Federal Personnel Vetting Core Doctrine, 2705-2709 [2021-00547]

Agencies

• Office of Personnel Management

[Federal Register Volume 86, Number 8 (Wednesday, January 13, 2021)]
[Notices]
[Pages 2705-2709]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2021-00547]


=======================================================================
-----------------------------------------------------------------------

OFFICE OF PERSONNEL MANAGEMENT


Federal Personnel Vetting Core Doctrine

AGENCY: Office of Personnel Management (OPM) and Office of the Director 
of National Intelligence (ODNI).

ACTION: General statement of policy.

-----------------------------------------------------------------------

SUMMARY: This action by the Acting OPM Director in the capacity as the 
Suitability and Credentialing Executive Agent, in consultation with the 
Director of National Intelligence (DNI) in the capacity as the Security 
Executive Agent, establishes a Federal Personnel Vetting Core Doctrine 
to guide transformative efforts to reform the U.S. Government personnel 
security vetting processes. This policy statement is consistent with 
direction established by the President in an Executive order entitled 
Reforming Processes Related to Suitability for Government Employment, 
Fitness for Contractor Employees, and Eligibility for Access to 
Classified National Security Information, mandating the Executive 
Agents to align, to the greatest extent practicable, the Federal 
workforce vetting processes to promote mobility, improve efficiencies 
and move towards an enhanced risk management approach. With the 
issuance of this general statement of policy, the Federal Personnel 
Vetting Core Doctrine establishes the philosophy for the Government's 
personnel vetting program and will guide development of Government-wide 
and agency policy. This Core Doctrine defines the personnel vetting 
mission, its guiding principles, key supporting processes, and policy 
priorities.

DATES: Comments must be received on or before February 12, 2021.

ADDRESSES: You may submit comments, identified by the docket number or 
Regulation Identifier Number (Z-RIN) for this document, by any of the 
following methods:
     Federal eRulemaking Portal: https://www.regulations.gov. 
Follow the instructions for sending comments.
    All submissions received must include the agency name and docket 
number or RIN (RIN 3206-ZA02, October 2020) for this document. The 
general policy for comments and other submissions from members of the 
public is to make these submissions available for public viewing at 
https://www.regulations.gov as they are received without change, 
including any personal identifiers or contact information. OPM will 
prepare and post a public response to major concerns raised in the 
comments, as appropriate, on its guidance Web portal, either before or 
when the guidance document is finalized and issued.

FOR FURTHER INFORMATION CONTACT: Dorianna Rice at Suitability Executive 
Agent Programs, OPM, [email protected] or (202) 606-8460 and/or National 
Counterintelligence and Security Center, ODNI, at [email protected].

SUPPLEMENTARY INFORMATION:

Authority for This Action

    Executive Order 13467, Reforming Processes Related to Suitability 
for Government Employment, Fitness for Contractor Employees, and 
Eligibility for Access to Classified National Security Information 
(June 30, 2008), as amended, established the DNI as the Security 
Executive Agent and the Director of OPM as the Suitability & 
Credentialing Executive Agent.\1\ ODNI and OPM are the primary entities 
responsible for policy and oversight of the Federal Government's 
personnel vetting process. The ODNI and OPM are issuing this general 
statement of policy to inform Federal agencies and the public of a new 
framework designed to guide the fundamental transformation of the 
Federal Government's personnel vetting process. All other applicable 
authorities are cited within the body of the general statement of 
policy below. 5 U.S.C. 552(a)(1)(D) provides that agencies publish 
their general

[[Page 2706]]

statements of policy in the Federal Register for the guidance of the 
public.
---------------------------------------------------------------------------

    \1\ Previously, OPM was already responsible for issuing the 
standards by which candidates for the competitive and senior 
executive service were to be assessed for entry into the civil 
service, pursuant to the President's statutory authority to 
establish the criteria for entry into the competitive service, and 
his delegation of that authority to OPM through the Civil Service 
Rules. 5 U.S.C. 3301, 3302; E.O. 10577, Civil Service Rules II, and 
V, codified at 5 CFR parts 2 and 5, as amended. Under President 
Clinton's E.O. 12968 (Aug. 2, 1995), the Security Policy Board and 
successor Policy Coordinating Committee were responsible for 
recommending standards to the President by which eligibility for 
access to classified information was to be determined. With 
President George W. Bush's promulgation of E.O. 13467, the Director 
of National Intelligence assumed that function. E.O. 13467, and 
subsequent Executive Orders, have also made OPM responsible for 
issuing standards related to for eligibility for logical or physical 
access to Government systems and facilities; fitness for performing 
work on behalf of the Government under a contract; and fitness for 
appointment to the excepted service.
---------------------------------------------------------------------------

    The contents of this document do not have the force and effect of 
law and are not meant to bind the public in any way, except as 
authorized by law or incorporated into a contract. This document is 
intended to provide clarity to the public regarding existing 
requirements under the law or agency policies and to inform agencies of 
the framework that will guide their implementation of existing legal 
requirements, and any new requirements that are adopted. This document 
was created to explain to agencies the underlying philosophies that 
should animate the implementation of their responsibilities with 
respect to adjudicating suitability or fitness, eligibility to hold a 
position that is national security sensitive, and eligibility for 
logical or physical access to agency systems or facilities.

Regulatory Impact

    Executive Orders 13563 and 12866 direct agencies to assess all 
costs and benefits of available regulatory alternatives and, if 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health and safety effects, distributive impacts, and equity). Executive 
Order 13563 emphasizes the importance of quantifying both costs and 
benefits, of reducing costs, of harmonizing rules, and of promoting 
flexibility. This guidance has been reviewed by OMB and designated a 
``significant regulatory action,'' under Executive Order 12866. 
However, it is not economically significant.

Promoting International Regulatory Cooperation

    As required by Executive Orders 13891 and 13609, OPM and ODNI have 
concluded that this guidance document is not a significant regulation 
having significant international impacts.

Reducing Regulation and Controlling Regulatory Costs

    This guidance is not expected to be subject to the requirements of 
E.O. 13771(82 FR 9339, February 3, 2017) because it is expected to 
impose no more than de minimis costs.

Regulatory Flexibility Act

    OPM and ODNI certify that this guidance document will not have a 
significant economic impact on a substantial number of small entities 
because it will apply only to Federal agencies.

Unfunded Mandates Act of 1995

    This guidance will not result in the expenditure by state, local, 
and tribal governments, in the aggregate, or by the private sector, of 
$100 million or more in any year and it will not significantly or 
uniquely affect small governments. Therefore, no actions were deemed 
necessary under the provisions of the Unfunded Mandates Reform Act of 
1995.

Congressional Review Act

    The Congressional Review Act (5 U.S.C. 801 et seq.) requires rules 
(as defined in 5 U.S.C. 804) to be submitted to Congress before taking 
effect. OPM will submit to Congress and the Comptroller General of the 
United States a report regarding the issuance of this action before its 
effective date, as required by 5 U.S.C. 801. This action is not major 
as defined by the Congressional Review Act (CRA) (5 U.S.C. 804).

Paperwork Reduction Act

    This guidance does not impose any new reporting or record-keeping 
requirements subject to the Paperwork Reduction Act.

I. Background: Trusted Workforce 2.0

    Effective Government operations require that the Federal 
Government's workforce be trusted to deliver on the mission, provide 
excellent service, and demonstrate effective stewardship of taxpayer 
funds. Recognizing that establishing and maintaining trust \2\ is the 
core goal of the Federal personnel vetting program, the Security 
Executive Agent and the Suitability and Credentialing Executive Agent 
in coordination and consultation with the Under Secretary of Defense 
for Intelligence and Security (USD(I&S)) and the Deputy Director for 
Management of OMB, in their roles as Principal Members of the Security, 
Suitability and Credentialing Performance Accountability Council (PAC), 
have initiated the ``Trusted Workforce 2.0'' (TW 2.0) transformational 
efforts to provide a roadmap for reformed and innovative Federal 
personnel vetting.
---------------------------------------------------------------------------

    \2\ The nature of the trust determination depends on the legal 
requirements for each vetting program. Thus for suitability and 
fitness determinations the trust consideration is to ensure that 
admission into the Civil Service will ``best promote the efficiency 
of that service,'' by ascertaining ``the fitness of applicants . . . 
as to character . . . for the employment sought'' (5 U.S.C. 3301); 
for national security eligibility the trust consideration is to 
ensure that eligibility is ``clearly consistent with the national 
security interests of the United States,'' where adjudication of 
past conduct ``is only an attempt to predict . . . possible future 
behavior'' and ``does not equate with passing judgment upon the 
individual's character.'' (E.O. 12968, sec. 3.1; Dep't of the Navy 
v. Egan, 484 U.S. 518, 528 (1988)).
---------------------------------------------------------------------------

    In March 2018, ODNI and OPM launched the TW 2.0 effort, in 
consultation with other agencies across the U.S. Government, to 
fundamentally overhaul the Federal personnel vetting process. The 
effort was organized into two phases. Phase One was designed to reduce 
and eliminate the then extant background investigation inventory,\3\ 
which had grown substantially due to a confluence of prior events, 
while Phase Two sought to establish a new Government-wide approach to 
personnel vetting. This general statement of policy addresses Phase Two 
of TW 2.0.
---------------------------------------------------------------------------

    \3\ See https://www.performance.gov/CAP/action_plans/july_2020_Security_Suitability.pdf. For the first time since August 
2014, the background investigation case inventory has returned to a 
stable state of approximately 200,000 cases, from a high of 725,000 
cases. The success of Phase One is the result of concerted efforts, 
including policy changes issued by ODNI and OPM as the Executive 
Agents for personnel vetting, and internal process improvements made 
by the National Background Investigations Bureau (formerly a 
division of OPM), and its successor, the Defense Counterintelligence 
and Security Agency (DCSA).
---------------------------------------------------------------------------

II. Discussion of the Policy

    With the issuance of this General Policy Statement, the Federal 
Personnel Vetting Core Doctrine establishes the philosophy of the 
Government's personnel vetting program and will guide development of 
Government-wide and agency policy. This Core Doctrine defines the 
personnel vetting mission, its guiding principles, key supporting 
processes, and policy priorities.
    After the issuance of this Federal Personnel Vetting Core Doctrine, 
the next steps involve consulting with Federal agencies through 
interagency processes to refine and begin issuing and implementing the 
policies across the Federal Government to bring about change. In the 
coming months, ODNI and OPM anticipate several Executive Branch 
policies to be issued that will provide high-level direction, establish 
an aggressive path forward, and outline immediate steps to bridge to 
the future state. Public participation will be provided through 
applicable statutory procedures, such as notice-and-comment rulemaking 
under the Administrative Procedure Act for substantive rules, and 60-
day and 30-day notices under the Paperwork Reduction Act for 
information collections.

[[Page 2707]]

Federal Personnel Vetting Core Doctrine

RIN 3206-ZA02, October 2020
I. Overview
    This Federal Personnel Vetting Core Doctrine (Core Doctrine) sets 
forth the defining elements of a successful program for vetting the 
individuals who make up a trusted Federal workforce. It provides the 
philosophy for and guides all personnel vetting policy, including all 
Executive Branch-wide and agency-specific policy and procedures. The 
Executive Agents will review the Core Doctrine regularly, at least 
every five years, to ensure it is current and that Federal personnel 
vetting business operations at all times further the principles, 
outcomes, and management and policy priorities set forth herein. 
Department and agency heads should review their departmental and agency 
policies and procedures periodically to ensure those policies and 
procedures further the principles, outcomes, and management and policy 
priorities set forth herein.
    The contents of this document do not have the force and effect of 
law and are not meant to bind the public in any way, except as 
authorized by law or incorporated into a contract. This document is 
intended only to provide clarity to the public regarding existing 
requirements under the law or agency policies and guidance to Federal 
agencies implementing the legal requirements relating to Federal 
vetting processes. The guidance is not intended to revise or replace 
any previously issued guidance.
II. Authorities
    This Core Doctrine is issued by the Security Executive Agent and 
the Suitability & Credentialing Executive Agents \4\ pursuant to the 
following authorities:
---------------------------------------------------------------------------

    \4\ Per Executive Order 13467, as amended, the Director of OPM 
is the Suitability and Credentialing Executive Agent and the 
Director of National Intelligence is the Security Executive Agent.
---------------------------------------------------------------------------

    A. 50 U.S.C. 3341 and 3352a.
    B. 5 U.S.C. 1103, 1104, 3301, 7301, and 11001.
    C. E.O. 12968, Access to Classified Information (August 2, 1995), 
as amended.
    D. Homeland Security Presidential Directive 12, Policy for a Common 
Identification Standard for Federal Employees and Contractors (August 
27, 2004).
    E. E.O. 13467, Reforming Processes Related to Suitability for 
Government Employment, Fitness for Contractor Employees, and 
Eligibility for Access to Classified National Security Information 
(June 30, 2008), as amended.
    F. E.O. 13488, Granting Reciprocity on Excepted Service and Federal 
Contractor Employee Fitness and Reinvestigating Individuals in 
Positions of Public Trust (January 16, 2009), as amended.
    G. Civil Service Rules II, V, and VI, codified in 5 CFR parts 2, 5, 
and 6.
    H. Office of Management and Budget Circular No. A-123, Management's 
Responsibility for Enterprise Risk Management and Internal Control.
III. Good Governance
    Governance structures exist to promote efficient and effective 
personnel vetting outcomes and facilitate accountability to the 
President; responsiveness to Congress; and transparency, to the extent 
possible, consistent with the underlying mission, to the workforce, the 
public, and other stakeholders. Every member of the trusted Federal 
workforce has a shared responsibility for the successful outcomes of 
the Federal personnel vetting programs. The Federal personnel vetting 
governance framework is set forth in E.O. 13467, as amended, which 
assigns the following entities key governance roles and 
responsibilities:
    A. The Security Executive Agent and the Suitability & Credentialing 
Executive Agent.
    B. The Security, Suitability, and Credentialing Performance 
Accountability Council (PAC).
    C. Department and agency heads.
    D. Authorized personnel vetting investigative service providers 
(ISP).
IV. Personnel Vetting Principles
    The overarching principles applicable to the Federal personnel 
vetting enterprise are intended to reflect the nation's security and 
personnel priorities. The following principles are common to every 
aspect of personnel vetting and are the benchmark for successful 
personnel vetting operations:
    A. Consistent, Cogent, and Outcome-Based Policy Hierarchy. Policy 
that is informed by this Core Doctrine, including specific guidelines 
that are outcome-based, as appropriate, and corresponding standards and 
appendices that provide information sources, methods, and 
implementation guidance.
    B. Holistic Risk Management for Federal Personnel Vetting. 
Assessment of potential threats and vulnerabilities presented by those 
who are currently or would be trusted insiders throughout the 
Government to manage risk to people, property, information, and 
mission. Personnel vetting is one of multiple areas where risk is 
managed in the Government.
    C. Government-Wide Solutions. Providing Government-wide policy 
mechanisms, information technology shared services, shared services for 
business functions, and Government-wide regulatory tools whenever 
possible.
    D. Continuous Data-Driven Improvements. Continuous performance 
improvements that support data-driven policy decisions, integration of 
innovations and emerging technologies; and remedial action and 
resolution for when adverse events or other program failures occur.
    E. Lawful, Fair, and Effective Outcomes. Consistent and equitable 
treatment of individuals through adherence to legal obligations and 
protections, including privacy, procedural, and constitutional rights, 
as appropriate, promotes protection of national security; protection of 
Government personnel, property, information and systems; and the 
efficiency and integrity of the civil service.
    F. Open Government. Transparency of the Federal personnel vetting 
program to the Federal workforce, the public, and Congress, consistent 
with applicable privileges or statutory limitations on disclosure 
(e.g., national security needs, classified information protection, 
controlled unclassified information (CUI), and other privileges such as 
the deliberative process privilege).
    G. Culture of Shared Responsibility. A collective environment built 
upon mutual goals, effective training, appropriate behavior, and shared 
expectations and obligations by all stakeholders.
V. Personnel Vetting Outcomes
    The Federal Government must effectively optimize the resources, 
information, and technology to support the goal of a trusted workforce 
to conduct the business of the Federal Government. Personnel vetting 
assesses the trustworthiness of individuals based on the core 
characteristics to protect people, property, information, and mission, 
as they relate to the particular purpose. Personnel vetting is 
successful when it:
    A. Provides a trusted workforce based on an evaluation of conduct, 
integrity, judgment, loyalty, and reliability.
    B. Consistently results in efficient, effective, and timely trust 
determinations, regardless of vetting domain, while complying with 
applicable law.
    C. Produces timely, comprehensive, and appropriate organizational 
response to adverse events.

[[Page 2708]]

    D. Quickly identifies and appropriately addresses issues that may 
adversely affect the trust determinations of individuals.
    E. Promotes mobility of individuals between and within Federal 
agencies and Government contractors and enables efficient re-entry to 
Federal service from the private sector. Mobility is enhanced by 
efficient transfer of trust determinations and reciprocity between 
departments and agencies, and across roles for individuals who work for 
or on behalf of the Federal Government.
    F. Inspires the public's confidence in a trusted Federal workforce 
and the wise stewardship of public resources.
    G. Employs continuous data-driven performance improvement and 
outcome-based metrics.
    H. Leverages research and innovation capabilities to advance the 
Federal personnel vetting mission and increase the effectiveness of 
decision-making.
    I. Uses data-driven analytics, as appropriate, to improve decision-
making regarding Federal policies, processes, resources, personnel, and 
programs.
VI. Policy Priorities
    The success of the Government's personnel vetting program depends 
on thoughtful, complete, and supportable articulation of policy goals. 
Department and agency personnel achieve policy goals if they are clear 
and consistent. For policy priorities to be successful:
    A. All personnel vetting policy is integrated and aligned within a 
unified policy framework that is consistent with applicable law. The 
personnel vetting policy framework includes issuance of guidelines, 
that describe the successful outcomes that are intended, and those 
outcomes are achieved through detailed compliance criteria (issued in 
``standards'').
    B. Policy is reviewed regularly to determine whether it remains 
consistent with law, still aligns with mission needs, is supported by 
current data, and responds to societal or other relevant changes, 
including emerging threats, to achieve its intended purpose.
    C. Policy guides process and methodology and permits appropriate 
flexibility in the choice of methodology by agency practitioners 
charged with implementing it.
    D. Policy drives the integration of business processes and 
capabilities for efficient and effective management of personnel 
vetting.
    E. Policy promotes and enables multi-directional information-
sharing to the greatest extent practical among personnel working in 
federal employee and contractor vetting, human resources, insider 
threat, military accessions, and complementary mission areas to 
identify risks in a timely manner, reduce waste, improve quality, 
increase effectiveness, and maximize efficiency.
    F. Policy focuses on gathering and sharing all relevant information 
about an individual in a timely and efficient manner to identify the 
extent to which the individual exhibits the characteristics of a person 
who can be trusted to protect people, property, information, and 
mission, as appropriate under the relevant adjudicative standards.
    G. Policy clearly describes the characteristics of a trusted person 
so that criteria are applied consistently, to the extent possible, 
across all vetting domains, resulting in basic trust determinations 
that are uniform across all agencies, and allowing for additional 
agency- or position-specific criteria to be applied only when necessary 
to meet unique needs of that agency or position.
    H. Personnel vetting policy guidelines informed by this Core 
Doctrine are issued by the Executive Agents. Authority to issue 
standards and their appendices may be delegated by the Executive Agents 
pursuant to their respective authorities.
    I. Departments and agencies must ensure that their policy is 
consistent with the Federal personnel vetting policy framework.
    J. Departments and agencies must ensure sufficient funding and 
resources are dedicated in support of the personnel vetting mission.
VII. Risk Management
    Risk is unavoidable when realizing an organization's objectives, 
and all governmental activities involve managing risk, including 
preventing, detecting, and mitigating both human and enterprise risk. 
Federal personnel vetting is one of multiple ways that the Government 
manages human risk; others include insider threat programs, human 
resources programs, drug testing, etc. Personnel vetting risk 
management is successful when:
    A. It is applied both throughout the end-to-end process and at all 
levels of vetting to reduce risk to people, property, information, and 
mission.
    B. It uses a layered risk management approach that (1) uses 
deterrence and remediates vulnerabilities and (2) takes into account 
enterprise risk management and human risk management in the development 
of policy and in the design and operation of government-wide and agency 
personnel vetting programs that implement the policy.
    C. Personnel vetting integrates information from entities with 
complementary missions that also manage personnel risk (e.g., insider 
threat programs, counterintelligence, human resources programs).
    D. A senior agency official is assigned with the responsibilities 
to oversee the management of an effective personnel vetting program.
VIII. Information Management
    Obtaining and using information about an individual to make a trust 
determination, whether obtained from internal agency or external 
Government and non-government sources, must meet the specific purpose 
as defined in the personnel vetting program. When gathering information 
departments and agencies must take into account the privacy and other 
legal rights of the individual. Properly managing and safeguarding 
information is essential to good government, maintaining the trust of 
the public and the workforce, and the quality and effectiveness of 
operations. For information management to be successful, Federal 
departments and agencies must ensure that:
    A. Information used to make trust determinations and manage risk is 
accurate, relevant, timely, and as complete as is reasonably necessary 
to assure fairness to the individual.
    B. Information collection is not unduly intrusive and is 
appropriately tailored to the purposes for which it is collected.
    C. Information collection and management practices do not adversely 
affect, and are designed to promote, the Government's ability to 
attract talented and trustworthy individuals to public service and 
service to Government under contracts.
    D. Vetting practitioners are engaged with individuals during the 
entire vetting process to collect information, resolve derogatory 
information, improve transparency, and cultivate effective two-way 
communication between the individual and the Government. Trusted 
insiders and the Government share responsibility for maintaining 
complete, accurate, and relevant information as part of an individual's 
personnel
    E. Vetting record.
    F. A trained and vetted staff is accountable for the protection of 
information, including information shared by complementary missions.
    G. Mechanisms are in place to safeguard personnel vetting sources 
and methods, and to protect the collection, use, dissemination, and 
retention of information.
    H. Efficiencies are maximized in the collection, use, 
dissemination, and

[[Page 2709]]

retention of information across Government when there is cooperation 
and timely sharing of relevant information among complementary missions 
both between and within departments and agencies.
    I. A risk-based approach is used to identify and detect potential 
vulnerabilities and threats early in the process and undertake risk 
mitigation throughout the process to lessen or prevent the impact to 
people, property, information, and mission.
IX. Information Technology
    Successfully vetting a trusted workforce and protecting personal 
data requires effective, secure, and innovative technology and the 
ability to integrate newer and better technology as it becomes 
available. Combating cyber threats, complying with data protection 
requirements, and managing information are integral to the vetting 
process. The successful execution of the Federal personnel vetting 
mission requires that Federal agencies ensure:
    A. Security principles are embedded in all information technology 
(IT) systems in accordance with applicable law, E.O.s, rules, and 
regulations.
    B. Development efforts incorporate government-wide guidance that 
adopts private sector best practices for the agile and iterative 
development and delivery of new or modified IT systems and 
capabilities.
    C. Cutting-edge technologies are adopted to improve both quality 
and timeliness of personnel vetting, while outdated and legacy IT 
capabilities are decommissioned.
    D. Federal IT shared services are used to maximize return on 
investment, reduce duplication, and improve effectiveness.
X. Awareness and Organizational Culture
    A Federal trusted workforce requires that all levels of the Federal 
Government use good risk management techniques and promote an effective 
security posture. A strong culture of personal accountability and 
understanding potential risks allows the personnel vetting mission to 
effectively function. To achieve this organizational culture:
    A. All members of the trusted workforce must understand their role 
and take personal ownership of their responsibilities in the success of 
the overall personnel vetting enterprise.
    B. All members of the trusted workforce must understand, support, 
and execute the responsibilities that accompany a favorable trust 
determination.

Alexys Stanley,
Regulatory Affairs Analyst.
[FR Doc. 2021-00547 Filed 1-12-21; 8:45 am]
BILLING CODE 6325-53-P