Pentagon security agency aims to put background investigation software on track

The National Background Investigation Services program reached some initial milestones after the software project’s schedule was reset last year, but the development team “still has a lot of work” to do on the security clearance system, according to one. senior official in the Ministry of Defense. .

NBIS was originally designed to replace the old Personnel Management Office background investigation system that was hacked in 2015. But NBIS is now at the heart of the government’s Trusted Workforce 2.0 initiative, particularly its focus on “continuous verification”, which consists of using automated file verifications and constant monitoring of the authorized workforce.

The DoD budget documents describe the NBIS as a “secure end-to-end IT architecture for the government personnel control business.”

The Counter-Intelligence and Defense Security Agency supported the development of NBIS last year. DCSA director Bill Lietzau said officials quickly determined they would need to “redefine” the program.

“Early on, we realized that this thing was not on track to deliver the technological capacity the agency needs to implement what policymakers have put in place,” Lietzau said at an event. June 30 by the Potomac Officers Club. “You could have the best policy in the world and people have been working for years to come up with this wonderful Trusted Workforce 2.0. In this case, without that technological capability, you just can’t do it.

The Defense Information Systems Agency was in charge of the development of the NBIS until the October 1, 2020 transfer to the DCSA. Budget documents show that DISA spent approximately $ 216 million between FY2017 and FY20 on the program. DISA awarded Perspecta another transaction agreement in 2018 to develop the NBIS prototype.

DISA had predicted that the system would reach full operational capacity by 2020, according to budget documents. But the system remained in development as it moved to DCSA.

The budget only increased under the security agency, with DCSA receiving $ 110 million for system development in fiscal year 21 alone. The agency is asking for an additional $ 123 million in FY-22. The program is also part of DoD’s “software and technology pilots”, which offer greater budgetary flexibility compared to traditional programs.

Peraton is now the prime contractor for the program after acquiring Perspecta in May. The company inherited a possible $ 500 million follow-up agreement for the delivery of the NBIS software.

Lietzau said the system was his top priority as manager. The program manager reports directly to him, with system development seen as a “mission area” for DCSA, not just an enabling function or support area.

Over the past year, the program “has reached four milestones for the development of NBIS, on time, on schedule, truly the first time they have done so since the inception of the program,” Lietzau said.

The NBIS team now releases abilities in increments. But budget documents show that DCSA will not provide the initial capacity to process background investigations until summer 2022. The agency plans to continue operating existing OPM systems until 2023.

“We redefined it, but there is a lot of work for NBIS to do,” Lietzau said.

Continuous verification increases

Despite software program delays, agencies are implementing Trusted Workforce 2.0 in phases using interim IT capabilities to perform automated case checks and other “continuous monitoring” functions on their employees and contractors.

More than 90% of the national security workforce, or about 3.8 million people, are now enrolled in continuous monitoring programs, according to Mark Frownfelter, deputy director of the Special Security Directorate of the National Counterintelligence Center and Security (NCSC). The agencies plan to enroll all members of the national security workforce for ongoing screening by the end of September.

“At the end of the day, we are moving aggressively with these policies,” Frownfelter said at the Potomac Officers Club event. “DCSA, we are working closely with them to establish the systems that can achieve these milestones. “

In January, OPM released a Core Control Doctrine outlining the principles of the Trusted Workforce 2.0 policy. Frownfelter said the government would soon release a “draft implementation strategy”, along with other draft policies before the end of 2021.

In addition to national security employees, about 11,000 people from 15 non-defense agencies are now enrolled in ongoing monitoring, according to Heather Green, deputy director of risky operations oversight at DCSA.

“Then we have about 35 other agencies interested and in the process of integrating,” Green said.

Lietzau also praised the DCSA workforce for completing the work of reducing the backlog of stable-state investigations of 200,000 cases last year, despite having to telecommute during COVID. -19. He said the pandemic also forced the DCSA to scan its records, including old OPM security clearance logs hosted at Iron Mountain in Boyers, Pa.

“I just visited Boyers a few weeks ago – these files are all gone,” Lietzau said. “Everything is now electronic. Frankly, COVID has helped us to be able to do that. “

Margie D. Carlisle