Sec. 1086. REFORM AND IMPROVEMENT OF PERSONNEL SECURITY, INSIDER THREAT DETECTION AND PREVENTION, AND PHYSICAL SECURITY

3,014 words·~14 min read·/statute-compilations/comps-11831/sec-1086

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

## SEC. 1086 REFORM AND IMPROVEMENT OF PERSONNEL SECURITY, INSIDER THREAT DETECTION AND PREVENTION, AND PHYSICAL SECURITY **[**[10 U.S.C. 1564 note](/us/usc/t10/s1564)**]** ###

(a)Personnel Security and Insider Threat Protection in Department of Defense ####

(1)Plans and schedules Consistent with the Memorandum of the Secretary of Defense dated March 18, 2014, regarding the recommendations of the reviews of the Washington Navy Yard shooting, the Secretary of Defense shall develop plans and schedules— #####

(A)to implement a continuous evaluation capability for the national security population for which clearance adjudications are conducted by the Department of Defense Central Adjudication Facility, in coordination with the heads of other relevant agencies; #####

(B)to produce a Department-wide insider threat strategy and implementation plan, which includes— ######

(i)resourcing for the Defense Insider Threat Management and Analysis Center and component insider threat programs, and ######

(ii)alignment of insider threat protection programs with continuous evaluation capabilities and processes for personnel security; #####

(C)to centralize the authority, accountability, and programmatic integration responsibilities, including fiscal control, for personnel security and insider threat protection under the Under Secretary of Defense for Intelligence; #####

(D)to develop a defense security enterprise reform investment strategy to ensure a consistent, long-term focus on funding to strengthen all of the Department’s security and insider threat programs, policies, functions, and information technology capabilities, including detecting threat behaviors conveyed in the cyber domain, in a manner that keeps pace with evolving threats and risks; #####

(E)to resource and expedite deployment of the Identity Management Enterprise Services Architecture; and #####

(F)to implement the recommendations contained in the study conducted by the Director of Cost Analysis and Program Evaluation required by section 907 of the National Defense Authorization Act for Fiscal Year 2014 (Public Law 113-66; 10 U.S.C. 1564 note), including, specifically, the recommendations to centrally manage and regulate Department of Defense requests for personnel security background investigations. ####

(2)Reporting requirement Not later than 180 days after the date of the enactment of this Act, the Secretary of Defense shall submit to the appropriate committees of Congress a report describing the plans and schedules required under paragraph (1). ###

(b)Physical and Logical Access Not later than 270 days after the date of the enactment of this Act— ####

(1)the Secretary of Defense shall define physical and logical access standards, capabilities, and processes applicable to all personnel with access to Department of Defense installations and information technology systems, including— #####

(A)periodic or regularized background or records checks appropriate to the type of physical or logical access involved, the security level, the category of individuals authorized, and the level of access to be granted; #####

(B)standards and methods for verifying the identity of individuals seeking access; and #####

(C)electronic attribute-based access controls that are appropriate for the type of access and facility or information technology system involved; ####

(2)the Director of the Office of Management and Budget and the Chair of the Performance Accountability Council, in coordination with the Secretary of Defense, the Administrator of General Services, and, when appropriate, the Director of National Intelligence, and in consultation with representatives from stakeholder organizations, shall design a capability to share and apply electronic identity information across the Government to enable real-time, risk-managed physical and logical access decisions; and ####

(3)the Director of the Office of Management and Budget, in conjunction with the Director of the Office of Personnel Management and in consultation with representatives from stakeholder organizations, shall establish investigative and adjudicative standards for the periodic or regularized reevaluation of the eligibility of an individual to retain credentials issued pursuant to Homeland Security Presidential Directive 12 (dated August 27, 2004), as appropriate, but not less frequently than the authorization period of the issued credentials. ###

(c)Security Enterprise Management Not later than 180 days after the date of enactment of this Act, the Director of the Office of Management and Budget shall— ####

(1)formalize the Security, Suitability, and Credentialing Line of Business; and ####

(2)submit to the appropriate congressional committee a report that describes plans— #####

(A)for oversight by the Office of Management and Budget of activities of the executive branch of the Government for personnel security, suitability, and credentialing; #####

(B)to designate enterprise shared services to optimize investments; #####

(C)to define and implement data standards to support common electronic access to critical Government records; and #####

(D)to reduce the burden placed on Government data providers by centralizing requests for records access and ensuring proper sharing of the data with appropriate investigative and adjudicative elements. ###

(d)Reciprocity Management Not later than two years after the date of the enactment of this Act, the Chair of the Performance Accountability Council shall ensure that— ####

(1)a centralized system is available to serve as the reciprocity management system for the Federal Government; and ####

(2)the centralized system described in paragraph

(1)is aligned with, and incorporates results from, continuous evaluation and other enterprise reform initiatives. ###

(e)Reporting Requirements Implementation Not later than 180 days after the date of enactment of this Act, the Chair of the Performance Accountability Council, in coordination with the Security Executive Agent, the Suitability Executive Agent, and the Secretary of Defense, shall jointly develop a plan to— ####

(1)implement the Security Executive Agent Directive on common, standardized employee and contractor security reporting requirements; ####

(2)establish and implement uniform reporting requirements for employees and Federal contractors, according to risk, relative to the safety of the workforce and protection of the most sensitive information of the Government; and ####

(3)ensure that reported information is shared appropriately. ###

(f)Access to Criminal History Records for National Security and Other Purposes ####

(1)Definition Section 9101(a) of title 5, United States Code, is amended by adding at the end the following: > > #### “(7) > > The terms ‘Security Executive Agent’ and ‘Suitability Executive Agent’ mean the Security Executive Agent and the Suitability Executive Agent, respectively, established under Executive Order 13467 (73 Fed. Reg. 38103), or any successor thereto.” > . ####

(2)Covered agencies Section 9101(a)(6) of title 5, United States Code, is amended by adding at the end the following: > > ##### “(G) > > The Department of Homeland Security. > > > ##### “(H) > > The Office of the Director of National Intelligence. > > > ##### “(I) > > An Executive agency that— > > > ###### “(i) > > is authorized to conduct background investigations under a Federal statute; or > > > ###### “(ii) > > is delegated authority to conduct background investigations in accordance with procedures established by the Security Executive Agent or the Suitability Executive Agent under subsection

(b)or (c)(iv) of section 2.3 of Executive Order 13467 (73 Fed. Reg. 38103), or any successor thereto. > > > ##### “(J) > > A contractor that conducts a background investigation on behalf of an agency described in subparagraphs

(A)through (I).” > . ####

(3)Applicable purposes of investigations Section 9101(b)(1) of title 5, United States Code, is amended— #####

(A)by redesignating subparagraphs

(A)through

(D)as clauses

(i)through (iv), respectively, and adjusting the margins accordingly; #####

(B)in the matter preceding clause (i), as redesignated— ######

(i)by striking “the head of”; ######

(ii)by inserting “all” before “criminal history record information”; and ######

(iii)by striking “ for the purpose of determining eligibility for any of the following: ” and inserting > “, in accordance with Federal Investigative Standards jointly promulgated by the Suitability Executive Agent and Security Executive Agent, for the purpose of— > > > ##### “(A) > > determining eligibility for—” > ; #####

(C)in clause (i), as redesignated— ######

(i)by striking “Access” and inserting “access”; and ######

(ii)by striking the period and inserting a semicolon; #####

(D)in clause (ii), as redesignated— ######

(i)by striking “Assignment” and inserting “assignment”; and ######

(ii)by striking the period and inserting “or positions;”; #####

(E)in clause (iii), as redesignated— ######

(i)by striking “Acceptance” and inserting “acceptance”; and ######

(ii)by striking the period and inserting “; or”; #####

(F)in clause (iv), as redesignated— ######

(i)by striking “Appointment” and inserting “appointment”; ######

(ii)by striking “or a critical or sensitive position”; and ######

(iii)by striking the period and inserting “; or”; and #####

(G)by adding at the end the following: > > ##### “(B) > > conducting a basic suitability or fitness assessment for Federal or contractor employees, using Federal Investigative Standards jointly promulgated by the Security Executive Agent and the Suitability Executive Agent in accordance with— > > > ###### “(i) > > Executive Order 13467 (73 Fed. Reg. 38103), or any successor thereto; and > > > ###### “(ii) > > the Office of Management and Budget Memorandum ‘Assignment of Functions Relating to Coverage of Contractor Employee Fitness in the Federal Investigative Standards’, dated December 6, 2012; > > > ##### “(C) > > credentialing under the Homeland Security Presidential Directive 12 (dated August 27, 2004); and > > > ##### “(D) > > Federal Aviation Administration checks required under— > > > ###### “(i) > > the Federal Aviation Administration Drug Enforcement Assistance Act of 1988 (subtitle E of title VII of Public Law 100-690; 102 Stat. 4424) and the amendments made by that Act; or > > > ###### “(ii) > > section 44710 of title 49.” > . ####

(4)Biometric and biographic searches Section 9101(b)(2) of title 5, United States Code, is amended to read as follows: > > #### “(2) > > > #####

(A)> > A State central criminal history record depository shall allow a covered agency to conduct both biometric and biographic searches of criminal history record information. > > > ##### “(B) > > Nothing in subparagraph

(A)shall be construed to prohibit the Federal Bureau of Investigation from requiring a request for criminal history record information to be accompanied by the fingerprints of the individual who is the subject of the request.” > . ####

(5)Use of most cost-effective system Section 9101(e) of title 5, United States Code, is amended by adding at the end the following: > > #### “(6) > > If a criminal justice agency is able to provide the same information through more than 1 system described in paragraph (1), a covered agency may request information under subsection

(b)from the criminal justice agency, and require the criminal justice agency to provide the information, using the system that is most cost-effective for the Federal Government.” > . ####

(6)Sealed or expunged records; juvenile records #####

(A)In general Section 9101(a)(2) of title 5, United States Code, is amended by striking the third sentence and inserting the following: “The term includes those records of a State or locality sealed pursuant to law if such records are accessible by State and local criminal justice agencies for the purpose of conducting background checks.”. #####

(B)Regulations ######

(i)Definition In this subparagraph, the terms “Security Executive Agent” and “Suitability Executive Agent” mean the Security Executive Agent and the Suitability Executive Agent, respectively, established under Executive Order 13467 (73 Fed. Reg. 38103), or any successor thereto. ######

(ii)Development; promulgation The Security Executive Agent shall— ######

(I)not later than 45 days after the date of enactment of this Act, and in conjunction with the Suitability Executive Agent and the Attorney General, begin developing regulations to implement the amendments made by subparagraph (A); and ######

(II)not later than 120 days after the date of enactment of this Act, promulgate regulations to implement the amendments made by subparagraph (A). #####

(C)Sense of Congress It is the sense of Congress that the Federal Government should not uniformly reject applicants for employment with the Federal Government or Federal contractors based on— ######

(i)sealed or expunged criminal records; or ######

(ii)juvenile records. ####

(7)Interaction with law enforcement and intelligence agencies abroad Section 9101 of title 5, United States Code, is amended by adding at the end the following: > > ### “(g) > > Upon request by a covered agency and in accordance with the applicable provisions of this section, the Deputy Assistant Secretary of State for Overseas Citizens Services shall make available criminal history record information collected by the Deputy Assistant Secretary with respect to an individual who is under investigation by the covered agency regarding any interaction of the individual with a law enforcement agency or intelligence agency of a foreign country.” > . ####

(8)Clarification of security requirements for contractors conducting background investigations Section 9101 of title 5, United States Code, as amended by this subsection, is amended by adding at the end the following: > > ### “(h) > > If a contractor described in subsection (a)(6)(J) uses an automated information delivery system to request criminal history record information, the contractor shall comply with any necessary security requirements for access to that system.” > . ####

(9)Clarification regarding adverse actions Section 7512 of title 5, United States Code, is amended— #####

(A)in subparagraph (D), by striking “or”; #####

(B)in subparagraph (E), by striking the period and inserting “, or”; and #####

(C)by adding at the end the following: > > ##### “(F) > > a suitability action taken by the Office under regulations prescribed by the Office, subject to the rules prescribed by the President under this title for the administration of the competitive service.” > . ####

(10)Annual report by suitability and security clearance performance accountability council Section 9101 of title 5, United States Code, as amended by this subsection, is amended by adding at the end the following: > > ### “(i) > > The Suitability and Security Clearance Performance Accountability Council established under Executive Order 13467 (73 Fed. Reg. 38103), or any successor thereto, shall submit to the Committee on Armed Services, the Committee on Homeland Security and Governmental Affairs, the Committee on Appropriations, and the Select Committee on Intelligence of the Senate, and the Committee on Armed Services, the Committee on Oversight and Government Reform, the Committee on Appropriations, and the Permanent Select Committee on Intelligence of the House of Representatives, an annual report that— > > > #### “(1) > > describes efforts of the Council to integrate Federal, State, and local systems for sharing criminal history record information; > > > #### “(2) > > analyzes the extent and effectiveness of Federal education programs regarding criminal history record information; > > > #### “(3) > > provides an update on the implementation of best practices for sharing criminal history record information, including ongoing limitations experienced by investigators working for or on behalf of a covered agency with respect to access to State and local criminal history record information; and > > > #### “(4) > > provides a description of limitations on the sharing of information relevant to a background investigation, other than criminal history record information, between— > > > ##### “(A) > > investigators working for or on behalf of a covered agency; and > > > ##### “(B) > > State and local law enforcement agencies.” > . ####

(11)GAO report on enhancing interoperability and reducing redundancy in federal critical infrastructure protection access control, background check, and credentialing standards #####

(A)In general Not later than one year after the date of the enactment of this Act, the Comptroller General of the United States shall submit to the congressional defense committees, the Committee on Homeland Security of the House of Representatives, and the Committee on Homeland Security and Governmental Affairs of the Senate a report on the background check, access control, and credentialing requirements of Federal programs for the protection of critical infrastructure and key resources. #####

(B)Contents The Comptroller General shall include in the report required under subparagraph (A)— ######

(i)a summary of the major characteristics of each such Federal program, including the types of infrastructure and resources covered; ######

(ii)a comparison of the requirements, whether mandatory or voluntary in nature, for regulated entities under each such program to— ######

(I)conduct background checks on employees, contractors, and other individuals; ######

(II)adjudicate the results of a background check, including the utilization of a standardized set of disqualifying offenses or the consideration of minor, non-violent, or juvenile offenses; and ######

(III)establish access control systems to deter unauthorized access, or provide a security credential for any level of access to a covered facility or resource; ######

(iii)a review of any efforts that the Screening Coordination Office of the Department of Homeland Security has undertaken or plans to undertake to harmonize or standardize background check, access control, or credentialing requirements for critical infrastructure and key resource protection programs overseen by the Department; and ######

(iv)recommendations, developed in consultation with appropriate stakeholders, regarding— ######

(I)enhancing the interoperability of security credentials across critical infrastructure and key resource protection programs; ######

(II)eliminating the need for redundant background checks or credentials across existing critical infrastructure and key resource protection programs; ######

(III)harmonizing, where appropriate, the standards for identifying potentially disqualifying criminal offenses and the weight assigned to minor, nonviolent, or juvenile offenses in adjudicating the results of a completed background check; and ######

(IV)the development of common, risk-based standards with respect to the background check, access control, and security credentialing requirements for critical infrastructure and key resource protection programs. ###

(g)Definitions In this section— ####

(1)the term “appropriate committees of Congress” means— #####

(A)the congressional defense committees; #####

(B)the Select Committee on Intelligence and the Committee on Homeland Security and Governmental Affairs of the Senate; and #####

(C)the Permanent Select Committee on Intelligence, the Committee on Oversight and Government Reform, and the Committee on Homeland Security of the House of Representatives; and ####

(2)the term “Performance Accountability Council” means the Suitability and Security Clearance Performance Accountability Council established under Executive Order 13467 (73 Fed. Reg. 38103), or any successor thereto.

Connectionstraces to 3

Traces to 3 documents

U.S. Code