Sec. 114. Continuous evaluation programs and insider threat programs
1,724 words·~8 min read·
/bill/113/s/2683/is/section-114·A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Congress finds the following: The term continuous evaluation , as defined in Executive Order 13467 ( 50 U.S.C. 3161 note), means reviewing the background of an individual who has been determined to be eligible for access to classified information at any time during the period of eligibility. Since 1998, at least 10 continuous evaluation pilot studies have been carried out by Federal agencies to monitor the individuals with security clearances on an ongoing basis. The Department of Defense has conducted multiple continuous evaluation pilots since early 2002 and has more than one pilot that is ongoing as of July 1, 2014.
By October 2014, the Department anticipates 100,000 people to be subject to continuous evaluation with the population steadily rising to 1,000,000 by 2017. The Office of the Director of National Intelligence plans for all individuals with Top Secret clearances or higher to be subject to continuous evaluation by 2016. Since 2010, applicants submitting an application for a security clearance, the Standard Form 86, are required to consent to being monitored through continuous evaluation.
In February 2014, the Office of Management and Budget issued a 120-day review of Federal employee suitability and contractor fitness determinations as well as security clearance procedures and recommended an accelerated timetable for an integrated solution or continuous evaluation program across all Federal agencies and security levels. In addition to continuous evaluation, some Federal agencies are establishing insider threat programs pursuant to Executive Order 13587 ( 50 U.S.C. 3161 note), which authorized the establishment of insider threat programs to, among other things, identify any Government or contracted employee that may have compromised national security through such employee’s work capacity.
Continuous evaluation and insider threat programs are proliferating throughout the Federal government without requirements for protections to ensure that such programs be designed and implemented in a manner that not only protects national security but also promotes fairness, transparency, and employee protections, including whistleblower protections. Not later than 180 days after the date of the enactment of this Act, the Privacy and Civil Liberties Oversight Board, established under section 1061 of the Intelligence Reform and Terrorism Prevention Act of 2004 ( 42 U.S.C. 2000ee ), shall publish in the Federal Register standards for the protection of national security and promotion of fairness, transparency, and employee protections, including safeguards to preserve the rights and confidentiality of whistleblowers with respect to the operation of a continuous evaluation program and the operation of an insider threat program by a Federal agency.
Not later than 90 days after the date of publication of the standards under subsection (b), the head of any agency that is operating a continuous evaluation program or insider threat program as of the date of the enactment of this Act shall— certify whether such program is in compliance with the standards established under subsection (b); and publish such certification in the Federal Register. Any such head who certifies that a continuous evaluation program or insider threat program does not meet such standards or who fails to publish a certification of compliance pursuant to paragraph
(1)shall suspend the program until such program is compliant and certification of compliance is published in the Federal Register. The head of any agency that is operating a continuous evaluation program or insider threat program as of the date of the enactment of this Act shall annually submit to Congress a report that includes the following information: The number of individuals in the agency subject to the continuous evaluation program or insider threat program. The number of individuals in the agency whose eligibility for access to classified information was suspended or revoked as a result of information acquired through the continuous evaluation program or insider threat program. The total number of individuals in the agency who are eligible to access classified information. Demographic information on each individual whose eligibility for access to classified information was changed as a result of information collected through the continuous evaluation program or insider threat program, including age, race, gender, and ethnicity. A description of the mechanisms used to conduct the evaluations, including how individuals were selected, whether the evaluations were randomized, and if so, the nature of the randomization, including the degree to which it was temporally randomized and the degree to which the selection of individuals subject to the program was randomized. A description of the types of information that were captured through the continuous evaluation program or insider threat program and were the basis for further investigation. The frequency that information captured through the continuous evaluation program or insider threat program was the basis for further investigation. Information on any individual whose eligibility for access to classified information was changed as a result of information collected through the continuous evaluation program or insider threat program, including the clearance level of each impacted individual and what position, if any, the individual holds within the agency, number of years the individual has been eligible to access classified information at the level held at the time that the individual was subject to the continuous evaluation program or insider threat program and, if available, the frequency that classified information was accessed by each such individual. Identification of each database that was accessed. Protocols for resolution of information captured through the continuous evaluation program or insider threat program that was the basis for further investigation, including the provision of notification to the impacted individual’s supervisor and the impacted individual. Information on any specific instance in which the continuous evaluation program or insider threat program resulted in the protection of classified information and national security. Information on the annual and life-cycle costs of the continuous investigation or insider threat program and, in the event that the head of the agency intends to expand the program, information on the anticipated costs of expansion. The head of any agency that establishes a continuous evaluation program after the date of the enactment of this Act shall be subject to the following requirements: Before initiating a continuous evaluation program or insider threat program, such head shall conduct a pilot continuous evaluation program or pilot insider threat program that is not shorter than 120 days in duration and uses a representative sample of individuals eligible for access to classified information, including individuals employed by contractors. Participants in the program shall receive notification and, in the event that derogatory information is identified through the program that results in changes to such participant’s eligibility for access to classified information, shall be provided access to the redress process described under section 116. Before conducting a pilot continuous evaluation program or pilot insider threat program under paragraph (1), such head shall publish, in the Federal Register, a notice of the program that provides information on the provisions of the program, metrics for evaluating its efficacy, and a privacy impact assessment. Not later than 90 days after the initiation of a pilot continuous evaluation program or pilot insider threat program pursuant to paragraph (1), such head shall submit to Congress a preliminary report that includes— the number of individuals evaluated under the program; the total number of individuals in the agency who are eligible to access classified information; demographics of the individuals evaluated under the program, including age, race, gender, ethnicity, employer, clearance level, and the number of years the individual has been eligible to access classified information; a position description for each individual evaluated under the program; a description of the mechanisms used to conduct the evaluations, including how individuals were selected, whether the evaluations were randomized, and if so, the nature of the randomization, including the degree to which it was temporally randomized and the degree to which the selection of individuals subject to the program was randomized; a description of the types of information that were captured through the program and were the basis for further investigation; the frequency that information captured through the program was the basis for further investigation; and information on the number of individuals whose eligibility for access to classified information was changed as a result of information collected through the program. Not later than 180 days after the conclusion of a pilot continuous evaluation program or pilot insider threat program pursuant to paragraph
(1)or expansion of a pilot continuous evaluation program or pilot insider threat program, such head shall submit to Congress a final report that updates the information required in the preliminary report under paragraph (3). The report shall include— an identification of each database that was accessed; protocols for resolution of information captured through the program that was the basis for further investigation, including the provision of notification to the impacted individual’s supervisor and the impacted individual; information on any specific instance in which continuous evaluation resulted in the protection of classified information and national security; and information regarding the annual and life-cycle costs of the program and, in the event that such head intends to expand the program or initiate a continuous evaluation program or insider threat program, information on the anticipated costs of an expansion or initiation. Prior to expanding a pilot continuous evaluation program or insider threat program or initiating a continuous evaluation program or insider threat program, such head shall secure a privacy impact assessment from the top privacy and civil liberties officials at such agency. All reports required under this section shall be submitted in unclassified form and be made publicly available, but may include a classified annex if necessary. Not later than 180 days after the date of the enactment of this Act, the head of an agency that operates a continuous evaluation program shall ensure that data collection under the program is limited to databases and other sources of information accessed for a periodic reinvestigation as of the date of the enactment of this Act. In this section: The term continuous evaluation program means any program continually reviewing the background of an individual who has been determined to be eligible for access to classified information pursuant to Executive Order 12968 ( 50 U.S.C. 3161 note) (as amended by Executive Order 13467 (50 U.S.C. 3161 note)) or any other similar authority. The term insider threat program means any program monitoring the activity of an individual who has been determined to be eligible for access to classified information to improve insider threat detection and prevention pursuant to Executive Order 13587 ( 50 U.S.C. 3161 note) or successor order.
Connectionstraces to 5
Citation graph
cites case law
Sec. 114
Continuous evaluation programs and insider threat programs
Cites 5Cited by 0 across 0 sources