (August 2, 1995), as amended.

D. Homeland Security Presidential Directive 12, Policy for a Common Identification Standard for Federal Employees and Contractors (August 27, 2004).

E. E.O. 13467, Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information (June 30, 2008), as amended.

F. E.O. 13488, Granting Reciprocity on Excepted Service and Federal Contractor Employee Fitness and Reinvestigating Individuals in Positions of Public Trust (January 16, 2009), as amended.

G. Civil Service Rules II, V, and VI, codified in 5 CFR parts 2, 5, and 6.

H. Office of Management and Budget Circular No. A-123, Management's Responsibility for Enterprise Risk Management and Internal Control.

III. Good Governance

Governance structures exist to promote efficient and effective personnel vetting outcomes and facilitate accountability to the President; responsiveness to Congress; and transparency, to the extent possible, consistent with the underlying mission, to the workforce, the public, and other stakeholders. Every member of the trusted Federal workforce has a shared responsibility for the successful outcomes of the Federal personnel vetting programs. The Federal personnel vetting governance framework is set forth in E.O. 13467, as amended, which assigns the following entities key governance roles and responsibilities:

A. The Security Executive Agent and the Suitability & Credentialing Executive Agent.

B. The Security, Suitability, and Credentialing Performance Accountability Council (PAC).

C. Department and agency heads.

D. Authorized personnel vetting investigative service providers (ISP).

IV. Personnel Vetting Principles

The overarching principles applicable to the Federal personnel vetting enterprise are intended to reflect the nation's security and personnel priorities. The following principles are common to every aspect of personnel vetting and are the benchmark for successful personnel vetting operations:

A. Consistent, Cogent, and Outcome-Based Policy Hierarchy. Policy that is informed by this Core Doctrine, including specific guidelines that are outcome-based, as appropriate, and corresponding standards and appendices that provide information sources, methods, and implementation guidance.

B. Holistic Risk Management for Federal Personnel Vetting. Assessment of potential threats and vulnerabilities presented by those who are currently or would be trusted insiders throughout the Government to manage risk to people, property, information, and mission. Personnel vetting is one of multiple areas where risk is managed in the Government.

C. Government-Wide Solutions. Providing Government-wide policy mechanisms, information technology shared services, shared services for business functions, and Government-wide regulatory tools whenever possible.

D. Continuous Data-Driven Improvements. Continuous performance improvements that support data-driven policy decisions, integration of innovations and emerging technologies; and remedial action and resolution for when adverse events or other program failures occur.

E. Lawful, Fair, and Effective Outcomes. Consistent and equitable treatment of individuals through adherence to legal obligations and protections, including privacy, procedural, and constitutional rights, as appropriate, promotes protection of national security; protection of Government personnel, property, information and systems; and the efficiency and integrity of the civil service.

F. Open Government. Transparency of the Federal personnel vetting program to the Federal workforce, the public, and Congress, consistent with applicable privileges or statutory limitations on disclosure (e.g., national security needs, classified information protection, controlled unclassified information (CUI), and other privileges such as the deliberative process privilege).

G. Culture of Shared Responsibility. A collective environment built upon mutual goals, effective training, appropriate behavior, and shared expectations and obligations by all stakeholders.

V. Personnel Vetting Outcomes

The Federal Government must effectively optimize the resources, information, and technology to support the goal of a trusted workforce to conduct the business of the Federal Government. Personnel vetting assesses the trustworthiness of individuals based on the core characteristics to protect people, property, information, and mission, as they relate to the particular purpose. Personnel vetting is successful when it:

A. Provides a trusted workforce based on an evaluation of conduct, integrity, judgment, loyalty, and reliability.

B. Consistently results in efficient, effective, and timely trust determinations, regardless of vetting domain, while complying with applicable law.

C. Produces timely, comprehensive, and appropriate organizational response to adverse events.

D. Quickly identifies and appropriately addresses issues that may adversely affect the trust determinations of individuals.

E. Promotes mobility of individuals between and within Federal agencies and Government contractors and enables efficient re-entry to Federal service from the private sector. Mobility is enhanced by efficient transfer of trust determinations and reciprocity between departments and agencies, and across roles for individuals who work for or on behalf of the Federal Government.

F. Inspires the public's confidence in a trusted Federal workforce and the wise stewardship of public resources.

G. Employs continuous data-driven performance improvement and outcome-based metrics.

H. Leverages research and innovation capabilities to advance the Federal personnel vetting mission and increase the effectiveness of decision-making.

I. Uses data-driven analytics, as appropriate, to improve decision-making regarding Federal policies, processes, resources, personnel, and programs.

VI. Policy Priorities

The success of the Government's personnel vetting program depends on thoughtful, complete, and supportable articulation of policy goals. Department and agency personnel achieve policy goals if they are clear and consistent. For policy priorities to be successful:

A. All personnel vetting policy is integrated and aligned within a unified policy framework that is consistent with applicable law. The personnel vetting policy framework includes issuance of guidelines, that describe the successful outcomes that are intended, and those outcomes are achieved through detailed compliance criteria (issued in “standards”).

B. Policy is reviewed regularly to determine whether it remains consistent with law, still aligns with mission needs, is supported by current data, and responds to societal or other relevant changes, including emerging threats, to achieve its intended purpose.

C. Policy guides process and methodology and permits appropriate flexibility in the choice of methodology by agency practitioners charged with implementing it.

D. Policy drives the integration of business processes and capabilities for efficient and effective management of personnel vetting.

E. Policy promotes and enables multi-directional information-sharing to the greatest extent practical among personnel working in federal employee and contractor vetting, human resources, insider threat, military accessions, and complementary mission areas to identify risks in a timely manner, reduce waste, improve quality, increase effectiveness, and maximize efficiency.

F. Policy focuses on gathering and sharing all relevant information about an individual in a timely and efficient manner to identify the extent to which the individual exhibits the characteristics of a person who can be trusted to protect people, property, information, and mission, as appropriate under the relevant adjudicative standards.

G. Policy clearly describes the characteristics of a trusted person so that criteria are applied consistently, to the extent possible, across all vetting domains, resulting in basic trust determinations that are uniform across all agencies, and allowing for additional agency- or position-specific criteria to be applied only when necessary to meet unique needs of that agency or position.

H. Personnel vetting policy guidelines informed by this Core Doctrine are issued by the Executive Agents. Authority to issue standards and their appendices may be delegated by the Executive Agents pursuant to their respective authorities.

I. Departments and agencies must ensure that their policy is consistent with the Federal personnel vetting policy framework.

J. Departments and agencies must ensure sufficient funding and resources are dedicated in support of the personnel vetting mission.

VII. Risk Management

Risk is unavoidable when realizing an organization's objectives, and all governmental activities involve managing risk, including preventing, detecting, and mitigating both human and enterprise risk. Federal personnel vetting is one of multiple ways that the Government manages human risk; others include insider threat programs, human resources programs, drug testing, etc. Personnel vetting risk management is successful when:

A. It is applied both throughout the end-to-end process and at all levels of vetting to reduce risk to people, property, information, and mission.

B. It uses a layered risk management approach that (1) uses deterrence and remediates vulnerabilities and (2) takes into account enterprise risk management and human risk management in the development of policy and in the design and operation of government-wide and agency personnel vetting programs that implement the policy.

C. Personnel vetting integrates information from entities with complementary missions that also manage personnel risk (e.g., insider threat programs, counterintelligence, human resources programs).

D. A senior agency official is assigned with the responsibilities to oversee the management of an effective personnel vetting program.

VIII. Information Management

Obtaining and using information about an individual to make a trust determination, whether obtained from internal agency or external Government and non-government sources, must meet the specific purpose as defined in the personnel vetting program. When gathering information departments and agencies must take into account the privacy and other legal rights of the individual. Properly managing and safeguarding information is essential to good government, maintaining the trust of the public and the workforce, and the quality and effectiveness of operations. For information management to be successful, Federal departments and agencies must ensure that:

A. Information used to make trust determinations and manage risk is accurate, relevant, timely, and as complete as is reasonably necessary to assure fairness to the individual.

B. Information collection is not unduly intrusive and is appropriately tailored to the purposes for which it is collected.

C. Information collection and management practices do not adversely affect, and are designed to promote, the Government's ability to attract talented and trustworthy individuals to public service and service to Government under contracts.

D. Vetting practitioners are engaged with individuals during the entire vetting process to collect information, resolve derogatory information, improve transparency, and cultivate effective two-way communication between the individual and the Government. Trusted insiders and the Government share responsibility for maintaining complete, accurate, and relevant information as part of an individual's personnel

E. Vetting record.

F. A trained and vetted staff is accountable for the protection of information, including information shared by complementary missions.

G. Mechanisms are in place to safeguard personnel vetting sources and methods, and to protect the collection, use, dissemination, and retention of information.

H. Efficiencies are maximized in the collection, use, dissemination, and retention of information across Government when there is cooperation and timely sharing of relevant information among complementary missions both between and within departments and agencies.

I. A risk-based approach is used to identify and detect potential vulnerabilities and threats early in the process and undertake risk mitigation throughout the process to lessen or prevent the impact to people, property, information, and mission.

IX. Information Technology

Successfully vetting a trusted workforce and protecting personal data requires effective, secure, and innovative technology and the ability to integrate newer and better technology as it becomes available. Combating cyber threats, complying with data protection requirements, and managing information are integral to the vetting process. The successful execution of the Federal personnel vetting mission requires that Federal agencies ensure:

A. Security principles are embedded in all information technology (IT) systems in accordance with applicable law, E.O.s, rules, and regulations.

B. Development efforts incorporate government-wide guidance that adopts private sector best practices for the agile and iterative development and delivery of new or modified IT systems and capabilities.

C. Cutting-edge technologies are adopted to improve both quality and timeliness of personnel vetting, while outdated and legacy IT capabilities are decommissioned.

D. Federal IT shared services are used to maximize return on investment, reduce duplication, and improve effectiveness.

X. Awareness and Organizational Culture

A Federal trusted workforce requires that all levels of the Federal Government use good risk management techniques and promote an effective security posture. A strong culture of personal accountability and understanding potential risks allows the personnel vetting mission to effectively function. To achieve this organizational culture:

A. All members of the trusted workforce must understand their role and take personal ownership of their responsibilities in the success of the overall personnel vetting enterprise.

B. All members of the trusted workforce must understand, support, and execute the responsibilities that accompany a favorable trust determination.