Report Contents
Summary of Review
During an Audit of the Integrity and Use of Security Clearance Data Reported to the Office of the Director of National Intelligence (ODNI), which is ongoing and being conducted jointly with the Inspector General of the Intelligence Community, the Office of Inspector General (OIG) identified deficiencies in the Department of State’s (Department) reporting of security clearance data to ODNI.1 The reporting of security clearance data is required by the Intelligence Authorization Act for FY 2010, codified at 50 U.S. Code § 3104, and the National Defense Authorization Act for FY 2018, codified at 10 U.S. Code § 1564 note. 2 To comply with the legislation, ODNI requires each Intelligence Community element to submit quarterly and annual assessments of Timeliness Data and National Security Metrics.3
The Timeliness Data reporting requirement is meant to identify the processing time of personnel security clearances at each phase of the process (initiation, investigation, and adjudication), by clearance level, for both initial investigations and periodic reinvestigations during the prior fiscal year for Government and contractor employees. The National Security Metrics reporting requirements include, among other things, identifying the timeliness for each phase of the security clearance process; number of completed or pending cases that took longer than 1 year; number of individuals enrolled in continuous evaluation; adjudicative reporting requirements for denied, revoked, and appealed cases; and reciprocity reporting requirements. Once ODNI collects the information from each agency, it prepares an annual report to Congress, in accordance with the Intelligence Authorization Act for FY 2010, codified at 50 U.S. Code § 3104, and the National Defense Authorization Act for FY 2018, codified at 10 U.S. Code § 1564 note. The Bureau of Diplomatic Security (DS) is responsible for the Department’s security clearance investigations.
OIG found that the Department’s methodology for collecting and reporting FY 2019 quarterly and annual Timeliness Data and National Security Metrics did not meet ODNI requirements. Specifically, to report Timeliness Data, OIG found that DS collected a random sample of security clearance cases for the quarter and reported the average for each quarterly submission to ODNI for the initiation phase, which is not reflective of the true timeframe for completing the initiation phase for all security clearances because it involves an average timeframe of the sample of cases selected. With respect to the National Security Metrics, OIG found that in FY 2019, DS did not submit the required quarterly reporting to ODNI because the process to provide all of the information on a quarterly basis was considered too cumbersome due to the manual nature of collecting and organizing the data. OIG also found that of the two reporting requirements (Timeliness Data and National Security Metrics), DS had outdated standard operating procedures to guide the collection and reporting process for Timeliness Data and had not developed standard operating procedures for collecting and reporting National Security Metrics. Moreover, DS told OIG that there was only one official responsible for collecting and reporting security clearance data to ODNI.
The FY 2019 reporting deficiencies occurred, in part, because the case management system DS used to maintain all of the Department’s security clearance data in FY 2019 did not have the capability to produce the exact data required for ODNI reporting. For example, the case management system used in FY 2019 could not connect to and extract the initiation phase timeframe data that were maintained on a separate IT system. As a result, DS selected a random sample of security clearance cases for the quarter and reported the average for each quarterly submission to ODNI. However, this methodology is not reflective of the true timeframe for completing the initiation phase for all security clearances because it involves a random sample. Consequently, OIG was unable to recreate the data that DS reported to ODNI for FY 2019 to verify that the information submitted was accurate. It is important to note that the limitations of the case management system used in FY 2019 were recently addressed. Specifically, in January 2021, DS implemented a new case management system that can directly connect to and access the initiation phase data to complete the Timeliness Data reporting requirements. However, OIG found that additional system modifications to the new case management system are needed to fully meet ODNI reporting requirements for the National Security Metrics.
Until DS makes the necessary modifications to the case management system to respond to all reporting requirements, establishes requisite internal controls to guide the reporting process to ODNI, and adequately resources the process with staff and supervisory support to fulfill the reporting requirements, the Department will not have assurance that the data reported to ODNI, and subsequently to Congress, are accurate and reliable. OIG therefore made three recommendations to address the deficiencies identified in this report. On the basis of DS’s response to a draft of this report, OIG considers all three recommendations resolved, pending further action. A synopsis of DS’s comments on the recommendations offered and OIG’s reply follow each recommendation in the Results section of this report. DS’s response to a draft of this report is reprinted in its entirety in Appendix A.
1 The objectives of the ongoing audit are to determine whether: (1) Intelligence Community elements accurately capture, document, and report required security clearance processing timeliness information; (2) Intelligence Community elements calculate processing timeliness in a consistent manner; (3) the Security Executive Agent accurately compiles and reports data provided by Intelligence Community elements, as required; and (4) the Security Executive Agent uses Timeliness Data to address the security clearance backlog and inform security clearance-related policy decisions. This audit is currently delayed as a result of the COVID-19 pandemic.
2 See 10 U.S. Code § 1564 note, Background and Security Investigations for Department of Defense Personnel, (k)(1).
3 ODNI developed its reporting requirements based on the data reported to Congress as detailed in 50 U.S. Code § 3104 and 10 U.S. Code § 1564 note, Background and Security Investigations for Department of Defense Personnel.
Report Terms
Report Recommendations
OIG recommends that the Bureau of Diplomatic Security implement modifications to the recently deployed Integrated Security and Suitability System that responds to all Office of the Director of National Intelligence quarterly and annual reporting requirements involving Timeliness Data and National Security Metrics.
OIG recommends that the Bureau of Diplomatic Security develop and implement standard operating procedures that result in consistent and accurate reporting of Timeliness Data and National Security Metrics. The standard operating procedures at a minimum should include the methodology for identifying and exporting the data from the case management system and a process to verify that only relevant cases are included for quarterly and annual reporting to the Office of the Director of National Intelligence.
OIG recommends that the Bureau of Diplomatic Security (a) assign responsibilities to additional personnel for the collection and reporting of Timeliness Data and National Security Metrics and (b) require a secondary level of review prior to submitting the data reported to the Office of the Director of National Intelligence.