DoD Investigative and Adjudicative Guidance for Issuing the Common Access Card (CAC), 55622-55633 [2014-22034]

Download as PDF 55622 Federal Register / Vol. 79, No. 180 / Wednesday, September 17, 2014 / Rules and Regulations not received, within the said applicable time, the buyer’s consent to any further delay; (4) The seller has notified the buyer of its inability to make shipment and has indicated its decision not to ship the merchandise; (5) The seller fails to offer the option prescribed in paragraph (b)(1) of this section and has not shipped the merchandise within the applicable time set forth in paragraph (a)(1) of this section. (d) In any action brought by the Federal Trade Commission, alleging a violation of this part, the failure of a respondent-seller to have records or other documentary proof establishing its use of systems and procedures which assure compliance, in the ordinary course of business, with any requirement of paragraph (b) or (c) of this section will create a rebuttable presumption that the seller failed to comply with said requirement. asabaliauskas on DSK5VPTVN1PROD with RULES § 435.3 Limited applicability. 16:27 Sep 16, 2014 By direction of the Commission. Donald S. Clark, Secretary. [FR Doc. 2014–22092 Filed 9–16–14; 8:45 am] (a) This part shall not apply to: (1) Subscriptions, such as magazine sales, ordered for serial delivery, after the initial shipment is made in compliance with this part; (2) Orders of seeds and growing plants; (3) Orders made on a collect-ondelivery (C.O.D.) basis; (4) Transactions governed by the Federal Trade Commission‘s Trade Regulation Rule entitled ‘‘Use of Prenotification Negative Option Plans,’’ 16 CFR Part 425. (b) By taking action in this area: (1) The Federal Trade Commission does not intend to preempt action in the same area, which is not inconsistent with this part, by any State, municipal, or other local government. This part does not annul or diminish any rights or remedies provided to consumers by any State law, municipal ordinance, or other local regulation, insofar as those rights or remedies are equal to or greater than those provided by this part. In addition, this part does not supersede those provisions of any State law, municipal ordinance, or other local regulation which impose obligations or liabilities upon sellers, when sellers subject to this part are not in compliance therewith. (2) This part does supersede those provisions of any State law, municipal ordinance, or other local regulation which are inconsistent with this part to the extent that those provisions do not provide a buyer with rights which are equal to or greater than those rights granted a buyer by this part. This part also supersedes those provisions of any State law, municipal ordinance, or other VerDate Sep<11>2014 local regulation requiring that a buyer be notified of a right which is the same as a right provided by this part but requiring that a buyer be given notice of this right in a language, form, or manner which is different in any way from that required by this part. In those instances where any State law, municipal ordinance, or other local regulation contains provisions, some but not all of which are partially or completely superseded by this part, the provisions or portions of those provisions which have not been superseded retain their full force and effect. (c) If any provision of this part, or its application to any person, partnership, corporation, act or practice is held invalid, the remainder of this part or the application of the provision to any other person, partnership, corporation, act or practice shall not be affected thereby. Jkt 232001 BILLING CODE 6750–01–P DEPARTMENT OF DEFENSE Office of the Secretary 32 CFR Part 157 [Docket ID: DOD–2012–OS–0167] RIN 0790–AI97 DoD Investigative and Adjudicative Guidance for Issuing the Common Access Card (CAC) Under Secretary of Defense for Intelligence, DoD. ACTION: Interim final rule. AGENCY: This interim final rule establishes policy, assigns responsibilities, and prescribes procedures for investigating and adjudicating eligibility to hold the DoD Common Access Card (CAC). The CAC is the DoD personal identity verification (PIV) credential. Individuals appropriately sponsored for a DoD CAC must be investigated and adjudicated in accordance with this part. Prior to this rule, DoD components have been implementing investigative and adjudicative requirements for Homeland Security Presidential Directive—12 (HSPD–12) based solely on broad guidance issued by the U.S. Office of Personnel Management (OPM). This interim final rule elaborates on OPM guidance for component adjudicators who determine, based on review of investigative case files, SUMMARY: PO 00000 Frm 00020 Fmt 4700 Sfmt 4700 whether to grant CAC eligibility to individuals who require: Physical access to DoD facilities or non-DoD facilities on behalf of DoD; logical access to information systems (whether on site or remotely); or remote access to DoD networks that use only the CAC logon for user authentication. The adjudicator’s role is discussed further in the SUPPLEMENTARY INFORMATION. The interim final rule provides the adjudicator with conditions that may be disqualifying and circumstances relevant to the determination of whether there is a reasonable basis to believe there is an unacceptable risk. DATES: Effective Date: This rule is effective September 17, 2014. Comments must be received by November 17, 2014. ADDRESSES: You may submit comments, identified by docket number and/or RIN number and title, by any of the following methods: • Federal Rulemaking Portal: https:// www.regulations.gov. Follow the instructions for submitting comments. • Mail: Federal Docket Management System Office, 4800 Mark Center Drive, East Tower, Suite 02G09, Alexandria VA 22350–3100. Instructions: All submissions received must include the agency name and docket number or Regulatory Information Number (RIN) for this Federal Register document. The general policy for comments and other submissions from members of the public is to make these submissions available for public viewing on the Internet at https://www.regulations.gov as they are received without change, including any personal identifiers or contact information. FOR FURTHER INFORMATION CONTACT: Dr. Kelly Buck, 703–604–1130. SUPPLEMENTARY INFORMATION: Background The adjudicator’s role is to ensure a CAC is not issued to individuals if: (a) The individual is known to be or reasonably suspected of being a terrorist, (b) the employer is unable to verify the individual’s claimed identity, (c) there is a reasonable basis to believe the individual has submitted fraudulent information concerning his or her identity, (d) there is a reasonable basis to believe the individual will attempt to gain unauthorized access to classified documents, information protected by the Privacy Act, information that is proprietary in nature, or other sensitive or protected information, (e) there is a reasonable basis to believe the individual will use an identity credential outside the workplace E:\FR\FM\17SER1.SGM 17SER1 Federal Register / Vol. 79, No. 180 / Wednesday, September 17, 2014 / Rules and Regulations unlawfully or inappropriately, (f) there is a reasonable basis to believe the individual will use Federally-controlled information systems unlawfully, make unauthorized modifications to such systems, corrupt or destroy such systems, or engage in inappropriate uses of such systems, (g) there is a reasonable basis to believe, based on the individual’s misconduct or negligence in employment, that issuance of a CAC poses an unacceptable risk, (h) there is a reasonable basis to believe, based on the individual’s criminal or dishonest conduct, that issuance of a CAC poses an unacceptable risk, (i) there is a reasonable basis to believe, based on the individual’s material, intentional false statement, deception, or fraud in connection with Federal or contract employment, that issuance of a CAC poses an unacceptable risk, (j) there is a reasonable basis to believe, based on the nature or duration of the individual’s alcohol abuse without evidence of substantial rehabilitation, that issuance of a CAC poses an unacceptable risk, (k) there is a reasonable basis to believe, based on the nature or duration of the individual’s illegal use of narcotics, drugs, or other controlled substances without evidence of substantial rehabilitation, that issuance of a CAC poses an unacceptable risk, (l) a statutory or regulatory bar prevents the individual’s contract employment; or would prevent Federal employment under circumstances that furnish a reasonable basis to believe that issuance of a CAC poses an unacceptable risk; or (m) the individual has knowingly and willfully engaged in acts or activities designed to overthrow the U.S. Government by force. asabaliauskas on DSK5VPTVN1PROD with RULES I. Purpose a. The Need for the Regulatory Action and How the Action Will Meet That Need This interim final rule establishes policy, assigns responsibilities, and prescribes procedures for investigating and adjudicating eligibility to hold the DoD CAC. The CAC is the DoD personal identity verification (PIV) credential. On August 27, 2004, the President issued Homeland Security Policy Directive 12, ‘‘Policy for a Common Identification Standard for Federal Employees and Contractors, which mandated a requirement for a common identification standard for secure and reliable forms of identification for federal employees and contractors. Pursuant to section 2.3(b) of Executive Order 13467, on July 31, 2008, the U.S. Office of Personnel Management OPM VerDate Sep<11>2014 16:27 Sep 16, 2014 Jkt 232001 issued its final government-wide credentialing standards and mandated that all Federal departments and agencies use them in determining whether to issue or revoke PIV cards to their employees and contractor personnel, including those who are nonUnited States citizens. Pending the issuance of this interim final rule, the DoD promulgated two Directive-type memoranda: DTM 08– 006, ‘‘DoD Implementation of Homeland Security Presidential Directive—12 (HSPD–12), issued on November 26, 2008, established DoD policy for implementation of HSPD–12. Pursuant to DTM 08–006, DTM 08–003, ‘‘Next Generation Common Access Card (CAC) Implementation Guidance,’’ December 1, 2008, was issued to provide interim implementation guidance governing the CAC. DTM 08–006 was subsequently cancelled with issuance of DoDI 1000.13, ‘‘Identification (ID) Cards for members of the Uniformed Services, Their Dependents, and Other Eligible Individuals,’’ January 23, 2014. DTM 08–003 was subsequently cancelled with issuance of DoD Manual 1000.13, Volume 1, ‘‘DoD Identification (ID) Cards: ID Card Life-Cycle,’’ January 23, 2014. This interim final rule implements HSPD–12 for the DoD by establishing policy and assigning responsibilities for investigating and adjudicating eligibility to hold a CAC, procedures upon revocation of a CAC, and processing of appeals. b. Legal Authority for the Regulatory Action Homeland Security Presidential Directive-12, ‘‘Policy for a Common Identification Standard for Federal Employees and Contractors,’’ August 27, 2014, requires the government-wide standard for secure and reliable forms of identification for Federal employees and contractors. The Department of Commerce issued Federal Information Processing Standard 201–2 as the standard. Executive Order 13467 of June 30, 2008, ‘‘Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information’’ established the Office of Personnel Management (OPM) to serve as the Suitability Executive Agent regarding suitability and eligibility for logical and physical access. As such, OPM issued the ‘‘Final Credentialing Standards for Issuing Personal Identity Verification Cards Under HSPD–12’’ on July 31, 2008. II. Summary of the Major Provisions This rule: PO 00000 Frm 00021 Fmt 4700 Sfmt 4700 55623 a. Provides investigative requirements and credentialing standards for issuing, denying, or revoking a CAC. b. Provides guidance for applying credentialing standards during adjudication. c. Provides for an appeal process. d. Establishes procedures upon revocation of a CAC. III. Costs and Benefits The interim final rule does not impose direct costs onto the public because costs associated with the implementation of the investigation and adjudicative standards will be borne by the Department. However, the HSPD–12 mandate will increase overall costs for the DoD to investigate and adjudicate individuals covered by the Instruction who would not otherwise undergo an adjudication to determine suitability for the competitive service, eligibility for a national security sensitive position, or fitness for appointment to the excepted service or to perform work under a Government contract. The costs to the Department are not driven by the policy contained in this interim final rule, but rather HSPD–12 and the U.S. Department of Commerce’s National institute of Standards and Technology’s Federal Information Processing Standards Publication 201–2 (FIPS 201– 2), August 2013, mandate for investigating and adjudicating eligibility to hold a CAC. This interim final rule provides for protections against unauthorized access to federal facilities and federally controlled information systems and other sensitive or protected information. This policy manages risk and creates efficiencies by ensuring persons are vetted to uniform national standards. Standardized investigative and adjudicative guidance will eliminate inter-agency variations that have existed in the quality and security of identification used to gain access to secure facilities where there is potential for terrorist attacks. Establishing a mandatory, Department-wide standard for secure and reliable forms of identification that the Department issues to its employees and contractors enhances security, increases Government efficiency, reduces identity fraud, and protects personal privacy. Implementing policies and procedures that apply across the Department will also result in significant intra-agency efficiencies. Absent this Department-wide guidance—which leverages already established processes and capabilities— the individual components may handle HSPD–12 compliance in multiple ways, duplicating effort and expending E:\FR\FM\17SER1.SGM 17SER1 55624 Federal Register / Vol. 79, No. 180 / Wednesday, September 17, 2014 / Rules and Regulations asabaliauskas on DSK5VPTVN1PROD with RULES valuable resources. Thus the cost of complying with the HSPD–12 mandate will be even greater in the absence of DoD-wide policy and procedures. Interim Final Rule Justification This rule is being published as an interim final rule as DoD’s current efforts to comply with HSPD–12 need extensive procedural guidance to ensure consistency of implementation of 32 CFR part 156 and DoD Instruction 5200.02. This interim final rule provides DoD components and Component Heads with detailed policy and procedures specific to the DoD regarding investigation, adjudication, and appeals for DoD CAC issuance. This rule consolidates, clarifies, and elaborates DoD CAC policy as appropriate to ensure that Components’ policies and procedures for CAC applications, investigations, adjudications, management, oversight, and appeals are aligned across the Department using consistent standards and practices in cost-effective, timely, and efficient ways. If this rule is not published as an interim final rule, it will prolong the vulnerability of DoD’s personnel, information, and facilities to risks that are created by a current lack of uniformity in how DoD Components define and implement roles, responsibilities and requirements associated with DoD CAC-issuance. As one example, circumstances surrounding the shooting at the Washington Navy Yard highlight the importance of consistent and specific requirements for revocation and retrieval of credentials for personnel who have been identified as posing unacceptable risks. As such, this policy mandates revocation and retrieval of credentials and timely updates to physical and logical accesses, when appropriate, to prevent use of invalidated credentials. Additionally, to better consistently protect DoD’s personnel, systems, and facilities, the DoD Components’ concurred with applying both basic and supplemental credentialing standards and this policy helps codify that agreement. As such, the DoD ensures that all behaviors that suggest unacceptable risks to life, safety, or health of DoD personnel, information, or property are uniformly considered in all adjudications for credentials. To ensure that all individuals are consistently afforded opportunity to respond to any official decision that they are not acceptable risks for issuance of a CAC, this interim rule provides standard procedures for use across the DoD by individuals who wish VerDate Sep<11>2014 16:27 Sep 16, 2014 Jkt 232001 to appeal denials or revocations of CACs. This rule is subject to update whenever additional policy guidance is provided by the Office of Management and Budget or the U.S. Office of Personnel Management. Further, DoD will consider public comments received in response to this interim rule in the formation of the Department’s final rule. Executive Order 12866, ‘‘Regulatory Planning and Review’’ and Executive Order 13563, ‘‘Improving Regulation and Regulatory Review’’ We have consulted with the Office of Management and Budget (OMB) and determined this interim final rule meets the criteria for a significant regulatory action under Executive Order 12866, as supplemented by Executive Order 13563, and was subject to OMB review. Sec. 202, Public Law 104–4, ‘‘Unfunded Mandates Reform Act’’ Section 202 of the Unfunded Mandates Reform Act of 1995 (UMRA) (Pub. L. 104–4) requires agencies assess anticipated costs and benefits before issuing any rule whose mandates require spending in any 1 year of $100 million in 1995 dollars, updated annually for inflation. In 2014, that threshold is approximately $141 million. This document will not mandate any requirements for State, local, or tribal governments, nor will it affect private sector costs. Public Law 96–354, ‘‘Regulatory Flexibility Act’’ (5 U.S.C. 601) It has been certified that 32 CFR part 157 is not subject to the Regulatory Flexibility Act (5 U.S.C. 601) because it would not, if promulgated, have a significant economic impact on a substantial number of small entities. Public Law 96–511, ‘‘Paperwork Reduction Act’’ (44 U.S.C. Chapter 35) This rule does impose reporting or recordkeeping requirements under the Paperwork Reduction Act of 1995. This collection has been approved by the Office of Management and Budget under OMB Control Number 0704–0415 titled ‘‘Application for Department of Defense Common Access Card—DEERS Enrollment’’. Executive Order 13132, ‘‘Federalism’’ Executive Order 13132 establishes certain requirements that an agency must meet when it promulgates a proposed rule (and subsequent final rule) that imposes substantial direct requirement costs on State and local governments, preempts State law, or otherwise has Federalism implications. PO 00000 Frm 00022 Fmt 4700 Sfmt 4700 This document will not have a substantial effect on State and local governments. List of Subjects in 32 CFR Part 157 Common Access Card (CAC), Contractors; Federal employees, Federal facilities, Federally-controlled information systems, HSPD–12 credentialing standards, Identity verification, Personal identity verification (PIV) card, Sensitive or protected information, Terrorist; Unauthorized access. Accordingly 32 CFR part 157 is added to read as follows: PART 157—DOD INVESTIGATIVE AND ADJUDICATIVE GUIDANCE FOR ISSUING THE COMMON ACCESS CARD (CAC) Sec. 157.1 157.2 157.3 157.4 157.5 157.6 Purpose. Applicability. Definitions. Policy. Responsibilities. Procedures. Authority: HSPD–12, E.O 13467, E.O. 13488, FIPS 201–2, and OPM Memorandum. § 157.1 Purpose. This part establishes policy, assigns responsibilities, and prescribes procedures for investigating and adjudicating eligibility to hold a Common Access Card (CAC). The CAC is the DoD personal identity verification (PIV) credential. § 157.2 Applicability. This part applies to: (a) the Office of the Secretary of Defense, the Military Departments (including the Coast Guard at all times, including when it is a Service in the Department of Homeland Security by agreement with that Department), the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (hereinafter referred to collectively as the ‘‘DoD Components’’). (b) The Commissioned Corps of the U.S. Public Health Service (USPHS), under agreement with the Department of Health and Human Services, and the National Oceanic and Atmospheric Administration (NOAA), under agreement with the Department of Commerce. § 157.3 Definitions. These terms and their definitions are for the purpose of this part. E:\FR\FM\17SER1.SGM 17SER1 asabaliauskas on DSK5VPTVN1PROD with RULES Federal Register / Vol. 79, No. 180 / Wednesday, September 17, 2014 / Rules and Regulations Actionable information. Information that potentially justifies an unfavorable credentialing determination. CAC. The DoD Federal PIV card. Contractor. Defined in Executive Order 13467, ‘‘Reforming Processes Related to Sustainability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information’’. Contractor employee fitness. Defined in E.O. 13467. Debarment. A prohibition from taking a competitive service examination or from being hired (or retained in) a covered position for a specific time period.. Drugs. Mood and behavior-altering substances, including drugs, materials, and other chemical compounds identified and listed in 21 U.S.C. 801– 830 (also known as ‘‘The Controlled Substances Act of 1970, as amended’’) (e.g., marijuana or cannabis, depressants, narcotics, stimulants, hallucinogens), and inhalants and other similar substances. Drug abuse. The illegal use of a drug or use of a legal drug in a manner that deviates from approved medical direction. Employee. Defined in E.O. 12968, ‘‘Access to Classified Information’’. Fitness. Defined in E.O. 13488, ‘‘Granting Reciprocity on Excepted Service and Federal Contractor Employee Fitness and Reinvestigating Individuals in Positions of Public Trust’’. Fitness determination. Defined in E.O. 13488. Logical and physical access. Defined in E.O. 13467. Material. Defined in 5 CFR part 731. Reasonable basis. A reasonable basis to believe occurs when a disinterested observer, with knowledge of the same facts and circumstances, would reasonably reach the same conclusion. Terrorism. Defined in 19 U.S.C. 2331. Unacceptable risk. A threat to the life, safety, or health of employees, contractors, vendors, or visitors; to the U.S. Government physical assets or information systems; to personal property; to records, including classified, privileged, proprietary, financial, and medical records; or to the privacy rights established by The Privacy Act of 1974, as amended, or other law that is deemed unacceptable when making risk management determinations. U.S. National. Defined in U.S. OPM Memorandum, ‘‘Final Credentialing Standards for Issuing Personal Identity Verification Cards Under HSPD–12’’ (available at https://www.opm.gov/ VerDate Sep<11>2014 16:27 Sep 16, 2014 Jkt 232001 investigate/resources/final_ credentialing_standards.pdf). § 157.4 Policy. It is DoD policy that: (a) Individuals appropriately sponsored for a CAC consistent with DoD Manual 1000.13, Volume 1, ‘‘DoD Identification Cards: ID Card LifeCycle,’’ January 23, 2014, (available at https://www.dtic.mil/whs/directives/ corres/pdf/100013_vol1.pdf) must be investigated and adjudicated in accordance with this part. Individuals not CAC eligible may be processed for local or regional base passes in accordance with Under Secretary of Defense for Intelligence (USD(I)) policy guidance for DoD physical access control consistent with DoD Regulation 5200.08–R, ‘‘Physical Security Program’’ (available at https://www.dtic.mil/whs/ directives/corres/pdf/520008r.pdf) and local installation security policies and procedures. (b) A favorably adjudicated National Agency Check with Inquiries (NACI) or equivalent in accordance with revised Federal investigative standards is the minimum investigation required for a final credentialing determination for a CAC. (c) Individuals requiring a CAC must meet the credentialing standards in accordance with the U.S. Office of Personnel Management (OPM) Memorandum, ‘‘Final Credentialing Standards for Issuing Personal Identity Verification Cards Under HSPD–12’’; and U.S. Office of Personnel Management Memorandum, ‘‘Introduction of Credentialing, Suitability, and Security Clearance Decision-Making Guide (available at https://www.opm.gov/investigate/ resources/decision_making_guide.pdf) and this part. (d) A CAC may be issued on an interim basis based on a favorable National Agency Check or a Federal Bureau of Investigation (FBI) National Criminal History Check (fingerprint check) adjudicated by appropriate approved automated procedures or by a trained security or human resource (HR) specialist and successful submission to the investigative service provider (ISP) of a NACI, or a personnel security investigation (PSI) equal to or greater in scope than a NACI. Additionally, the CAC applicant must present two identity source documents, at least one of which is a valid Federal or State government-issued picture identification. (e) The subsequent final credentialing determination will be made upon receipt of the completed investigation from the ISP. PO 00000 Frm 00023 Fmt 4700 Sfmt 4700 55625 (f) Discretionary judgments used to render an adjudicative determination for issuing the CAC are inherently governmental functions and must only be performed by trained U.S. Government personnel who have successfully completed required training and possess a minimum level of investigation (NACI or equivalent in accordance with revised Federal investigative standards). Established administrative processes in 32 CFR part 156 and DoD Directive 5220.6, ‘‘Defense Industrial Personnel Security Clearance Review Program’’ (available at https:// www.dtic.mil/whs/directives/corres/pdf/ 522006p.pdf) must be applied. (g) Adjudications rendered for eligibility for access to classified information, eligibility to hold a sensitive position, suitability, or fitness for Federal employment based on a NACI or higher level investigation may result in a concurrent CAC decision for that position. (h) Favorable credentialing adjudications from another Federal department or agency will be reciprocally accepted in accordance with conditions stated in the procedural guidance in this part. Reciprocity must be based on final favorable adjudication only. (i) CAC applicants or holders may appeal CAC denial or revocation in accordance with the conditions stated in the procedural guidance in this part. Appeals must be processed as indicated in the procedural guidance in this part. (j) Non-U.S. nationals at foreign locations are not eligible to receive a CAC on an interim basis. Special considerations for conducting background investigations of non-U.S. nationals are addressed in U.S. OPM Memorandum, ‘‘Final Credentialing Standards for Issuing Personal Identity Verification Cards Under HSPD–12.’’ An interim CAC may be issued to non-U.S. nationals in the U.S. or U.S. territories if they have resided in the U.S. or U.S. territory for at least 3 years, and they satisfy the requirements of paragraph (e) of this section and paragraph (a)(4)(ii)(A) of § 157.6. (k) Individuals who have been denied a CAC or have had a CAC revoked due to an unfavorable credentialing determination are eligible to reapply for a credential 1 year after the date of final adjudicative denial or revocation. (l) Individuals with a statutory or regulatory bar are not eligible for reconsideration while under debarment, see paragraph (d)(6) of § 157.6. (m) The Deputy Secretary of Defense directed all reports of investigations conducted as required for compliance with Homeland Security Presidential E:\FR\FM\17SER1.SGM 17SER1 55626 Federal Register / Vol. 79, No. 180 / Wednesday, September 17, 2014 / Rules and Regulations Directive-12, ‘‘Policy for a Common Identification Standard for Federal Employees and Contractors’’ (available at https://www.dhs.gov/homelandsecurity-presidential-directive-12) to be sent to the consolidated DoD Central Adjudications Facility. (n) When eligibility is denied or revoked, CACs shall be recovered whenever practicable, and shall immediately be rendered inoperable. In addition, agencies’ physical and logical access systems shall be immediately updated to eliminate the use of a CAC for access. asabaliauskas on DSK5VPTVN1PROD with RULES § 157.5 Responsibilities. (a) The USD(I) must: (1) In coordination with the Under Secretary of Defense for Personnel and Readiness (USD(P&R)) and the General Counsel of the Department of Defense (GC, DoD), establish adjudication procedures to support CAC credentialing decisions in accordance with DoD Manual 1000.13, Volume 1, ‘‘DoD Identification (ID) Cards; ID Card Life-Cycle’’; U.S. Office of Personnel Management Memorandum, ‘‘Final Credentialing Standards for Issuing Personal Identity Verification Cards Under HSPD–12’’; U.S. Office of Personnel Management Memorandum, ‘‘Introduction of Credentialing, Suitability, and Security Clearance Decision-Making Guide; Office of Management and Budget Memorandum M–05–24, ‘‘Implementation of Homeland Security Presidential Directive (HSPD) 12—Policy for a Common Identification Standard for Federal Employees and Contractors’’ (available at https:// www.whitehouse.gov/sites/default/files/ omb/memoranda/fy2005/m05-24.pdf); U.S. Office of Personnel Management Federal Investigations Notice Number 06–04, ‘‘HSPD 12—Advanced Fingerprint Results’’ (available at https://www.opm.gov/extra/investigate/ FIN06_04.pdf); Homeland Security Presidential Directive-12, ‘‘Policy for a Common Identification Standard for Federal Employees and Contractors’’; 5 U.S.C. 552, 552a and 7313; Federal Information Processing Standards Publication 201–2, ‘‘Personal Identity Verification (PIV) of Federal Employees and Contractors’’ (available at https:// csrc.nist.gov/publications/ PubsFIPS.html); Executive Order 13467, ‘‘Reforming Processes Related to Suitability for Government Employment, Fitness for Contractor Employees, and Eligibility for Access to Classified National Security Information’’; Executive Order 13488, ‘‘Granting Reciprocity on Excepted Service and Federal Contractor VerDate Sep<11>2014 16:27 Sep 16, 2014 Jkt 232001 Employee Fitness and Reinvestigating Individuals in Positions of Public Trust’’; 15 U.S.C. 278g–3; 40 U.S.C. 11331; and U.S. Office of Personnel Management Federal Investigations Notice Number 10–05, ‘‘Reminder to Agencies of the Standards for Issuing Identity Credentials Under HSPD–12’’ (available at https://www.opm.gov/ investigate/fins/2010/fin10-05.pdf) for issuing a CAC to Service members and DoD civilian personnel. (2) In coordination with the Under Secretary of Defense for Acquisition, Technology, and Logistics (USD(AT&L)) and the GC, DoD, establish adjudication procedures to support a CAC credentialing decision for contractors in accordance with the terms of applicable contracts and the references cited in paragraph (a)(1) of this section, the Federal Acquisition Regulation (available at https:// www.acquisition.gov/far/current/pdf/ FAR.pdf), and the Defense Federal Acquisition Regulation Supplement (available at https://www.acq.osd.mil/ dpap/dars/dfarspgi/current/ index.html). (3) Issue, interpret, and clarify CAC investigative and adjudicative guidance in coordination with the Suitability Executive Agent as necessary. (b) The USD(P&R) must, in coordination with the GC, DoD, implement CAC PSI and adjudication procedures established herein as necessary to support issuance of a CAC to Service members and DoD civilian personnel in accordance with the references cited in paragraph (a)(1) of this section. (c) The USD(AT&L) must, in coordination with the GC, DoD, implement CAC PSI and adjudication procedures established by the USD(I) for contractors in accordance with the terms of applicable contracts and the references cited in paragraph (a)(1) of this section, Federal Acquisition Regulation, current edition; and Defense Federal Acquisition Regulation Supplement, current edition. (d) The GC, DoD must: (1) Provide advice and guidance as to the legal sufficiency of procedures and standards involved in adjudicating CAC investigations. (2) Perform functions relating to the DoD Homeland Security Presidential Directive (HSPD)–12 Program in accordance with DoD Directive 5220.6, ‘‘Defense Industrial Personnel Security Clearance Review Program’’ (available at https://www.dtic.mil/whs/directives/ corres/pdf/522006p.pdf) and DoD Directive 5145.01, ‘‘General Counsel of the Department of Defense’’ (available at https://www.dtic.mil/whs/directives/ PO 00000 Frm 00024 Fmt 4700 Sfmt 4700 corres/pdf/514501p.pdf) including maintenance and oversight of the Defense Office of Hearings and Appeals (DOHA) and its involvement in contractor CAC revocations as specified in paragraph (b)(6)(i)(B) of § 157.6 of this part. (3) Coordinate on USD(P&R) implementation of CAC PSI and adjudication procedures, in accordance with the references cited in paragraph (a)(1) of this section, for Service members and DoD civilian personnel, and USD(AT&L) implementation of USD(I) procedures for CAC PSI and adjudication in accordance with the terms of applicable contracts and the references cited in paragraph (a)(1) of this section, Federal Acquisition Regulation and Defense Federal Acquisition Regulation Supplement. (e) The Heads of the DoD Components must: (1) Comply with and implement this part. (2) Provide resources for PSIs, adjudication, appeals, and recording of final adjudicative results in a centralized database. (3) Require individuals sponsored for a CAC to meet eligibility requirements stated in DTM 08–003. (4) Provide appeals boards for those individuals appealing CAC denial or revocation as specified in paragraph (b)(6)(i)(A) of § 157.6. (5) Enforce requirements for reporting of derogatory information, unfavorable administrative actions, and adverse actions to personnel security, HR, and counterintelligence official(s), as appropriate. (6) Require all PSIs submitted for nonDoD personnel to be supported by and comply with DoD PIV procedures in contracts that implement requirements of paragraphs 4.1303 and 52.204–9 of Federal Acquisition Regulation, current edition. (7) Require all investigations and adjudications required for non-DoD personnel to be in response to a current, active contract or agreement and that the number of personnel submitted for investigation and adjudication does not exceed the specific requirements of that contract or agreement while ensuring compliance with HSPD–12. § 157.6 Procedures. (a) CAC Investigative Procedures— (1) Investigative Requirements. (i) A personnel security investigation (NACI or greater) completed by an authorized ISP is required to support a CAC credentialing determination based on the established credentialing standards promulgated by OPM Memorandum, ‘‘Final Credentialing Standards for E:\FR\FM\17SER1.SGM 17SER1 Federal Register / Vol. 79, No. 180 / Wednesday, September 17, 2014 / Rules and Regulations Issuing Personal Identity Verification Cards Under HSPD–12’’. (ii) Individuals identified as having a favorably adjudicated investigation on record, equivalent to or greater than the NACI, do not require an additional investigation for CAC issuance. (iii) There is no requirement to reinvestigate CAC holders unless they are subject to reinvestigation for national security or suitability reasons as specified in applicable DoD issuances. (2) Submission of Investigations. Investigative packages must be submitted promptly by HR or security personnel to the authorized ISP. Fingerprints for CAC applicants must be taken by HR or security personnel. DoD Components using the OPM as the ISP may request advanced fingerprint check results in accordance with OPM Federal Investigations Notice Number 06–04. (3) Reciprocity. (i) The sponsoring Component must not re-adjudicate CAC determinations for individuals transferring from another Federal department or agency, provided: (A) The individual’s former department or agency verifies possession of a valid PIV. (B) The individual has undergone the required NACI or other equivalent (or greater) suitability or national security investigation and received favorable adjudication from the former department or agency. (C) There is no break in service 2 years or more and the individual has no actionable information since the date of the last completed investigation. (ii) Interim CAC determinations are not eligible to be transferred or reciprocally accepted. Reciprocity must be based on final favorable adjudication only. (4) Foreign (Non-U.S.) Nationals. DoD Components must apply the credentialing process and standards in this part to non-U.S. nationals who work as employees or contractor employees for the DoD. However, special considerations apply to non-U.S. nationals. (i) At Foreign Locations. (A) DoD Components must initiate and ensure completion of a background investigation before applying the credentialing standards to a non-U.S. national at a foreign location. The background investigation must be favorably adjudicated before a CAC can be issued to a non-U.S. national at a foreign location. The type of background investigation may vary based on standing reciprocity treaties concerning identity assurance and information exchanges that exist between the U.S. and its allies or agency agreements with the host country. (B) The investigation of a non-U.S. national at a foreign location must be consistent with a NACI, to the extent possible, and include a fingerprint check against the FBI criminal history database, an FBI investigations files (name check) search, and a name check against the terrorist screening database. (ii) At U.S.-Based Locations and in U.S. Territories (Other than American Samoa and Commonwealth of the Northern Mariana Islands). (A) Individuals who are non-U.S. nationals in the United States or U.S. territory for 3 years or more must have a NACI or equivalent investigation initiated after 55627 employment authorization is appropriately verified. (B) Non-U.S. nationals who have been in the United States or U.S. territory for less than 3 years do not meet the investigative requirements for CAC issuance. DoD Components may delay the background investigation of a NonU.S. national who has been in the U.S. or U.S. territory for less than 3 years until the individual has been in the United States or U.S. territory for at least 3 years. In the event of such a delay, an alternative facility access identity credential may be issued at the discretion of the relevant DoD Component official, as appropriate based on a risk determination in accordance with DoD 5200.08–R, ‘‘Physical Security Program’’ (available at https://www.dtic.mil/whs/directives/ corres/pdf/520008r.pdf) and U.S. Office of Personnel Management Memorandum, ‘‘Final Credentialing Standards for Issuing Personal Identity Verification Cards Under HSPD–12.’’ (C) The U.S. territories of American Samoa and the Commonwealth of the Northern Mariana Islands are not included in the ‘‘United States’’ as defined by the Immigration and Nationality Act of 1952, as amended (Pub. L. 82–414). (5) Investigations Acceptable for CAC Adjudication. A list of investigations acceptable for CAC adjudication is located in the Table. These investigations are equivalent to or greater than a NACI. This list will be updated by the USD(I) as revisions to the Federal investigative standards are implemented. TABLE—FAVORABLY ADJUDICATED INVESTIGATIONS ACCEPTABLE FOR CAC ADJUDICATION asabaliauskas on DSK5VPTVN1PROD with RULES Investigation Description ANACI ........................ BGI–0112 .................. BGI–1336 .................. BGI–3760 .................. BI ............................... BIPN .......................... BIPR .......................... BITN .......................... CNCI .......................... IBI .............................. LBI ............................. LBIP ........................... LBIX ........................... MBI ............................ MBIP .......................... MBIX .......................... NACB ......................... Access National Agency Check and Inquires. Upgrade Background Investigation (1–12 months from LBI). Upgrade Background Investigation (13–36 months from LBI). Upgrade Background Investigation (37–60 months from LBI). Background Investigation. Background Investigation plus Current National Agency Check. Periodic Reinvestigation of Background Investigation. Background Investigation (10 year scope). Child Care National Agency Check plus Written Inquires and Credit. Interview Oriented Background Investigation. Limited Background Investigation. Limited Background Investigation plus Current National Agency Check. Limited Background Investigation—Expanded. Moderate Risk Background Investigation. Moderate Risk Background Investigation plus Current National Agency Check. Moderate Risk Background Investigation—Expanded. National Agency Check/National Agency Check plus Written Inquires and Credit Check plus Background Investigation Requested. National Agency Check and Inquires. National Agency Check with Law and Credit. National Agency Check/National Agency Check plus Written Inquires and Credit Check plus Single Scope B.I. Requested. National Agency Check plus Written Inquires and Credit. NACI .......................... NACLC ...................... NACS ......................... NACW ........................ VerDate Sep<11>2014 16:27 Sep 16, 2014 Jkt 232001 PO 00000 Frm 00025 Fmt 4700 Sfmt 4700 E:\FR\FM\17SER1.SGM 17SER1 55628 Federal Register / Vol. 79, No. 180 / Wednesday, September 17, 2014 / Rules and Regulations TABLE—FAVORABLY ADJUDICATED INVESTIGATIONS ACCEPTABLE FOR CAC ADJUDICATION—Continued Investigation asabaliauskas on DSK5VPTVN1PROD with RULES NACZ ......................... NLC ........................... NNAC ........................ NSI ............................. PRI ............................. PRS ........................... PRSC ......................... PPR ........................... SPR ........................... SSBI .......................... SSBI–PR ................... Description National Agency Check plus Written Inquires and Credit plus Special Investigative Inquiry. National Agency Check, Local Agency Check and Credit. National Agency Check plus Written Inquires and Credit Plus Current National Agency Check. NSI—NACI/Suitability Determination. Periodic Reinvestigation. Periodic Reinvestigation Secret. Periodic Reinvestigation Secret or Confidential. Phased Periodic Reinvestigation. Secret Periodic Reinvestigation. Single Scope Background Investigation. Periodic Reinvestigation for SSBI. (b) CAC Adjudicative Procedures.—(1) Guidance for Applying Credentialing Standards During Adjudication. (i) As established in Homeland Security Presidential Directive–12, credentialing adjudication considers whether or not an individual is eligible for long-term access to Federally controlled facilities and/or information systems. The ultimate determination to authorize, deny, or revoke the CAC based on a credentialing determination of the PSI must be made after consideration of applicable credentialing standards in OPM Memorandum, ‘‘Final Credentialing Standards for Issuing Personal Identity Verification Cards Under HSPD–12.’’ (ii) Each case is unique. Adjudicators must examine conditions that raise an adjudicative concern, the overriding factor for all of these conditions is unacceptable risk. Factors to be applied consistently to all information available to the adjudicator are: (A) The nature and seriousness of the conduct. The more serious the conduct, the greater the potential for an adverse CAC determination. (B) The circumstances surrounding the conduct. Sufficient information concerning the circumstances of the conduct must be obtained to determine whether there is a reasonable basis to believe the conduct poses a risk to people, property or information systems. (C) The recency and frequency of the conduct. More recent or more frequent conduct is of greater concern. (D) The individual’s age and maturity at the time of the conduct. Offenses committed as a minor are usually treated as less serious than the same offenses committed as an adult, unless the offense is very recent, part of a pattern, or particularly heinous. (E) Contributing external conditions. Economic and cultural conditions may be relevant to the determination of whether there is a reasonable basis to believe there is an unacceptable risk if the conditions are currently removed or VerDate Sep<11>2014 16:27 Sep 16, 2014 Jkt 232001 countered (generally considered in cases with relatively minor issues). (F) The absence or presence of efforts toward rehabilitation, if relevant, to address conduct adverse to CAC determinations. (1) Clear, affirmative evidence of rehabilitation is required for a favorable adjudication (e.g., seeking assistance and following professional guidance, where appropriate; demonstrating positive changes in behavior and employment). (2) Rehabilitation may be a consideration for most conduct, not just alcohol and drug abuse. While formal counseling or treatment may be a consideration, other factors (such as the individual’s employment record) may also be indications of rehabilitation. (iii) CAC adjudicators must successfully complete formal training through a DoD CAC adjudicator course from the Defense Security Service Center for Development of Security Excellence or a course approved by the Suitability Executive Agent. (2) Credentialing Standards. HSPD–12 credentialing standards contained in OPM Memorandum, ‘‘Final Credentialing Standards for Issuing Personal Identity Verification Cards Under HSPD–12’’ must be used to render a final determination whether to issue or revoke a CAC based on results of a qualifying PSI. (i) Basic Standards. CAC credentialing standards and the adjudicative guidelines described in paragraph (c) of this section are designed to guide the adjudicator who must determine, based on results of a qualifying PSI, whether CAC issuance is consistent with the basic standards, would create an unacceptable risk for the U.S. Government, or would provide an avenue for terrorism. (ii) Supplemental Standards. The supplemental standards are intended to ensure that the issuance of a CAC to an individual does not create unacceptable risk. The supplemental credentialing standards must be applied, in addition PO 00000 Frm 00026 Fmt 4700 Sfmt 4700 to the basic credentialing standards. In this context, an unacceptable risk refers to an unacceptable risk to the life, safety, or health of employees, contractors, vendors, or visitors; to the Government’s physical assets or information systems; to personal property; to records, including classified, privileged, proprietary, financial, or medical records; or to the privacy of data subjects. The supplemental credentialing standards, in addition to the basic credentialing standards, must be used for CAC adjudication of individuals who are not also subject to the following types of adjudication: (A) Eligibility to hold a sensitive position or for access to classified information, (B) Suitability for Federal employment in the competitive service, or (C) Qualification for Federal employment in the excepted service. (3) Application of the Standards. (i) CAC credentialing standards shall be applied to all DoD civilian employees, Service members, and contractors who are CAC eligible, have been sponsored by a DoD entity, and require: (a) Physical access to DoD facilities or nonDoD facilities on behalf of DoD; (b) logical access to information systems (whether on site or remotely); or (c) remote access to DoD networks that use only the CAC logon for user authentication. (ii) If an individual is found unsuitable for competitive civil service consistent with 5 CFR part 731, ineligible for access to classified information pursuant to E.O. 12968, or disqualified from appointment in the excepted service or from working on a contract, the unfavorable decision may be sufficient basis for non-issuance or revocation of a CAC, but does not necessarily mandate this result. (4) Adjudication. The CAC adjudicators will consider the information provided by the CAC PSI in rendering a CAC credentialing E:\FR\FM\17SER1.SGM 17SER1 asabaliauskas on DSK5VPTVN1PROD with RULES Federal Register / Vol. 79, No. 180 / Wednesday, September 17, 2014 / Rules and Regulations determination. The determination will be unfavorable if there is a reasonable basis to conclude that a disqualifying factor in accordance with the basic CAC credentialing standards is substantiated, or when there is a reasonable basis to conclude that derogatory information or conduct relating to supplemental CAC credentialing standards presents an unacceptable risk for the U.S. Government. (i) If a DoD Component or DOHA proposes to deny or revoke a CAC under conditions other than those cited in paragraph (b)(3)(ii) of this section, the DoD Component or DOHA, as appropriate in accordance with paragraph (b)(6)(i) of this section, must issue the individual a written statement (also known as a letter of denial (LOD) or revocation (LOR)) identifying the disqualifying condition(s). The statement must contain a summary of the concerns and supporting adverse information, instructions for responding, and copies of the relevant CAC credentialing standards and adjudicative guidelines from this section. The written LOD or LOR must be as comprehensive and detailed as permitted by the requirements of national security and to protect sources that were granted confidentiality, and as allowed pursuant to provisions of 5 U.S.C. 552 and 552a. (Section 552a is also known and hereinafter referred to as ‘‘The Privacy Act of 1974, as amended.’’) (ii) The individual may elect to respond in writing to the DoD Component or DOHA, as appropriate, within 30 calendar days from the date of the LOD or LOR. Failure to respond to the LOD or LOR will result in automatic CAC denial or revocation. (iii) When, subsequent to issuance of an interim or final CAC, the U.S. Government receives credible information that raises questions as to whether a current CAC holder continues to meet the applicable credentialing standards, the DoD Component may reconsider the credentialing determination using the procedures in this part. (5) Denial or Revocation. (i) DoD Components must deny or revoke a CAC if the individual fails to respond to the LOD or LOR within the specified timeframe or the response to the written statement has not provided a basis to reverse the decision. (ii) Denial or revocation of a CAC must comply with applicable governing laws and regulations: (A) The U.S. Coast Guard shall afford individuals appeal rights as established in applicable Department of Homeland VerDate Sep<11>2014 16:27 Sep 16, 2014 Jkt 232001 Security and U.S. Coast Guard Issuances. (B) CAC provides Service members with Geneva Convention protection in accordance with DoD Instruction 1000.1, ‘‘Identification (ID) Cards Required by the Geneva Conventions’’ (available at https://www.dtic.mil/whs/ directives/corres/pdf/100001p.pdf), and authorized benefits (e.g. medical) and must not be revoked or denied pursuant to the provisions of this part. CAC for Military Service members will be surrendered only upon separation, discharge, or retirement. (C) In certain instances a CAC provides other benefits or specific privileges to civilian employees (e.g. medical, post exchange and commissary) when assigned overseas long-term; or protected status to civilian employees and contractors who are accompanying U.S. forces during overseas deployments in accordance with DoD Instruction 1000.1. CAC for DoD civilians or contractors in this circumstance will not be revoked pursuant to the provisions of this part, but may be surrendered as part of other adverse employment or contracting actions or procedures. (iii) When eligibility is denied or revoked, the CAC shall be recovered whenever practicable, and shall immediately be rendered inoperable. In addition, agency’s physical and logical access systems shall immediately be updated to eliminate the use of the CAC for access. (6) Appeals. (i) Individuals who have been denied a CAC or have had a CAC revoked due to an unfavorable credentialing determination must be entitled to appeal the determination in accordance with the following procedures: (A) Except as stated in paragraph (b)(6)(ii) of this section, new civilian and contractor applicants who have been denied a CAC may elect to appeal to a three member board composed of not more than one security representative and one human resources representative. (B) Contractor employees who have had their CAC revoked may appeal the unfavorable determination to the DOHA in accordance with the established administrative process set out in DoD Directive 5220.6. (ii) This appeal process does not apply when a CAC is denied or revoked as a result of either an unfavorable suitability determination consistent with 5 CFR part 731 or a decision to deny or revoke eligibility for access to classified information or eligibility for a sensitive national security position, since the person is already entitled to PO 00000 Frm 00027 Fmt 4700 Sfmt 4700 55629 seek review in accordance with applicable suitability or national security procedures. Likewise, there is no right to appeal when the decision to deny the CAC is based on the results of a separate determination to disqualify the person from an appointment in the excepted service or to bar the person from working for or on behalf of a Federal department or agency. (iii) The DoD Component will notify the individual in writing of the final determination and provide a statement that this determination is not subject to further appeal. (7) Recording Final Determination. Immediately following final adjudication, the sponsoring activity must record the final eligibility determination (e.g., active, revoked, denied) in the OPM Central Verification System as directed by OPM Memorandum, ‘‘Final Credentialing Standards for Issuing Personal Identity Verification Cards Under HSPD–12.’’ DoD Component records will document the adjudicative rationale. Adjudicative records shall be made available to authorized recipients as required for appeal purposes. (c) Basic Adjudicative Standards. (1) A CAC will not be issued to a person if the individual is known to be or reasonably suspected of being a terrorist. (i) A CAC must not be issued to a person if the individual is known to be or reasonably suspected of being a terrorist. Individuals entrusted with access to Federal property and information systems must not put the U.S. Government at risk or provide an avenue for terrorism. (ii) Therefore, conditions that may be disqualifying include evidence that the individual has knowingly and willfully been involved with reportable domestic or international terrorist contacts or foreign intelligence entities, counterintelligence activities, indicators, or other behaviors described in DoD Directive 5240.06, ‘‘Counterintelligence Awareness and Reporting (CIAR)’’ (available at https:// www.dtic.mil/whs/directives/corres/pdf/ 524006p.pdf). (2) A CAC will not be issued to a person if the employer is unable to verify the individual’s claimed identity. (i) A CAC must not be issued to a person if the DoD component is unable to verify the individual’s claimed identity. To be considered eligible for a CAC, the individual’s identity must be clearly authenticated. The CAC must not be issued when identity cannot be authenticated. (ii) Therefore, conditions that may be disqualifying include: E:\FR\FM\17SER1.SGM 17SER1 asabaliauskas on DSK5VPTVN1PROD with RULES 55630 Federal Register / Vol. 79, No. 180 / Wednesday, September 17, 2014 / Rules and Regulations (A) The individual claimed it was not possible to provide two identity source documents from the list of acceptable documents in Form I–9, Office of Management and Budget No. 1115– 0136, ‘‘Employment Eligibility Verification,’’(available at https:// www.uscis.gov/files/form/i-9.pdf) or provided only one identity source document from the list of acceptable documents. (B) The individual did not appear in person as required by Federal Information Processing Standards Publication 201–2. (C) The individual refused to cooperate with the documentation and investigative requirements to validate his or her identity. (D) The investigation failed to confirm the individual’s claimed identity. (iii) No conditions can mitigate inability to verify the applicant’s identity. (3) A CAC will not be issued to a person if there is a reasonable basis to believe the individual has submitted fraudulent information concerning his or her identity. (i) A CAC must not be issued to a person if there is a reasonable basis to believe the individual has submitted fraudulent information concerning his or her identity in an attempt to obtain the current credential. (A) Substitution occurred in the identity proofing process; the individual who appeared on one occasion was not the same person that appeared on another occasion. (B) The fingerprints associated with the identity do not belong to the person attempting to obtain a CAC. (ii) No conditions can mitigate submission of fraudulent information in an attempt to obtain a current credential. (4) A CAC will not be issued to a person if there is a reasonable basis to believe the individual will attempt to gain unauthorized access to classified documents, information protected by the Privacy Act, information that is proprietary in nature, or other sensitive or protected information. (i) Individuals must comply with information-handling regulations and rules. Individuals must properly handle classified and protected information such as sensitive or proprietary information. (ii) Individuals should not attempt to gain unauthorized access to classified documents or other sensitive or protected information. Unauthorized access to U.S. Government information or improper use of U.S. Government information once access is granted may pose a significant risk to national VerDate Sep<11>2014 16:27 Sep 16, 2014 Jkt 232001 security, may compromise individual privacy, and may make public information that is proprietary in nature, thus compromising the operations and missions of Federal agencies. (iii) A CAC must not be issued if there is a reasonable basis to believe the individual will attempt to gain unauthorized access to classified documents, information protected by the Privacy Act of 1974, as amended, information that is proprietary in nature, or other sensitive or protected information. (iv) Therefore, conditions that may be disqualifying include any attempt to gain unauthorized access to classified, sensitive, proprietary or other protected information. (v) Circumstances relevant to the determination of whether there is a reasonable basis to believe there is an unacceptable risk include: (A) Since the time of the last act or activities, the person has demonstrated a favorable change in behavior. (B) The behavior happened so long ago, was minor, or happened under such unusual circumstances that it is unlikely to recur and does not cast doubt on the individual’s ability to safeguard protected information. (5) A CAC will not be issued to a person if there is a reasonable basis to believe the individual will use an identity credential outside the workplace unlawfully or inappropriately. (i) A CAC must not be issued to a person if there is a reasonable basis to believe the individual will use an identity credential outside the workplace unlawfully or inappropriately. (ii) Therefore, conditions that may be disqualifying include: (A) Documented history of fraudulent requests for credentials or other official documentation. (B) Previous incidents in which the individual used credentials or other official documentation to circumvent rules or regulations. (C) A history of incidents involving misuse of credentials that put physical assets or personal property at risk. (iii) Circumstances relevant to the determination of whether there is a reasonable basis to believe there is an unacceptable risk include: (A) The behavior happened so long ago, was minor, or happened under such unusual circumstances that it is unlikely to recur and does not cast doubt on the individual’s ability and willingness to use credentials lawfully and appropriately. PO 00000 Frm 00028 Fmt 4700 Sfmt 4700 (6) A CAC will not be issued to a person if there is a reasonable basis to believe the individual will use Federally-controlled information systems unlawfully, make unauthorized modifications to such systems, corrupt or destroy such systems, or engage in inappropriate uses of such systems. (i) Individuals must comply with rules, procedures, guidelines, or regulations pertaining to information technology systems and properly protect sensitive systems, networks, and information. The individual should not attempt to use federally-controlled information systems unlawfully, make unauthorized modifications, corrupt or destroy, or engage in inappropriate uses of such systems. A CAC must not be issued to a person if there is a reasonable basis to believe the individual will do so or has done so in the past. (ii) Therefore, conditions that may be disqualifying include: (A) Illegal, unauthorized, or inappropriate use of an information technology system or component. (B) Unauthorized modification, destruction, manipulation of information, software, firmware, or hardware to corrupt or destroy information technology systems or data. (iii) Circumstances relevant to the determination of whether there is a reasonable basis to believe there is an unacceptable risk include: (A) The behavior happened so long ago, was minor, or happened under such unusual circumstances that it is unlikely to recur and does not cast doubt on the individual’s ability and willingness to conform to rules and regulations for use of information technology systems. (d) Supplemental Adjudicative Standards. (1) A CAC will not be issued to a person if there is a reasonable basis to believe, based on the individual’s misconduct or negligence in employment, that issuance of a CAC poses an unacceptable risk. (i) An individual’s employment misconduct or negligence may put people, property, or information systems at risk. (ii) Therefore, conditions that may be disqualifying include: (A) A previous history of intentional wrongdoing on the job, disruptive, violent, or other acts that may pose an unacceptable risk to people, property, or information systems. (B) A pattern of dishonesty or rule violations in the workplace which put people, property or information at risk. (C) A documented history of misusing workplace information systems to view, download, or distribute pornography. E:\FR\FM\17SER1.SGM 17SER1 asabaliauskas on DSK5VPTVN1PROD with RULES Federal Register / Vol. 79, No. 180 / Wednesday, September 17, 2014 / Rules and Regulations (D) Violation of written or recorded commitments to protect information made to an employer, such as breach(es) of confidentiality or the release of proprietary or other information. (E) Failure to comply with rules or regulations for the safeguarding of classified, sensitive, or other protected information. (iii) Circumstances relevant to the determination of whether there is a reasonable basis to believe there is an unacceptable risk include: (A) The behavior happened so long ago, was minor, or happened under such unusual circumstances that it is unlikely to recur and does not cast doubt on the individual’s current trustworthiness or good judgment relating to the safety of people and proper safeguarding of property and information systems. (B) The individual was not adequately warned that the conduct was unacceptable and could not reasonably be expected to know that the conduct was wrong. (C) The individual made prompt, good-faith efforts to correct the behavior. (D) The individual responded favorably to counseling or remedial training and has since demonstrated a positive attitude toward the discharge of information-handling or security responsibilities. (2) A CAC will not be issued to a person if there is a reasonable basis to believe, based on the individual’s criminal or dishonest conduct, that issuance of a CAC poses an unacceptable risk. (i) An individual’s conduct involving questionable judgment, lack of candor, dishonesty, or unwillingness to comply with rules and regulations can raise questions about his or her reliability or trustworthiness and may put people, property, or information systems at risk. An individual’s past criminal or dishonest conduct may put people, property, or information systems at risk. (ii) Therefore, conditions that may be disqualifying include: (A) A single serious crime or multiple lesser offenses which put the safety of people at risk or threaten the protection of property or information. A person’s convictions for burglary may indicate that granting a CAC poses an unacceptable risk to the U.S. Government’s physical assets and to employees’ personal property on a U.S. Government facility. (B) Charges or admission of criminal conduct relating to the safety of people and proper protection of property or information systems, regardless of whether the person was formally VerDate Sep<11>2014 16:27 Sep 16, 2014 Jkt 232001 charged, formally prosecuted, or convicted. (C) Dishonest acts (e.g., theft, accepting bribes, falsifying claims, perjury, forgery, or attempting to obtain identity documentation without proper authorization). (D) Deceptive or illegal financial practices such as embezzlement, employee theft, check fraud, income tax evasion, expense account fraud, filing deceptive loan statements, or other intentional financial breaches of trust. (E) Actions involving violence or sexual behavior of a criminal nature that poses an unacceptable risk if access is granted to federally-controlled facilities or federally-controlled information systems. For example, convictions for sexual assault may indicate that granting a CAC poses an unacceptable risk to the life and safety of persons on U.S. Government facilities. (F) Financial irresponsibility may raise questions about the individual’s honesty and put people, property or information systems at risk, although financial debt should not in and of itself be cause for denial. (G) Deliberate omission, concealment, or falsification of relevant facts or deliberately providing false or misleading information to an employer, investigator, security official, competent medical authority, or other official U.S. Government representative, particularly when doing so results in personal benefit or which results in a risk to the safety of people and proper safeguarding of property and information systems. (iii) Circumstances relevant to the determination of whether there is a reasonable basis to believe there is an unacceptable risk include: (A) The behavior happened so long ago, was minor in nature, or happened under such unusual circumstances that it is unlikely to recur. (B) Charges were dismissed or evidence was provided that the person did not commit the offense and details and reasons support his or her innocence. (C) Improper or inadequate advice from authorized personnel or legal counsel significantly contributed to the individual’s omission, of information. When confronted, the individual provided an accurate explanation and made prompt, good-faith effort to correct the situation. (D) Evidence has been supplied of successful rehabilitation, including but not limited to remorse or restitution, job training or higher education, good employment record, constructive community involvement, or passage of time without recurrence. PO 00000 Frm 00029 Fmt 4700 Sfmt 4700 55631 (3) A CAC will not be issued to a person if there is a reasonable basis to believe, based on the individual’s material, intentional false statement, deception, or fraud in connection with Federal or contract employment, that issuance of a CAC poses an unacceptable risk. (i) The individual’s conduct involving questionable judgment, lack of candor, or unwillingness to comply with rules and regulations can raise questions about an individual’s honesty, reliability, trustworthiness, and put people, property, or information systems at risk. (ii) Therefore, conditions that may be disqualifying include material, intentional falsification, deception or fraud related to answers or information provided during the employment process for the current or a prior Federal or contract employment (e.g., on the employment application or other employment, appointment or investigative documents, or during interviews.) (iii) Circumstances relevant to the determination of whether there is a reasonable basis to believe there is an unacceptable risk include: (A) The misstated or omitted information was so long ago, was minor, or happened under such unusual circumstances that it is unlikely to recur. (B) The misstatement or omission was unintentional or inadvertent and was followed by a prompt, good-faith effort to correct the situation. (4) A CAC will not be issued to a person if there is a reasonable basis to believe, based on the nature or duration of the individual’s alcohol abuse without evidence of substantial rehabilitation, that issuance of a CAC poses an unacceptable risk. (i) An individual’s abuse of alcohol may put people, property, or information systems at risk. Alcohol abuse can lead to the exercise of questionable judgment or failure to control impulses, and may put people, property, or information systems at risk, regardless of whether he or she is diagnosed as an abuser of alcohol or alcohol dependent. A person’s longterm abuse of alcohol without evidence of substantial rehabilitation may indicate that granting a CAC poses an unacceptable safety risk in a U.S. Government facility. (ii) Therefore, conditions that may be disqualifying include: (A) A pattern of alcohol-related arrests. (B) Alcohol-related incidents at work, such as reporting for work or duty in an E:\FR\FM\17SER1.SGM 17SER1 asabaliauskas on DSK5VPTVN1PROD with RULES 55632 Federal Register / Vol. 79, No. 180 / Wednesday, September 17, 2014 / Rules and Regulations intoxicated or impaired condition, or drinking on the job. (C) Current continuing abuse of alcohol. (D) Failure to follow any court order regarding alcohol education, evaluation, treatment, or abstinence. (iii) Circumstances relevant to the determination of whether there is a reasonable basis to believe there is an unacceptable risk include: (A) The individual acknowledges his or her alcoholism or issues of alcohol abuse, provides evidence of actions taken to overcome this problem, and has established a pattern of abstinence (if alcohol dependent) or responsible use (if an abuser of alcohol). (B) The individual is participating in counseling or treatment programs, has no history of previous treatment or relapse, and is making satisfactory progress. (C) The individual has successfully completed inpatient or outpatient counseling or rehabilitation along with any required aftercare. He or she has demonstrated a clear and established pattern of modified consumption or abstinence in accordance with treatment recommendations, such as participation in an alcohol treatment program. The individual has received a favorable prognosis by a duly qualified medical professional or a licensed clinical social worker who is a staff member of a recognized alcohol treatment program. (5) A CAC will not be issued to a person if there is a reasonable basis to believe, based on the nature or duration of the individual’s illegal use of narcotics, drugs, or other controlled substances without evidence of substantial rehabilitation, that issuance of a CAC poses an unacceptable risk. (i) An individual’s abuse of drugs may put people, property, or information systems at risk. Illegal use of narcotics, drugs, or other controlled substances, to include abuse of prescription or overthe-counter drugs, can raise questions about his or her trustworthiness, or ability or willingness to comply with laws, rules, and regulations. For example, a person’s long-term illegal use of narcotics without evidence of substantial rehabilitation may indicate that granting a CAC poses an unacceptable safety risk in a U.S. Government facility. (ii) Therefore, conditions that may be disqualifying include: (A) Current or recent illegal drug use, serious narcotic, or other controlled substance offense. (B) A pattern of drug-related arrests or problems in employment. (C) Illegal drug possession, including cultivation, processing, manufacture, VerDate Sep<11>2014 16:27 Sep 16, 2014 Jkt 232001 purchase, sale, or distribution of illegal drugs, or possession of drug paraphernalia. (D) Diagnosis by a duly qualified medical professional (e.g., physician, clinical psychologist, or psychiatrist) of drug abuse or drug dependence. (E) Evaluation of drug abuse or drug dependence by a licensed clinical social worker who is a staff member of a recognized drug treatment program. (F) Failure to successfully complete a drug treatment program prescribed by a duly qualified medical professional. (G) Any illegal drug use after formally agreeing to comply with rules or regulations prohibiting drug use. (H) Any illegal use or abuse of prescription or over-the-counter drugs. (iii) Circumstances relevant to the determination of whether there is a reasonable basis to believe there is an unacceptable risk include: (A) The behavior happened so long ago, was so infrequent, or happened under such circumstances that it is unlikely to recur (e.g., clear, lengthy break since last use; strong evidence the use will not occur again). (B) A demonstrated intent not to abuse any drugs in the future, such as: (1) Abstaining from drug use. (2) Disassociating from drug-using associates and contacts. (3) Changing or avoiding the environment where drugs were used. (C) Abuse of prescription drugs followed a severe or prolonged illness during which these drugs were prescribed and abuse has since ended. (D) Satisfactory completion of a prescribed drug treatment program, including but not limited to rehabilitation and aftercare requirements without recurrence of abuse, and a favorable prognosis by a duly qualified medical professional. (6) A CAC will not be issued to a person if a statutory or regulatory bar prevents the individual’s contract employment; or would prevent Federal employment under circumstances that furnish a reasonable basis to believe that issuance of a CAC poses an unacceptable risk. (i) The purpose of this standard is to verify whether there is a bar on contract employment, and whether the contract employee is subject to a Federal employment debarment for reasons that also pose an unacceptable risk in the contracting context. For example, a person’s 5-year bar on Federal employment based on a felony conviction related to inciting a riot or civil disorder, as specified in 5 U.S.C. 7313, may indicate that granting a CAC poses an unacceptable risk to persons, PO 00000 Frm 00030 Fmt 4700 Sfmt 4700 property, and assets in U.S. Government facilities. (ii) Therefore, conditions that may be disqualifying include: (A) A debarment was imposed by OPM, DoD, or other Federal agencies when the conduct poses an unacceptable risk to people, property, or information systems. (B) The suitability debarment was based on the presence of serious suitability issues when the conduct poses an unacceptable risk to people, property, or information systems. (iii) Circumstances relevant to the determination of whether there is a reasonable basis to believe there is an unacceptable risk include: (A) Applicant proves the reason(s) for the debarment no longer exists. (B) The debarment is job or positionspecific and is not applicable to the job currently under consideration. (7) A CAC will not be issued to a person if the individual has knowingly and willfully engaged in acts or activities designed to overthrow the U.S. Government by force. (i) Individuals entrusted with access to U.S. Government property and information systems must not put the U.S. Government at risk. (ii) Therefore, conditions that may be disqualifying include: (A) Illegal involvement in, support of, training to commit, or advocacy of any act of sabotage, espionage, treason or sedition against the United States of America. (B) Association or agreement with persons who attempt to or commit any of the acts in paragraph (d)(7)(ii)(A) of this section with the specific intent to further those unlawful aims. (C) Association or agreement with persons or organizations that advocate, threaten, or use force or violence, or use any other illegal or unconstitutional means in an effort to overthrow or influence the U.S. Government. (iii) Circumstances relevant to the determination of whether there is a reasonable basis to believe there is an unacceptable risk include: (A) The behavior happened so long ago, was minor, or happened under such unusual circumstances that it is unlikely to recur and does not cast doubt on the individual’s current trustworthiness. (B) The person was not aware of the person’s or organization’s dedication to illegal, treasonous, or seditious activities or did not have the specific intent to further the illegal, treasonous, or seditious ends of the person or organization. (C) The individual did not have the specific intent to incite others to E:\FR\FM\17SER1.SGM 17SER1 Federal Register / Vol. 79, No. 180 / Wednesday, September 17, 2014 / Rules and Regulations advocate, threaten, or use force or violence, or use any other illegal or unconstitutional means to engage in illegal, treasonous, or seditious activities. (D) The individual’s involvement in the activities was for an official purpose. Dated: September 11, 2014. Aaron Siegel, Alternate OSD Federal Register Liaison Officer, Department of Defense. [FR Doc. 2014–22034 Filed 9–16–14; 8:45 am] BILLING CODE 5001–06–P LIBRARY OF CONGRESS U.S. Copyright Office 37 CFR Part 201 [Docket No. 2014–04] Changes to Recordation Practices U.S. Copyright Office, Library of Congress. ACTION: Final rule. AGENCY: The U.S. Copyright Office is amending its regulations for the recordation of copyright transfers and other documents. The rule is intended to reduce the amount of time the Office requires to process certain types of documents submitted for recordation and help to alleviate remitter concerns regarding the receipt of documents for processing. To these ends, the revised regulations encourage remitters to include a cover sheet with the documents they submit for processing; allow remitters to submit long title lists in electronic format; and provide remitters with the option to request return receipts that acknowledge that the Office has received a submission. DATES: Effective October 17, 2014. FOR FURTHER INFORMATION CONTACT: Jacqueline C. Charlesworth, General Counsel and Associate Register of Copyrights, by email at jcharlesworth@ loc.gov or by telephone at 202–707– 8350; or Sarang V. Damle, Special Advisor to the General Counsel, by email at sdam@loc.gov or by telephone at 202–707–8350. SUPPLEMENTARY INFORMATION: asabaliauskas on DSK5VPTVN1PROD with RULES SUMMARY: I. Background On July 16, 2014, the Copyright Office published a Notice of Proposed Rulemaking (‘‘NPRM’’) setting forth proposed regulatory amendments designed to speed processing of documents submitted for recordation under section 205 of title 17 of the United States Code. See 79 FR 41470. The NPRM encompassed three VerDate Sep<11>2014 16:27 Sep 16, 2014 Jkt 232001 recommended changes to the Office’s recordation regulations. First, the NPRM proposed amending the regulations to reflect the fact that the Office has created a Recordation Document Cover Sheet (Form DCS) to assist with the processing of documents submitted for recordation under section 205. As the NPRM explained, remitters are not required to use Form DCS unless they are requesting a return receipt, but use of the form is encouraged to facilitate better recordkeeping and communication between the Office and remitters. Id. at 41471. Second, the NPRM proposed a rule to permit (but not require) the submission of electronic lists of titles of copyrighted works associated with remitted documents, where such lists include 100 or more titles. Id. at 41471–72. The NPRM noted that submission of lengthy title lists in electronic format would speed processing of documents by eliminating the need for manual transcription of titles into the Office’s Public Catalog. Id. at 41471. Third, the NPRM specified a procedure by which a remitter could receive a return receipt indicating that the Office had received a document submitted for recordation. Id. at 41472. Five comments were received in response to the NPRM.1 The Motion Picture Association of America, Inc. (‘‘MPAA’’) and Barbara Jones-Binns endorsed the proposed amendments in full, and had no further suggestions.2 Author Services, Inc., also supported the proposed rule, but stated it would be interested if, as a ‘‘next step,’’ the Office would ‘‘move towards being able to submit the titles of documents electronically for less than 100 titles.’’ 3 Finally, the Recording Industry Association of America, Inc. (‘‘RIAA’’) submitted comments that were largely supportive of the proposed rule, but contained three substantive concerns that are addressed in more detail below.4 1 All comments received in response to the NPRM can be found on the Copyright Office’s Web site at https://copyright.gov/rulemaking/recordationpractices/docket2014-4/comments/. 2 See Motion Picture Ass’n of Am., Inc., Comments Submitted in Response to U.S. Copyright Office’s July 16, 2014 Notice of Proposed Rulemaking (Aug. 15, 2014) (‘‘MPAA Comments’’); Barbara Jones-Binns, Comments Submitted in Response to U.S. Copyright Office’s July 16, 2014 Notice of Proposed Rulemaking (Aug. 15, 2014). 3 Author Services, Inc., Comments Submitted in Response to U.S. Copyright Office’s July 16, 2014 Notice of Proposed Rulemaking (Aug. 11, 2014). 4 Recording Industry Ass’n of Am., Inc., Comments Submitted in Response to U.S. Copyright Office’s July 16, 2014 Notice of Proposed Rulemaking (Aug. 15, 2014) (‘‘RIAA Comments’’). The Office received an additional comment regarding return receipts for electronic deposits submitted as part of registration, an issue that is outside the scope of this rulemaking. PO 00000 Frm 00031 Fmt 4700 Sfmt 4700 55633 II. Final Rule No commenter opposed the provisions of the proposed rule relating to Form DCS (section 201.4(b)) or the procedures for obtaining a return receipt (section 201.4(f)). Accordingly, those provisions of the proposed rule are adopted in the final rule without alteration. With respect to the proposed rule for submission of electronic title lists, commenters universally endorsed the basic approach of allowing remitters to file electronic lists of 100 or more titles, and expressed no concerns regarding the format or submission requirements for electronic title lists. For example, the RIAA ‘‘commend[ed] the Office for its proposal’’ and ‘‘agree[d] that [it] should relieve the Office of some of the burden of cataloging recordations of copyright documents involving large numbers of titles and expedite the processing of such documents.’’ RIAA Comments at 2. With respect to the suggestion of Author Services, Inc. that the Office consider allowing submission of electronic title lists containing fewer than 100 titles as a ‘‘next step,’’ at this time the Office finds that ‘‘electronic submission will prove more efficient only when indexing 100 or more titles,’’ 79 FR at 41472. This view is based on the fact that, when a document pertains to 100 or fewer titles, the Office can create the basic record of the document and manually transcribe all of the titles in a single sitting, and make the record immediately available in the Public Catalog. As a result, while use of an electronic title list is expected to result in a much shorter turnaround time than manual processing of documents pertaining to 100 or more titles, the same cannot be said with respect to documents pertaining to fewer than 100 titles. The RIAA offered three substantive comments on the proposed rule for submission of electronic title lists. First, it expressed concern with the rule’s specification that remitters would be legally responsible for errors in the electronic title lists. RIAA Comments at 2–5. Second, it urged the Office to implement a process of quality control checks for electronic title lists. Id. at 2. Third, and finally, it suggested that the Office specify a mechanism for correction of errors in electronic title lists. Id. at 5. We address each comment in turn. 1. Remitter Responsibility for Inaccuracies in Electronic Title Lists The RIAA disagreed with the proposed rule’s specification that remitters would bear the legal E:\FR\FM\17SER1.SGM 17SER1

Agencies

[Federal Register Volume 79, Number 180 (Wednesday, September 17, 2014)]
[Rules and Regulations]
[Pages 55622-55633]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2014-22034]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Office of the Secretary

32 CFR Part 157

[Docket ID: DOD-2012-OS-0167]
RIN 0790-AI97


DoD Investigative and Adjudicative Guidance for Issuing the 
Common Access Card (CAC)

AGENCY: Under Secretary of Defense for Intelligence, DoD.

ACTION: Interim final rule.

-----------------------------------------------------------------------

SUMMARY: This interim final rule establishes policy, assigns 
responsibilities, and prescribes procedures for investigating and 
adjudicating eligibility to hold the DoD Common Access Card (CAC). The 
CAC is the DoD personal identity verification (PIV) credential. 
Individuals appropriately sponsored for a DoD CAC must be investigated 
and adjudicated in accordance with this part.
    Prior to this rule, DoD components have been implementing 
investigative and adjudicative requirements for Homeland Security 
Presidential Directive--12 (HSPD-12) based solely on broad guidance 
issued by the U.S. Office of Personnel Management (OPM). This interim 
final rule elaborates on OPM guidance for component adjudicators who 
determine, based on review of investigative case files, whether to 
grant CAC eligibility to individuals who require: Physical access to 
DoD facilities or non-DoD facilities on behalf of DoD; logical access 
to information systems (whether on site or remotely); or remote access 
to DoD networks that use only the CAC logon for user authentication.
    The adjudicator's role is discussed further in the SUPPLEMENTARY 
INFORMATION. The interim final rule provides the adjudicator with 
conditions that may be disqualifying and circumstances relevant to the 
determination of whether there is a reasonable basis to believe there 
is an unacceptable risk.

DATES: Effective Date: This rule is effective September 17, 2014. 
Comments must be received by November 17, 2014.

ADDRESSES: You may submit comments, identified by docket number and/or 
RIN number and title, by any of the following methods:
     Federal Rulemaking Portal: https://www.regulations.gov. 
Follow the instructions for submitting comments.
     Mail: Federal Docket Management System Office, 4800 Mark 
Center Drive, East Tower, Suite 02G09, Alexandria VA 22350-3100.
    Instructions: All submissions received must include the agency name 
and docket number or Regulatory Information Number (RIN) for this 
Federal Register document. The general policy for comments and other 
submissions from members of the public is to make these submissions 
available for public viewing on the Internet at https://www.regulations.gov as they are received without change, including any 
personal identifiers or contact information.

FOR FURTHER INFORMATION CONTACT: Dr. Kelly Buck, 703-604-1130.

SUPPLEMENTARY INFORMATION:

Background

    The adjudicator's role is to ensure a CAC is not issued to 
individuals if: (a) The individual is known to be or reasonably 
suspected of being a terrorist, (b) the employer is unable to verify 
the individual's claimed identity, (c) there is a reasonable basis to 
believe the individual has submitted fraudulent information concerning 
his or her identity, (d) there is a reasonable basis to believe the 
individual will attempt to gain unauthorized access to classified 
documents, information protected by the Privacy Act, information that 
is proprietary in nature, or other sensitive or protected information, 
(e) there is a reasonable basis to believe the individual will use an 
identity credential outside the workplace

[[Page 55623]]

unlawfully or inappropriately, (f) there is a reasonable basis to 
believe the individual will use Federally-controlled information 
systems unlawfully, make unauthorized modifications to such systems, 
corrupt or destroy such systems, or engage in inappropriate uses of 
such systems, (g) there is a reasonable basis to believe, based on the 
individual's misconduct or negligence in employment, that issuance of a 
CAC poses an unacceptable risk, (h) there is a reasonable basis to 
believe, based on the individual's criminal or dishonest conduct, that 
issuance of a CAC poses an unacceptable risk, (i) there is a reasonable 
basis to believe, based on the individual's material, intentional false 
statement, deception, or fraud in connection with Federal or contract 
employment, that issuance of a CAC poses an unacceptable risk, (j) 
there is a reasonable basis to believe, based on the nature or duration 
of the individual's alcohol abuse without evidence of substantial 
rehabilitation, that issuance of a CAC poses an unacceptable risk, (k) 
there is a reasonable basis to believe, based on the nature or duration 
of the individual's illegal use of narcotics, drugs, or other 
controlled substances without evidence of substantial rehabilitation, 
that issuance of a CAC poses an unacceptable risk, (l) a statutory or 
regulatory bar prevents the individual's contract employment; or would 
prevent Federal employment under circumstances that furnish a 
reasonable basis to believe that issuance of a CAC poses an 
unacceptable risk; or (m) the individual has knowingly and willfully 
engaged in acts or activities designed to overthrow the U.S. Government 
by force.

I. Purpose

a. The Need for the Regulatory Action and How the Action Will Meet That 
Need

    This interim final rule establishes policy, assigns 
responsibilities, and prescribes procedures for investigating and 
adjudicating eligibility to hold the DoD CAC. The CAC is the DoD 
personal identity verification (PIV) credential.
    On August 27, 2004, the President issued Homeland Security Policy 
Directive 12, ``Policy for a Common Identification Standard for Federal 
Employees and Contractors, which mandated a requirement for a common 
identification standard for secure and reliable forms of identification 
for federal employees and contractors. Pursuant to section 2.3(b) of 
Executive Order 13467, on July 31, 2008, the U.S. Office of Personnel 
Management OPM issued its final government-wide credentialing standards 
and mandated that all Federal departments and agencies use them in 
determining whether to issue or revoke PIV cards to their employees and 
contractor personnel, including those who are non-United States 
citizens.
    Pending the issuance of this interim final rule, the DoD 
promulgated two Directive-type memoranda: DTM 08-006, ``DoD 
Implementation of Homeland Security Presidential Directive--12 (HSPD-
12), issued on November 26, 2008, established DoD policy for 
implementation of HSPD-12. Pursuant to DTM 08-006, DTM 08-003, ``Next 
Generation Common Access Card (CAC) Implementation Guidance,'' December 
1, 2008, was issued to provide interim implementation guidance 
governing the CAC. DTM 08-006 was subsequently cancelled with issuance 
of DoDI 1000.13, ``Identification (ID) Cards for members of the 
Uniformed Services, Their Dependents, and Other Eligible Individuals,'' 
January 23, 2014. DTM 08-003 was subsequently cancelled with issuance 
of DoD Manual 1000.13, Volume 1, ``DoD Identification (ID) Cards: ID 
Card Life-Cycle,'' January 23, 2014. This interim final rule implements 
HSPD-12 for the DoD by establishing policy and assigning 
responsibilities for investigating and adjudicating eligibility to hold 
a CAC, procedures upon revocation of a CAC, and processing of appeals.

b. Legal Authority for the Regulatory Action

    Homeland Security Presidential Directive-12, ``Policy for a Common 
Identification Standard for Federal Employees and Contractors,'' August 
27, 2014, requires the government-wide standard for secure and reliable 
forms of identification for Federal employees and contractors. The 
Department of Commerce issued Federal Information Processing Standard 
201-2 as the standard. Executive Order 13467 of June 30, 2008, 
``Reforming Processes Related to Suitability for Government Employment, 
Fitness for Contractor Employees, and Eligibility for Access to 
Classified National Security Information'' established the Office of 
Personnel Management (OPM) to serve as the Suitability Executive Agent 
regarding suitability and eligibility for logical and physical access. 
As such, OPM issued the ``Final Credentialing Standards for Issuing 
Personal Identity Verification Cards Under HSPD-12'' on July 31, 2008.

II. Summary of the Major Provisions

    This rule:
    a. Provides investigative requirements and credentialing standards 
for issuing, denying, or revoking a CAC.
    b. Provides guidance for applying credentialing standards during 
adjudication.
    c. Provides for an appeal process.
    d. Establishes procedures upon revocation of a CAC.

III. Costs and Benefits

    The interim final rule does not impose direct costs onto the public 
because costs associated with the implementation of the investigation 
and adjudicative standards will be borne by the Department. However, 
the HSPD-12 mandate will increase overall costs for the DoD to 
investigate and adjudicate individuals covered by the Instruction who 
would not otherwise undergo an adjudication to determine suitability 
for the competitive service, eligibility for a national security 
sensitive position, or fitness for appointment to the excepted service 
or to perform work under a Government contract. The costs to the 
Department are not driven by the policy contained in this interim final 
rule, but rather HSPD-12 and the U.S. Department of Commerce's National 
institute of Standards and Technology's Federal Information Processing 
Standards Publication 201-2 (FIPS 201-2), August 2013, mandate for 
investigating and adjudicating eligibility to hold a CAC.
    This interim final rule provides for protections against 
unauthorized access to federal facilities and federally controlled 
information systems and other sensitive or protected information. This 
policy manages risk and creates efficiencies by ensuring persons are 
vetted to uniform national standards. Standardized investigative and 
adjudicative guidance will eliminate inter-agency variations that have 
existed in the quality and security of identification used to gain 
access to secure facilities where there is potential for terrorist 
attacks. Establishing a mandatory, Department-wide standard for secure 
and reliable forms of identification that the Department issues to its 
employees and contractors enhances security, increases Government 
efficiency, reduces identity fraud, and protects personal privacy.
    Implementing policies and procedures that apply across the 
Department will also result in significant intra-agency efficiencies. 
Absent this Department-wide guidance--which leverages already 
established processes and capabilities--the individual components may 
handle HSPD-12 compliance in multiple ways, duplicating effort and 
expending

[[Page 55624]]

valuable resources. Thus the cost of complying with the HSPD-12 mandate 
will be even greater in the absence of DoD-wide policy and procedures.

Interim Final Rule Justification

    This rule is being published as an interim final rule as DoD's 
current efforts to comply with HSPD-12 need extensive procedural 
guidance to ensure consistency of implementation of 32 CFR part 156 and 
DoD Instruction 5200.02. This interim final rule provides DoD 
components and Component Heads with detailed policy and procedures 
specific to the DoD regarding investigation, adjudication, and appeals 
for DoD CAC issuance. This rule consolidates, clarifies, and elaborates 
DoD CAC policy as appropriate to ensure that Components' policies and 
procedures for CAC applications, investigations, adjudications, 
management, oversight, and appeals are aligned across the Department 
using consistent standards and practices in cost-effective, timely, and 
efficient ways.
    If this rule is not published as an interim final rule, it will 
prolong the vulnerability of DoD's personnel, information, and 
facilities to risks that are created by a current lack of uniformity in 
how DoD Components define and implement roles, responsibilities and 
requirements associated with DoD CAC-issuance. As one example, 
circumstances surrounding the shooting at the Washington Navy Yard 
highlight the importance of consistent and specific requirements for 
revocation and retrieval of credentials for personnel who have been 
identified as posing unacceptable risks. As such, this policy mandates 
revocation and retrieval of credentials and timely updates to physical 
and logical accesses, when appropriate, to prevent use of invalidated 
credentials.
    Additionally, to better consistently protect DoD's personnel, 
systems, and facilities, the DoD Components' concurred with applying 
both basic and supplemental credentialing standards and this policy 
helps codify that agreement. As such, the DoD ensures that all 
behaviors that suggest unacceptable risks to life, safety, or health of 
DoD personnel, information, or property are uniformly considered in all 
adjudications for credentials.
    To ensure that all individuals are consistently afforded 
opportunity to respond to any official decision that they are not 
acceptable risks for issuance of a CAC, this interim rule provides 
standard procedures for use across the DoD by individuals who wish to 
appeal denials or revocations of CACs.
    This rule is subject to update whenever additional policy guidance 
is provided by the Office of Management and Budget or the U.S. Office 
of Personnel Management. Further, DoD will consider public comments 
received in response to this interim rule in the formation of the 
Department's final rule.

Executive Order 12866, ``Regulatory Planning and Review'' and Executive 
Order 13563, ``Improving Regulation and Regulatory Review''

    We have consulted with the Office of Management and Budget (OMB) 
and determined this interim final rule meets the criteria for a 
significant regulatory action under Executive Order 12866, as 
supplemented by Executive Order 13563, and was subject to OMB review.

Sec. 202, Public Law 104-4, ``Unfunded Mandates Reform Act''

    Section 202 of the Unfunded Mandates Reform Act of 1995 (UMRA) 
(Pub. L. 104-4) requires agencies assess anticipated costs and benefits 
before issuing any rule whose mandates require spending in any 1 year 
of $100 million in 1995 dollars, updated annually for inflation. In 
2014, that threshold is approximately $141 million. This document will 
not mandate any requirements for State, local, or tribal governments, 
nor will it affect private sector costs.

Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. 601)

    It has been certified that 32 CFR part 157 is not subject to the 
Regulatory Flexibility Act (5 U.S.C. 601) because it would not, if 
promulgated, have a significant economic impact on a substantial number 
of small entities.

Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)

    This rule does impose reporting or recordkeeping requirements under 
the Paperwork Reduction Act of 1995. This collection has been approved 
by the Office of Management and Budget under OMB Control Number 0704-
0415 titled ``Application for Department of Defense Common Access 
Card--DEERS Enrollment''.

Executive Order 13132, ``Federalism''

    Executive Order 13132 establishes certain requirements that an 
agency must meet when it promulgates a proposed rule (and subsequent 
final rule) that imposes substantial direct requirement costs on State 
and local governments, preempts State law, or otherwise has Federalism 
implications. This document will not have a substantial effect on State 
and local governments.

List of Subjects in 32 CFR Part 157

    Common Access Card (CAC), Contractors; Federal employees, Federal 
facilities, Federally-controlled information systems, HSPD-12 
credentialing standards, Identity verification, Personal identity 
verification (PIV) card, Sensitive or protected information, Terrorist; 
Unauthorized access.

    Accordingly 32 CFR part 157 is added to read as follows:

PART 157--DOD INVESTIGATIVE AND ADJUDICATIVE GUIDANCE FOR ISSUING 
THE COMMON ACCESS CARD (CAC)

Sec.
157.1 Purpose.
157.2 Applicability.
157.3 Definitions.
157.4 Policy.
157.5 Responsibilities.
157.6 Procedures.

    Authority:  HSPD-12, E.O 13467, E.O. 13488, FIPS 201-2, and OPM 
Memorandum.


Sec.  157.1  Purpose.

    This part establishes policy, assigns responsibilities, and 
prescribes procedures for investigating and adjudicating eligibility to 
hold a Common Access Card (CAC). The CAC is the DoD personal identity 
verification (PIV) credential.


Sec.  157.2  Applicability.

    This part applies to:
    (a) the Office of the Secretary of Defense, the Military 
Departments (including the Coast Guard at all times, including when it 
is a Service in the Department of Homeland Security by agreement with 
that Department), the Office of the Chairman of the Joint Chiefs of 
Staff and the Joint Staff, the Combatant Commands, the Office of the 
Inspector General of the Department of Defense, the Defense Agencies, 
the DoD Field Activities, and all other organizational entities within 
the DoD (hereinafter referred to collectively as the ``DoD 
Components'').
    (b) The Commissioned Corps of the U.S. Public Health Service 
(USPHS), under agreement with the Department of Health and Human 
Services, and the National Oceanic and Atmospheric Administration 
(NOAA), under agreement with the Department of Commerce.


Sec.  157.3  Definitions.

    These terms and their definitions are for the purpose of this part.

[[Page 55625]]

    Actionable information. Information that potentially justifies an 
unfavorable credentialing determination.
    CAC. The DoD Federal PIV card.
    Contractor. Defined in Executive Order 13467, ``Reforming Processes 
Related to Sustainability for Government Employment, Fitness for 
Contractor Employees, and Eligibility for Access to Classified National 
Security Information''.
    Contractor employee fitness. Defined in E.O. 13467.
    Debarment. A prohibition from taking a competitive service 
examination or from being hired (or retained in) a covered position for 
a specific time period..
    Drugs. Mood and behavior-altering substances, including drugs, 
materials, and other chemical compounds identified and listed in 21 
U.S.C. 801-830 (also known as ``The Controlled Substances Act of 1970, 
as amended'') (e.g., marijuana or cannabis, depressants, narcotics, 
stimulants, hallucinogens), and inhalants and other similar substances.
    Drug abuse. The illegal use of a drug or use of a legal drug in a 
manner that deviates from approved medical direction.
    Employee. Defined in E.O. 12968, ``Access to Classified 
Information''.
    Fitness. Defined in E.O. 13488, ``Granting Reciprocity on Excepted 
Service and Federal Contractor Employee Fitness and Reinvestigating 
Individuals in Positions of Public Trust''.
    Fitness determination. Defined in E.O. 13488.
    Logical and physical access. Defined in E.O. 13467.
    Material. Defined in 5 CFR part 731.
    Reasonable basis. A reasonable basis to believe occurs when a 
disinterested observer, with knowledge of the same facts and 
circumstances, would reasonably reach the same conclusion.
    Terrorism. Defined in 19 U.S.C. 2331.
    Unacceptable risk. A threat to the life, safety, or health of 
employees, contractors, vendors, or visitors; to the U.S. Government 
physical assets or information systems; to personal property; to 
records, including classified, privileged, proprietary, financial, and 
medical records; or to the privacy rights established by The Privacy 
Act of 1974, as amended, or other law that is deemed unacceptable when 
making risk management determinations.
    U.S. National. Defined in U.S. OPM Memorandum, ``Final 
Credentialing Standards for Issuing Personal Identity Verification 
Cards Under HSPD-12'' (available at https://www.opm.gov/investigate/
resources/finalcredentialingstandards.pdf).


Sec.  157.4  Policy.

    It is DoD policy that:
    (a) Individuals appropriately sponsored for a CAC consistent with 
DoD Manual 1000.13, Volume 1, ``DoD Identification Cards: ID Card Life-
Cycle,'' January 23, 2014, (available at https://www.dtic.mil/whs/
directives/corres/pdf/100013vol1.pdf) must be investigated and 
adjudicated in accordance with this part. Individuals not CAC eligible 
may be processed for local or regional base passes in accordance with 
Under Secretary of Defense for Intelligence (USD(I)) policy guidance 
for DoD physical access control consistent with DoD Regulation 5200.08-
R, ``Physical Security Program'' (available at https://www.dtic.mil/whs/directives/corres/pdf/520008r.pdf) and local installation security 
policies and procedures.
    (b) A favorably adjudicated National Agency Check with Inquiries 
(NACI) or equivalent in accordance with revised Federal investigative 
standards is the minimum investigation required for a final 
credentialing determination for a CAC.
    (c) Individuals requiring a CAC must meet the credentialing 
standards in accordance with the U.S. Office of Personnel Management 
(OPM) Memorandum, ``Final Credentialing Standards for Issuing Personal 
Identity Verification Cards Under HSPD-12''; and U.S. Office of 
Personnel Management Memorandum, ``Introduction of Credentialing, 
Suitability, and Security Clearance Decision-Making Guide (available at 
https://www.opm.gov/investigate/resources/
decisionmakingguide.pdf) and this part.
    (d) A CAC may be issued on an interim basis based on a favorable 
National Agency Check or a Federal Bureau of Investigation (FBI) 
National Criminal History Check (fingerprint check) adjudicated by 
appropriate approved automated procedures or by a trained security or 
human resource (HR) specialist and successful submission to the 
investigative service provider (ISP) of a NACI, or a personnel security 
investigation (PSI) equal to or greater in scope than a NACI. 
Additionally, the CAC applicant must present two identity source 
documents, at least one of which is a valid Federal or State 
government-issued picture identification.
    (e) The subsequent final credentialing determination will be made 
upon receipt of the completed investigation from the ISP.
    (f) Discretionary judgments used to render an adjudicative 
determination for issuing the CAC are inherently governmental functions 
and must only be performed by trained U.S. Government personnel who 
have successfully completed required training and possess a minimum 
level of investigation (NACI or equivalent in accordance with revised 
Federal investigative standards). Established administrative processes 
in 32 CFR part 156 and DoD Directive 5220.6, ``Defense Industrial 
Personnel Security Clearance Review Program'' (available at https://www.dtic.mil/whs/directives/corres/pdf/522006p.pdf) must be applied.
    (g) Adjudications rendered for eligibility for access to classified 
information, eligibility to hold a sensitive position, suitability, or 
fitness for Federal employment based on a NACI or higher level 
investigation may result in a concurrent CAC decision for that 
position.
    (h) Favorable credentialing adjudications from another Federal 
department or agency will be reciprocally accepted in accordance with 
conditions stated in the procedural guidance in this part. Reciprocity 
must be based on final favorable adjudication only.
    (i) CAC applicants or holders may appeal CAC denial or revocation 
in accordance with the conditions stated in the procedural guidance in 
this part. Appeals must be processed as indicated in the procedural 
guidance in this part.
    (j) Non-U.S. nationals at foreign locations are not eligible to 
receive a CAC on an interim basis. Special considerations for 
conducting background investigations of non-U.S. nationals are 
addressed in U.S. OPM Memorandum, ``Final Credentialing Standards for 
Issuing Personal Identity Verification Cards Under HSPD-12.'' An 
interim CAC may be issued to non-U.S. nationals in the U.S. or U.S. 
territories if they have resided in the U.S. or U.S. territory for at 
least 3 years, and they satisfy the requirements of paragraph (e) of 
this section and paragraph (a)(4)(ii)(A) of Sec.  157.6.
    (k) Individuals who have been denied a CAC or have had a CAC 
revoked due to an unfavorable credentialing determination are eligible 
to reapply for a credential 1 year after the date of final adjudicative 
denial or revocation.
    (l) Individuals with a statutory or regulatory bar are not eligible 
for reconsideration while under debarment, see paragraph (d)(6) of 
Sec.  157.6.
    (m) The Deputy Secretary of Defense directed all reports of 
investigations conducted as required for compliance with Homeland 
Security Presidential

[[Page 55626]]

Directive-12, ``Policy for a Common Identification Standard for Federal 
Employees and Contractors'' (available at https://www.dhs.gov/homeland-security-presidential-directive-12) to be sent to the consolidated DoD 
Central Adjudications Facility.
    (n) When eligibility is denied or revoked, CACs shall be recovered 
whenever practicable, and shall immediately be rendered inoperable. In 
addition, agencies' physical and logical access systems shall be 
immediately updated to eliminate the use of a CAC for access.


Sec.  157.5  Responsibilities.

    (a) The USD(I) must:
    (1) In coordination with the Under Secretary of Defense for 
Personnel and Readiness (USD(P&R)) and the General Counsel of the 
Department of Defense (GC, DoD), establish adjudication procedures to 
support CAC credentialing decisions in accordance with DoD Manual 
1000.13, Volume 1, ``DoD Identification (ID) Cards; ID Card Life-
Cycle''; U.S. Office of Personnel Management Memorandum, ``Final 
Credentialing Standards for Issuing Personal Identity Verification 
Cards Under HSPD-12''; U.S. Office of Personnel Management Memorandum, 
``Introduction of Credentialing, Suitability, and Security Clearance 
Decision-Making Guide; Office of Management and Budget Memorandum M-05-
24, ``Implementation of Homeland Security Presidential Directive (HSPD) 
12--Policy for a Common Identification Standard for Federal Employees 
and Contractors'' (available at https://www.whitehouse.gov/sites/default/files/omb/memoranda/fy2005/m05-24.pdf); U.S. Office of 
Personnel Management Federal Investigations Notice Number 06-04, ``HSPD 
12--Advanced Fingerprint Results'' (available at https://www.opm.gov/
extra/investigate/FIN0604.pdf); Homeland Security Presidential 
Directive-12, ``Policy for a Common Identification Standard for Federal 
Employees and Contractors''; 5 U.S.C. 552, 552a and 7313; Federal 
Information Processing Standards Publication 201-2, ``Personal Identity 
Verification (PIV) of Federal Employees and Contractors'' (available at 
https://csrc.nist.gov/publications/PubsFIPS.html); Executive Order 
13467, ``Reforming Processes Related to Suitability for Government 
Employment, Fitness for Contractor Employees, and Eligibility for 
Access to Classified National Security Information''; Executive Order 
13488, ``Granting Reciprocity on Excepted Service and Federal 
Contractor Employee Fitness and Reinvestigating Individuals in 
Positions of Public Trust''; 15 U.S.C. 278g-3; 40 U.S.C. 11331; and 
U.S. Office of Personnel Management Federal Investigations Notice 
Number 10-05, ``Reminder to Agencies of the Standards for Issuing 
Identity Credentials Under HSPD-12'' (available at https://www.opm.gov/investigate/fins/2010/fin10-05.pdf) for issuing a CAC to Service 
members and DoD civilian personnel.
    (2) In coordination with the Under Secretary of Defense for 
Acquisition, Technology, and Logistics (USD(AT&L)) and the GC, DoD, 
establish adjudication procedures to support a CAC credentialing 
decision for contractors in accordance with the terms of applicable 
contracts and the references cited in paragraph (a)(1) of this section, 
the Federal Acquisition Regulation (available at https://www.acquisition.gov/far/current/pdf/FAR.pdf), and the Defense Federal 
Acquisition Regulation Supplement (available at https://www.acq.osd.mil/dpap/dars/dfarspgi/current/).
    (3) Issue, interpret, and clarify CAC investigative and 
adjudicative guidance in coordination with the Suitability Executive 
Agent as necessary.
    (b) The USD(P&R) must, in coordination with the GC, DoD, implement 
CAC PSI and adjudication procedures established herein as necessary to 
support issuance of a CAC to Service members and DoD civilian personnel 
in accordance with the references cited in paragraph (a)(1) of this 
section.
    (c) The USD(AT&L) must, in coordination with the GC, DoD, implement 
CAC PSI and adjudication procedures established by the USD(I) for 
contractors in accordance with the terms of applicable contracts and 
the references cited in paragraph (a)(1) of this section, Federal 
Acquisition Regulation, current edition; and Defense Federal 
Acquisition Regulation Supplement, current edition.
    (d) The GC, DoD must:
    (1) Provide advice and guidance as to the legal sufficiency of 
procedures and standards involved in adjudicating CAC investigations.
    (2) Perform functions relating to the DoD Homeland Security 
Presidential Directive (HSPD)-12 Program in accordance with DoD 
Directive 5220.6, ``Defense Industrial Personnel Security Clearance 
Review Program'' (available at https://www.dtic.mil/whs/directives/corres/pdf/522006p.pdf) and DoD Directive 5145.01, ``General Counsel of 
the Department of Defense'' (available at https://www.dtic.mil/whs/directives/corres/pdf/514501p.pdf) including maintenance and oversight 
of the Defense Office of Hearings and Appeals (DOHA) and its 
involvement in contractor CAC revocations as specified in paragraph 
(b)(6)(i)(B) of Sec.  157.6 of this part.
    (3) Coordinate on USD(P&R) implementation of CAC PSI and 
adjudication procedures, in accordance with the references cited in 
paragraph (a)(1) of this section, for Service members and DoD civilian 
personnel, and USD(AT&L) implementation of USD(I) procedures for CAC 
PSI and adjudication in accordance with the terms of applicable 
contracts and the references cited in paragraph (a)(1) of this section, 
Federal Acquisition Regulation and Defense Federal Acquisition 
Regulation Supplement.
    (e) The Heads of the DoD Components must:
    (1) Comply with and implement this part.
    (2) Provide resources for PSIs, adjudication, appeals, and 
recording of final adjudicative results in a centralized database.
    (3) Require individuals sponsored for a CAC to meet eligibility 
requirements stated in DTM 08-003.
    (4) Provide appeals boards for those individuals appealing CAC 
denial or revocation as specified in paragraph (b)(6)(i)(A) of Sec.  
157.6.
    (5) Enforce requirements for reporting of derogatory information, 
unfavorable administrative actions, and adverse actions to personnel 
security, HR, and counterintelligence official(s), as appropriate.
    (6) Require all PSIs submitted for non-DoD personnel to be 
supported by and comply with DoD PIV procedures in contracts that 
implement requirements of paragraphs 4.1303 and 52.204-9 of Federal 
Acquisition Regulation, current edition.
    (7) Require all investigations and adjudications required for non-
DoD personnel to be in response to a current, active contract or 
agreement and that the number of personnel submitted for investigation 
and adjudication does not exceed the specific requirements of that 
contract or agreement while ensuring compliance with HSPD-12.


Sec.  157.6  Procedures.

    (a) CAC Investigative Procedures-- (1) Investigative Requirements. 
(i) A personnel security investigation (NACI or greater) completed by 
an authorized ISP is required to support a CAC credentialing 
determination based on the established credentialing standards 
promulgated by OPM Memorandum, ``Final Credentialing Standards for

[[Page 55627]]

Issuing Personal Identity Verification Cards Under HSPD-12''.
    (ii) Individuals identified as having a favorably adjudicated 
investigation on record, equivalent to or greater than the NACI, do not 
require an additional investigation for CAC issuance.
    (iii) There is no requirement to reinvestigate CAC holders unless 
they are subject to reinvestigation for national security or 
suitability reasons as specified in applicable DoD issuances.
    (2) Submission of Investigations. Investigative packages must be 
submitted promptly by HR or security personnel to the authorized ISP. 
Fingerprints for CAC applicants must be taken by HR or security 
personnel. DoD Components using the OPM as the ISP may request advanced 
fingerprint check results in accordance with OPM Federal Investigations 
Notice Number 06-04.
    (3) Reciprocity. (i) The sponsoring Component must not re-
adjudicate CAC determinations for individuals transferring from another 
Federal department or agency, provided:
    (A) The individual's former department or agency verifies 
possession of a valid PIV.
    (B) The individual has undergone the required NACI or other 
equivalent (or greater) suitability or national security investigation 
and received favorable adjudication from the former department or 
agency.
    (C) There is no break in service 2 years or more and the individual 
has no actionable information since the date of the last completed 
investigation.
    (ii) Interim CAC determinations are not eligible to be transferred 
or reciprocally accepted. Reciprocity must be based on final favorable 
adjudication only.
    (4) Foreign (Non-U.S.) Nationals. DoD Components must apply the 
credentialing process and standards in this part to non-U.S. nationals 
who work as employees or contractor employees for the DoD. However, 
special considerations apply to non-U.S. nationals.
    (i) At Foreign Locations. (A) DoD Components must initiate and 
ensure completion of a background investigation before applying the 
credentialing standards to a non-U.S. national at a foreign location. 
The background investigation must be favorably adjudicated before a CAC 
can be issued to a non-U.S. national at a foreign location. The type of 
background investigation may vary based on standing reciprocity 
treaties concerning identity assurance and information exchanges that 
exist between the U.S. and its allies or agency agreements with the 
host country.
    (B) The investigation of a non-U.S. national at a foreign location 
must be consistent with a NACI, to the extent possible, and include a 
fingerprint check against the FBI criminal history database, an FBI 
investigations files (name check) search, and a name check against the 
terrorist screening database.
    (ii) At U.S.-Based Locations and in U.S. Territories (Other than 
American Samoa and Commonwealth of the Northern Mariana Islands). (A) 
Individuals who are non-U.S. nationals in the United States or U.S. 
territory for 3 years or more must have a NACI or equivalent 
investigation initiated after employment authorization is appropriately 
verified.
    (B) Non-U.S. nationals who have been in the United States or U.S. 
territory for less than 3 years do not meet the investigative 
requirements for CAC issuance. DoD Components may delay the background 
investigation of a Non-U.S. national who has been in the U.S. or U.S. 
territory for less than 3 years until the individual has been in the 
United States or U.S. territory for at least 3 years. In the event of 
such a delay, an alternative facility access identity credential may be 
issued at the discretion of the relevant DoD Component official, as 
appropriate based on a risk determination in accordance with DoD 
5200.08-R, ``Physical Security Program'' (available at https://www.dtic.mil/whs/directives/corres/pdf/520008r.pdf) and U.S. Office of 
Personnel Management Memorandum, ``Final Credentialing Standards for 
Issuing Personal Identity Verification Cards Under HSPD-12.''
    (C) The U.S. territories of American Samoa and the Commonwealth of 
the Northern Mariana Islands are not included in the ``United States'' 
as defined by the Immigration and Nationality Act of 1952, as amended 
(Pub. L. 82-414).
    (5) Investigations Acceptable for CAC Adjudication. A list of 
investigations acceptable for CAC adjudication is located in the Table. 
These investigations are equivalent to or greater than a NACI. This 
list will be updated by the USD(I) as revisions to the Federal 
investigative standards are implemented.


     Table--Favorably Adjudicated Investigations Acceptable for CAC
                              Adjudication
------------------------------------------------------------------------
          Investigation                         Description
------------------------------------------------------------------------
ANACI............................  Access National Agency Check and
                                    Inquires.
BGI-0112.........................  Upgrade Background Investigation (1-
                                    12 months from LBI).
BGI-1336.........................  Upgrade Background Investigation (13-
                                    36 months from LBI).
BGI-3760.........................  Upgrade Background Investigation (37-
                                    60 months from LBI).
BI...............................  Background Investigation.
BIPN.............................  Background Investigation plus Current
                                    National Agency Check.
BIPR.............................  Periodic Reinvestigation of
                                    Background Investigation.
BITN.............................  Background Investigation (10 year
                                    scope).
CNCI.............................  Child Care National Agency Check plus
                                    Written Inquires and Credit.
IBI..............................  Interview Oriented Background
                                    Investigation.
LBI..............................  Limited Background Investigation.
LBIP.............................  Limited Background Investigation plus
                                    Current National Agency Check.
LBIX.............................  Limited Background Investigation--
                                    Expanded.
MBI..............................  Moderate Risk Background
                                    Investigation.
MBIP.............................  Moderate Risk Background
                                    Investigation plus Current National
                                    Agency Check.
MBIX.............................  Moderate Risk Background
                                    Investigation--Expanded.
NACB.............................  National Agency Check/National Agency
                                    Check plus Written Inquires and
                                    Credit Check plus Background
                                    Investigation Requested.
NACI.............................  National Agency Check and Inquires.
NACLC............................  National Agency Check with Law and
                                    Credit.
NACS.............................  National Agency Check/National Agency
                                    Check plus Written Inquires and
                                    Credit Check plus Single Scope B.I.
                                    Requested.
NACW.............................  National Agency Check plus Written
                                    Inquires and Credit.

[[Page 55628]]

 
NACZ.............................  National Agency Check plus Written
                                    Inquires and Credit plus Special
                                    Investigative Inquiry.
NLC..............................  National Agency Check, Local Agency
                                    Check and Credit.
NNAC.............................  National Agency Check plus Written
                                    Inquires and Credit Plus Current
                                    National Agency Check.
NSI..............................  NSI--NACI/Suitability Determination.
PRI..............................  Periodic Reinvestigation.
PRS..............................  Periodic Reinvestigation Secret.
PRSC.............................  Periodic Reinvestigation Secret or
                                    Confidential.
PPR..............................  Phased Periodic Reinvestigation.
SPR..............................  Secret Periodic Reinvestigation.
SSBI.............................  Single Scope Background
                                    Investigation.
SSBI-PR..........................  Periodic Reinvestigation for SSBI.
------------------------------------------------------------------------

    (b) CAC Adjudicative Procedures.--(1) Guidance for Applying 
Credentialing Standards During Adjudication. (i) As established in 
Homeland Security Presidential Directive-12, credentialing adjudication 
considers whether or not an individual is eligible for long-term access 
to Federally controlled facilities and/or information systems. The 
ultimate determination to authorize, deny, or revoke the CAC based on a 
credentialing determination of the PSI must be made after consideration 
of applicable credentialing standards in OPM Memorandum, ``Final 
Credentialing Standards for Issuing Personal Identity Verification 
Cards Under HSPD-12.''
    (ii) Each case is unique. Adjudicators must examine conditions that 
raise an adjudicative concern, the overriding factor for all of these 
conditions is unacceptable risk. Factors to be applied consistently to 
all information available to the adjudicator are:
    (A) The nature and seriousness of the conduct. The more serious the 
conduct, the greater the potential for an adverse CAC determination.
    (B) The circumstances surrounding the conduct. Sufficient 
information concerning the circumstances of the conduct must be 
obtained to determine whether there is a reasonable basis to believe 
the conduct poses a risk to people, property or information systems.
    (C) The recency and frequency of the conduct. More recent or more 
frequent conduct is of greater concern.
    (D) The individual's age and maturity at the time of the conduct. 
Offenses committed as a minor are usually treated as less serious than 
the same offenses committed as an adult, unless the offense is very 
recent, part of a pattern, or particularly heinous.
    (E) Contributing external conditions. Economic and cultural 
conditions may be relevant to the determination of whether there is a 
reasonable basis to believe there is an unacceptable risk if the 
conditions are currently removed or countered (generally considered in 
cases with relatively minor issues).
    (F) The absence or presence of efforts toward rehabilitation, if 
relevant, to address conduct adverse to CAC determinations.
    (1) Clear, affirmative evidence of rehabilitation is required for a 
favorable adjudication (e.g., seeking assistance and following 
professional guidance, where appropriate; demonstrating positive 
changes in behavior and employment).
    (2) Rehabilitation may be a consideration for most conduct, not 
just alcohol and drug abuse. While formal counseling or treatment may 
be a consideration, other factors (such as the individual's employment 
record) may also be indications of rehabilitation.
    (iii) CAC adjudicators must successfully complete formal training 
through a DoD CAC adjudicator course from the Defense Security Service 
Center for Development of Security Excellence or a course approved by 
the Suitability Executive Agent.
    (2) Credentialing Standards. HSPD-12 credentialing standards 
contained in OPM Memorandum, ``Final Credentialing Standards for 
Issuing Personal Identity Verification Cards Under HSPD-12'' must be 
used to render a final determination whether to issue or revoke a CAC 
based on results of a qualifying PSI.
    (i) Basic Standards. CAC credentialing standards and the 
adjudicative guidelines described in paragraph (c) of this section are 
designed to guide the adjudicator who must determine, based on results 
of a qualifying PSI, whether CAC issuance is consistent with the basic 
standards, would create an unacceptable risk for the U.S. Government, 
or would provide an avenue for terrorism.
    (ii) Supplemental Standards. The supplemental standards are 
intended to ensure that the issuance of a CAC to an individual does not 
create unacceptable risk. The supplemental credentialing standards must 
be applied, in addition to the basic credentialing standards. In this 
context, an unacceptable risk refers to an unacceptable risk to the 
life, safety, or health of employees, contractors, vendors, or 
visitors; to the Government's physical assets or information systems; 
to personal property; to records, including classified, privileged, 
proprietary, financial, or medical records; or to the privacy of data 
subjects.
    The supplemental credentialing standards, in addition to the basic 
credentialing standards, must be used for CAC adjudication of 
individuals who are not also subject to the following types of 
adjudication:
    (A) Eligibility to hold a sensitive position or for access to 
classified information,
    (B) Suitability for Federal employment in the competitive service, 
or
    (C) Qualification for Federal employment in the excepted service.
    (3) Application of the Standards. (i) CAC credentialing standards 
shall be applied to all DoD civilian employees, Service members, and 
contractors who are CAC eligible, have been sponsored by a DoD entity, 
and require: (a) Physical access to DoD facilities or non-DoD 
facilities on behalf of DoD; (b) logical access to information systems 
(whether on site or remotely); or (c) remote access to DoD networks 
that use only the CAC logon for user authentication.
    (ii) If an individual is found unsuitable for competitive civil 
service consistent with 5 CFR part 731, ineligible for access to 
classified information pursuant to E.O. 12968, or disqualified from 
appointment in the excepted service or from working on a contract, the 
unfavorable decision may be sufficient basis for non-issuance or 
revocation of a CAC, but does not necessarily mandate this result.
    (4) Adjudication. The CAC adjudicators will consider the 
information provided by the CAC PSI in rendering a CAC credentialing

[[Page 55629]]

determination. The determination will be unfavorable if there is a 
reasonable basis to conclude that a disqualifying factor in accordance 
with the basic CAC credentialing standards is substantiated, or when 
there is a reasonable basis to conclude that derogatory information or 
conduct relating to supplemental CAC credentialing standards presents 
an unacceptable risk for the U.S. Government.
    (i) If a DoD Component or DOHA proposes to deny or revoke a CAC 
under conditions other than those cited in paragraph (b)(3)(ii) of this 
section, the DoD Component or DOHA, as appropriate in accordance with 
paragraph (b)(6)(i) of this section, must issue the individual a 
written statement (also known as a letter of denial (LOD) or revocation 
(LOR)) identifying the disqualifying condition(s). The statement must 
contain a summary of the concerns and supporting adverse information, 
instructions for responding, and copies of the relevant CAC 
credentialing standards and adjudicative guidelines from this section. 
The written LOD or LOR must be as comprehensive and detailed as 
permitted by the requirements of national security and to protect 
sources that were granted confidentiality, and as allowed pursuant to 
provisions of 5 U.S.C. 552 and 552a. (Section 552a is also known and 
hereinafter referred to as ``The Privacy Act of 1974, as amended.'')
    (ii) The individual may elect to respond in writing to the DoD 
Component or DOHA, as appropriate, within 30 calendar days from the 
date of the LOD or LOR. Failure to respond to the LOD or LOR will 
result in automatic CAC denial or revocation.
    (iii) When, subsequent to issuance of an interim or final CAC, the 
U.S. Government receives credible information that raises questions as 
to whether a current CAC holder continues to meet the applicable 
credentialing standards, the DoD Component may reconsider the 
credentialing determination using the procedures in this part.
    (5) Denial or Revocation. (i) DoD Components must deny or revoke a 
CAC if the individual fails to respond to the LOD or LOR within the 
specified time-frame or the response to the written statement has not 
provided a basis to reverse the decision.
    (ii) Denial or revocation of a CAC must comply with applicable 
governing laws and regulations:
    (A) The U.S. Coast Guard shall afford individuals appeal rights as 
established in applicable Department of Homeland Security and U.S. 
Coast Guard Issuances.
    (B) CAC provides Service members with Geneva Convention protection 
in accordance with DoD Instruction 1000.1, ``Identification (ID) Cards 
Required by the Geneva Conventions'' (available at https://www.dtic.mil/whs/directives/corres/pdf/100001p.pdf), and authorized benefits (e.g. 
medical) and must not be revoked or denied pursuant to the provisions 
of this part. CAC for Military Service members will be surrendered only 
upon separation, discharge, or retirement.
    (C) In certain instances a CAC provides other benefits or specific 
privileges to civilian employees (e.g. medical, post exchange and 
commissary) when assigned overseas long-term; or protected status to 
civilian employees and contractors who are accompanying U.S. forces 
during overseas deployments in accordance with DoD Instruction 1000.1. 
CAC for DoD civilians or contractors in this circumstance will not be 
revoked pursuant to the provisions of this part, but may be surrendered 
as part of other adverse employment or contracting actions or 
procedures.
    (iii) When eligibility is denied or revoked, the CAC shall be 
recovered whenever practicable, and shall immediately be rendered 
inoperable. In addition, agency's physical and logical access systems 
shall immediately be updated to eliminate the use of the CAC for 
access.
    (6) Appeals. (i) Individuals who have been denied a CAC or have had 
a CAC revoked due to an unfavorable credentialing determination must be 
entitled to appeal the determination in accordance with the following 
procedures:
    (A) Except as stated in paragraph (b)(6)(ii) of this section, new 
civilian and contractor applicants who have been denied a CAC may elect 
to appeal to a three member board composed of not more than one 
security representative and one human resources representative.
    (B) Contractor employees who have had their CAC revoked may appeal 
the unfavorable determination to the DOHA in accordance with the 
established administrative process set out in DoD Directive 5220.6.
    (ii) This appeal process does not apply when a CAC is denied or 
revoked as a result of either an unfavorable suitability determination 
consistent with 5 CFR part 731 or a decision to deny or revoke 
eligibility for access to classified information or eligibility for a 
sensitive national security position, since the person is already 
entitled to seek review in accordance with applicable suitability or 
national security procedures. Likewise, there is no right to appeal 
when the decision to deny the CAC is based on the results of a separate 
determination to disqualify the person from an appointment in the 
excepted service or to bar the person from working for or on behalf of 
a Federal department or agency.
    (iii) The DoD Component will notify the individual in writing of 
the final determination and provide a statement that this determination 
is not subject to further appeal.
    (7) Recording Final Determination. Immediately following final 
adjudication, the sponsoring activity must record the final eligibility 
determination (e.g., active, revoked, denied) in the OPM Central 
Verification System as directed by OPM Memorandum, ``Final 
Credentialing Standards for Issuing Personal Identity Verification 
Cards Under HSPD-12.'' DoD Component records will document the 
adjudicative rationale. Adjudicative records shall be made available to 
authorized recipients as required for appeal purposes.
    (c) Basic Adjudicative Standards. (1) A CAC will not be issued to a 
person if the individual is known to be or reasonably suspected of 
being a terrorist.
    (i) A CAC must not be issued to a person if the individual is known 
to be or reasonably suspected of being a terrorist. Individuals 
entrusted with access to Federal property and information systems must 
not put the U.S. Government at risk or provide an avenue for terrorism.
    (ii) Therefore, conditions that may be disqualifying include 
evidence that the individual has knowingly and willfully been involved 
with reportable domestic or international terrorist contacts or foreign 
intelligence entities, counterintelligence activities, indicators, or 
other behaviors described in DoD Directive 5240.06, 
``Counterintelligence Awareness and Reporting (CIAR)'' (available at 
https://www.dtic.mil/whs/directives/corres/pdf/524006p.pdf).
    (2) A CAC will not be issued to a person if the employer is unable 
to verify the individual's claimed identity.
    (i) A CAC must not be issued to a person if the DoD component is 
unable to verify the individual's claimed identity. To be considered 
eligible for a CAC, the individual's identity must be clearly 
authenticated. The CAC must not be issued when identity cannot be 
authenticated.
    (ii) Therefore, conditions that may be disqualifying include:

[[Page 55630]]

    (A) The individual claimed it was not possible to provide two 
identity source documents from the list of acceptable documents in Form 
I-9, Office of Management and Budget No. 1115-0136, ``Employment 
Eligibility Verification,''(available at https://www.uscis.gov/files/form/i-9.pdf) or provided only one identity source document from the 
list of acceptable documents.
    (B) The individual did not appear in person as required by Federal 
Information Processing Standards Publication 201-2.
    (C) The individual refused to cooperate with the documentation and 
investigative requirements to validate his or her identity.
    (D) The investigation failed to confirm the individual's claimed 
identity.
    (iii) No conditions can mitigate inability to verify the 
applicant's identity.
    (3) A CAC will not be issued to a person if there is a reasonable 
basis to believe the individual has submitted fraudulent information 
concerning his or her identity.
    (i) A CAC must not be issued to a person if there is a reasonable 
basis to believe the individual has submitted fraudulent information 
concerning his or her identity in an attempt to obtain the current 
credential.
    (A) Substitution occurred in the identity proofing process; the 
individual who appeared on one occasion was not the same person that 
appeared on another occasion.
    (B) The fingerprints associated with the identity do not belong to 
the person attempting to obtain a CAC.
    (ii) No conditions can mitigate submission of fraudulent 
information in an attempt to obtain a current credential.
    (4) A CAC will not be issued to a person if there is a reasonable 
basis to believe the individual will attempt to gain unauthorized 
access to classified documents, information protected by the Privacy 
Act, information that is proprietary in nature, or other sensitive or 
protected information.
    (i) Individuals must comply with information-handling regulations 
and rules. Individuals must properly handle classified and protected 
information such as sensitive or proprietary information.
    (ii) Individuals should not attempt to gain unauthorized access to 
classified documents or other sensitive or protected information. 
Unauthorized access to U.S. Government information or improper use of 
U.S. Government information once access is granted may pose a 
significant risk to national security, may compromise individual 
privacy, and may make public information that is proprietary in nature, 
thus compromising the operations and missions of Federal agencies.
    (iii) A CAC must not be issued if there is a reasonable basis to 
believe the individual will attempt to gain unauthorized access to 
classified documents, information protected by the Privacy Act of 1974, 
as amended, information that is proprietary in nature, or other 
sensitive or protected information.
    (iv) Therefore, conditions that may be disqualifying include any 
attempt to gain unauthorized access to classified, sensitive, 
proprietary or other protected information.
    (v) Circumstances relevant to the determination of whether there is 
a reasonable basis to believe there is an unacceptable risk include:
    (A) Since the time of the last act or activities, the person has 
demonstrated a favorable change in behavior.
    (B) The behavior happened so long ago, was minor, or happened under 
such unusual circumstances that it is unlikely to recur and does not 
cast doubt on the individual's ability to safeguard protected 
information.
    (5) A CAC will not be issued to a person if there is a reasonable 
basis to believe the individual will use an identity credential outside 
the workplace unlawfully or inappropriately.
    (i) A CAC must not be issued to a person if there is a reasonable 
basis to believe the individual will use an identity credential outside 
the workplace unlawfully or inappropriately.
    (ii) Therefore, conditions that may be disqualifying include:
    (A) Documented history of fraudulent requests for credentials or 
other official documentation.
    (B) Previous incidents in which the individual used credentials or 
other official documentation to circumvent rules or regulations.
    (C) A history of incidents involving misuse of credentials that put 
physical assets or personal property at risk.
    (iii) Circumstances relevant to the determination of whether there 
is a reasonable basis to believe there is an unacceptable risk include:
    (A) The behavior happened so long ago, was minor, or happened under 
such unusual circumstances that it is unlikely to recur and does not 
cast doubt on the individual's ability and willingness to use 
credentials lawfully and appropriately.
    (6) A CAC will not be issued to a person if there is a reasonable 
basis to believe the individual will use Federally-controlled 
information systems unlawfully, make unauthorized modifications to such 
systems, corrupt or destroy such systems, or engage in inappropriate 
uses of such systems.
    (i) Individuals must comply with rules, procedures, guidelines, or 
regulations pertaining to information technology systems and properly 
protect sensitive systems, networks, and information. The individual 
should not attempt to use federally-controlled information systems 
unlawfully, make unauthorized modifications, corrupt or destroy, or 
engage in inappropriate uses of such systems. A CAC must not be issued 
to a person if there is a reasonable basis to believe the individual 
will do so or has done so in the past.
    (ii) Therefore, conditions that may be disqualifying include:
    (A) Illegal, unauthorized, or inappropriate use of an information 
technology system or component.
    (B) Unauthorized modification, destruction, manipulation of 
information, software, firmware, or hardware to corrupt or destroy 
information technology systems or data.
    (iii) Circumstances relevant to the determination of whether there 
is a reasonable basis to believe there is an unacceptable risk include:
    (A) The behavior happened so long ago, was minor, or happened under 
such unusual circumstances that it is unlikely to recur and does not 
cast doubt on the individual's ability and willingness to conform to 
rules and regulations for use of information technology systems.
    (d) Supplemental Adjudicative Standards. (1) A CAC will not be 
issued to a person if there is a reasonable basis to believe, based on 
the individual's misconduct or negligence in employment, that issuance 
of a CAC poses an unacceptable risk.
    (i) An individual's employment misconduct or negligence may put 
people, property, or information systems at risk.
    (ii) Therefore, conditions that may be disqualifying include:
    (A) A previous history of intentional wrongdoing on the job, 
disruptive, violent, or other acts that may pose an unacceptable risk 
to people, property, or information systems.
    (B) A pattern of dishonesty or rule violations in the workplace 
which put people, property or information at risk.
    (C) A documented history of misusing workplace information systems 
to view, download, or distribute pornography.

[[Page 55631]]

    (D) Violation of written or recorded commitments to protect 
information made to an employer, such as breach(es) of confidentiality 
or the release of proprietary or other information.
    (E) Failure to comply with rules or regulations for the 
safeguarding of classified, sensitive, or other protected information.
    (iii) Circumstances relevant to the determination of whether there 
is a reasonable basis to believe there is an unacceptable risk include:
    (A) The behavior happened so long ago, was minor, or happened under 
such unusual circumstances that it is unlikely to recur and does not 
cast doubt on the individual's current trustworthiness or good judgment 
relating to the safety of people and proper safeguarding of property 
and information systems.
    (B) The individual was not adequately warned that the conduct was 
unacceptable and could not reasonably be expected to know that the 
conduct was wrong.
    (C) The individual made prompt, good-faith efforts to correct the 
behavior.
    (D) The individual responded favorably to counseling or remedial 
training and has since demonstrated a positive attitude toward the 
discharge of information-handling or security responsibilities.
    (2) A CAC will not be issued to a person if there is a reasonable 
basis to believe, based on the individual's criminal or dishonest 
conduct, that issuance of a CAC poses an unacceptable risk.
    (i) An individual's conduct involving questionable judgment, lack 
of candor, dishonesty, or unwillingness to comply with rules and 
regulations can raise questions about his or her reliability or 
trustworthiness and may put people, property, or information systems at 
risk. An individual's past criminal or dishonest conduct may put 
people, property, or information systems at risk.
    (ii) Therefore, conditions that may be disqualifying include:
    (A) A single serious crime or multiple lesser offenses which put 
the safety of people at risk or threaten the protection of property or 
information. A person's convictions for burglary may indicate that 
granting a CAC poses an unacceptable risk to the U.S. Government's 
physical assets and to employees' personal property on a U.S. 
Government facility.
    (B) Charges or admission of criminal conduct relating to the safety 
of people and proper protection of property or information systems, 
regardless of whether the person was formally charged, formally 
prosecuted, or convicted.
    (C) Dishonest acts (e.g., theft, accepting bribes, falsifying 
claims, perjury, forgery, or attempting to obtain identity 
documentation without proper authorization).
    (D) Deceptive or illegal financial practices such as embezzlement, 
employee theft, check fraud, income tax evasion, expense account fraud, 
filing deceptive loan statements, or other intentional financial 
breaches of trust.
    (E) Actions involving violence or sexual behavior of a criminal 
nature that poses an unacceptable risk if access is granted to 
federally-controlled facilities or federally-controlled information 
systems. For example, convictions for sexual assault may indicate that 
granting a CAC poses an unacceptable risk to the life and safety of 
persons on U.S. Government facilities.
    (F) Financial irresponsibility may raise questions about the 
individual's honesty and put people, property or information systems at 
risk, although financial debt should not in and of itself be cause for 
denial.
    (G) Deliberate omission, concealment, or falsification of relevant 
facts or deliberately providing false or misleading information to an 
employer, investigator, security official, competent medical authority, 
or other official U.S. Government representative, particularly when 
doing so results in personal benefit or which results in a risk to the 
safety of people and proper safeguarding of property and information 
systems.
    (iii) Circumstances relevant to the determination of whether there 
is a reasonable basis to believe there is an unacceptable risk include:
    (A) The behavior happened so long ago, was minor in nature, or 
happened under such unusual circumstances that it is unlikely to recur.
    (B) Charges were dismissed or evidence was provided that the person 
did not commit the offense and details and reasons support his or her 
innocence.
    (C) Improper or inadequate advice from authorized personnel or 
legal counsel significantly contributed to the individual's omission, 
of information. When confronted, the individual provided an accurate 
explanation and made prompt, good-faith effort to correct the 
situation.
    (D) Evidence has been supplied of successful rehabilitation, 
including but not limited to remorse or restitution, job training or 
higher education, good employment record, constructive community 
involvement, or passage of time without recurrence.
    (3) A CAC will not be issued to a person if there is a reasonable 
basis to believe, based on the individual's material, intentional false 
statement, deception, or fraud in connection with Federal or contract 
employment, that issuance of a CAC poses an unacceptable risk.
    (i) The individual's conduct involving questionable judgment, lack 
of candor, or unwillingness to comply with rules and regulations can 
raise questions about an individual's honesty, reliability, 
trustworthiness, and put people, property, or information systems at 
risk.
    (ii) Therefore, conditions that may be disqualifying include 
material, intentional falsification, deception or fraud related to 
answers or information provided during the employment process for the 
current or a prior Federal or contract employment (e.g., on the 
employment application or other employment, appointment or 
investigative documents, or during interviews.)
    (iii) Circumstances relevant to the determination of whether there 
is a reasonable basis to believe there is an unacceptable risk include:
    (A) The misstated or omitted information was so long ago, was 
minor, or happened under such unusual circumstances that it is unlikely 
to recur.
    (B) The misstatement or omission was unintentional or inadvertent 
and was followed by a prompt, good-faith effort to correct the 
situation.
    (4) A CAC will not be issued to a person if there is a reasonable 
basis to believe, based on the nature or duration of the individual's 
alcohol abuse without evidence of substantial rehabilitation, that 
issuance of a CAC poses an unacceptable risk.
    (i) An individual's abuse of alcohol may put people, property, or 
information systems at risk. Alcohol abuse can lead to the exercise of 
questionable judgment or failure to control impulses, and may put 
people, property, or information systems at risk, regardless of whether 
he or she is diagnosed as an abuser of alcohol or alcohol dependent. A 
person's long-term abuse of alcohol without evidence of substantial 
rehabilitation may indicate that granting a CAC poses an unacceptable 
safety risk in a U.S. Government facility.
    (ii) Therefore, conditions that may be disqualifying include:
    (A) A pattern of alcohol-related arrests.
    (B) Alcohol-related incidents at work, such as reporting for work 
or duty in an

[[Page 55632]]

intoxicated or impaired condition, or drinking on the job.
    (C) Current continuing abuse of alcohol.
    (D) Failure to follow any court order regarding alcohol education, 
evaluation, treatment, or abstinence.
    (iii) Circumstances relevant to the determination of whether there 
is a reasonable basis to believe there is an unacceptable risk include:
    (A) The individual acknowledges his or her alcoholism or issues of 
alcohol abuse, provides evidence of actions taken to overcome this 
problem, and has established a pattern of abstinence (if alcohol 
dependent) or responsible use (if an abuser of alcohol).
    (B) The individual is participating in counseling or treatment 
programs, has no history of previous treatment or relapse, and is 
making satisfactory progress.
    (C) The individual has successfully completed inpatient or 
outpatient counseling or rehabilitation along with any required 
aftercare. He or she has demonstrated a clear and established pattern 
of modified consumption or abstinence in accordance with treatment 
recommendations, such as participation in an alcohol treatment program. 
The individual has received a favorable prognosis by a duly qualified 
medical professional or a licensed clinical social worker who is a 
staff member of a recognized alcohol treatment program.
    (5) A CAC will not be issued to a person if there is a reasonable 
basis to believe, based on the nature or duration of the individual's 
illegal use of narcotics, drugs, or other controlled substances without 
evidence of substantial rehabilitation, that issuance of a CAC poses an 
unacceptable risk.
    (i) An individual's abuse of drugs may put people, property, or 
information systems at risk. Illegal use of narcotics, drugs, or other 
controlled substances, to include abuse of prescription or over-the-
counter drugs, can raise questions about his or her trustworthiness, or 
ability or willingness to comply with laws, rules, and regulations. For 
example, a person's long-term illegal use of narcotics without evidence 
of substantial rehabilitation may indicate that granting a CAC poses an 
unacceptable safety risk in a U.S. Government facility.
    (ii) Therefore, conditions that may be disqualifying include:
    (A) Current or recent illegal drug use, serious narcotic, or other 
controlled substance offense.
    (B) A pattern of drug-related arrests or problems in employment.
    (C) Illegal drug possession, including cultivation, processing, 
manufacture, purchase, sale, or distribution of illegal drugs, or 
possession of drug paraphernalia.
    (D) Diagnosis by a duly qualified medical professional (e.g., 
physician, clinical psychologist, or psychiatrist) of drug abuse or 
drug dependence.
    (E) Evaluation of drug abuse or drug dependence by a licensed 
clinical social worker who is a staff member of a recognized drug 
treatment program.
    (F) Failure to successfully complete a drug treatment program 
prescribed by a duly qualified medical professional.
    (G) Any illegal drug use after formally agreeing to comply with 
rules or regulations prohibiting drug use.
    (H) Any illegal use or abuse of prescription or over-the-counter 
drugs.
    (iii) Circumstances relevant to the determination of whether there 
is a reasonable basis to believe there is an unacceptable risk include:
    (A) The behavior happened so long ago, was so infrequent, or 
happened under such circumstances that it is unlikely to recur (e.g., 
clear, lengthy break since last use; strong evidence the use will not 
occur again).
    (B) A demonstrated intent not to abuse any drugs in the future, 
such as:
    (1) Abstaining from drug use.
    (2) Disassociating from drug-using associates and contacts.
    (3) Changing or avoiding the environment where drugs were used.
    (C) Abuse of prescription drugs followed a severe or prolonged 
illness during which these drugs were prescribed and abuse has since 
ended.
    (D) Satisfactory completion of a prescribed drug treatment program, 
including but not limited to rehabilitation and aftercare requirements 
without recurrence of abuse, and a favorable prognosis by a duly 
qualified medical professional.
    (6) A CAC will not be issued to a person if a statutory or 
regulatory bar prevents the individual's contract employment; or would 
prevent Federal employment under circumstances that furnish a 
reasonable basis to believe that issuance of a CAC poses an 
unacceptable risk.
    (i) The purpose of this standard is to verify whether there is a 
bar on contract employment, and whether the contract employee is 
subject to a Federal employment debarment for reasons that also pose an 
unacceptable risk in the contracting context. For example, a person's 
5-year bar on Federal employment based on a felony conviction related 
to inciting a riot or civil disorder, as specified in 5 U.S.C. 7313, 
may indicate that granting a CAC poses an unacceptable risk to persons, 
property, and assets in U.S. Government facilities.
    (ii) Therefore, conditions that may be disqualifying include:
    (A) A debarment was imposed by OPM, DoD, or other Federal agencies 
when the conduct poses an unacceptable risk to people, property, or 
information systems.
    (B) The suitability debarment was based on the presence of serious 
suitability issues when the conduct poses an unacceptable risk to 
people, property, or information systems.
    (iii) Circumstances relevant to the determination of whether there 
is a reasonable basis to believe there is an unacceptable risk include:
    (A) Applicant proves the reason(s) for the debarment no longer 
exists.
    (B) The debarment is job or position-specific and is not applicable 
to the job currently under consideration.
    (7) A CAC will not be issued to a person if the individual has 
knowingly and willfully engaged in acts or activities designed to 
overthrow the U.S. Government by force.
    (i) Individuals entrusted with access to U.S. Government property 
and information systems must not put the U.S. Government at risk.
    (ii) Therefore, conditions that may be disqualifying include:
    (A) Illegal involvement in, support of, training to commit, or 
advocacy of any act of sabotage, espionage, treason or sedition against 
the United States of America.
    (B) Association or agreement with persons who attempt to or commit 
any of the acts in paragraph (d)(7)(ii)(A) of this section with the 
specific intent to further those unlawful aims.
    (C) Association or agreement with persons or organizations that 
advocate, threaten, or use force or violence, or use any other illegal 
or unconstitutional means in an effort to overthrow or influence the 
U.S. Government.
    (iii) Circumstances relevant to the determination of whether there 
is a reasonable basis to believe there is an unacceptable risk include:
    (A) The behavior happened so long ago, was minor, or happened under 
such unusual circumstances that it is unlikely to recur and does not 
cast doubt on the individual's current trustworthiness.
    (B) The person was not aware of the person's or organization's 
dedication to illegal, treasonous, or seditious activities or did not 
have the specific intent to further the illegal, treasonous, or 
seditious ends of the person or organization.
    (C) The individual did not have the specific intent to incite 
others to

[[Page 55633]]

advocate, threaten, or use force or violence, or use any other illegal 
or unconstitutional means to engage in illegal, treasonous, or 
seditious activities.
    (D) The individual's involvement in the activities was for an 
official purpose.

    Dated: September 11, 2014.
Aaron Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 2014-22034 Filed 9-16-14; 8:45 am]
BILLING CODE 5001-06-P
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.