The recent revelation that the Government Services Agency (GSA) Federal Acquisition Service (FAS) permitted employees of a government contractor to work without a completed basic National Agency Check with Written Inquiries (NACI) clearance brings into question the entire process. The inappropriateness of allowing contract personnel to perform duties prior to their being cleared to do so is troublesome.
The fact that FAS allowed several workers to slip through the system, including at least one instance which occurred after they had received an admonishment to take corrective action, makes one scratch their head.
The GSA’s Office of Inspector General (OIG) was direct in their admonishment, “We found that FAS has not ensured that contract employees receive favorable background investigation determinations before providing them with access to sensitive government information, systems, and facilities.” The OIG continued that allowing contract employees to work without the completed determinations put both FAS and its customers at risk.
The OIG report reveals multiple points of failure.
The lack of attention to this detail on the part of the contractor is inexplicable.
The most egregious example, which can only be characterized as a classic case of social engineering, is an employee who buffaloed his colleagues into believing he had submitted his SF-85 and been given an interim background check clearance.
The reality is that the individual found the SF-85 questions were too intrusive. He hadn’t filed an SF-85, and therefore there was no way he could have been given an interim background check clearance, let alone final clearance. Yet this employee was permitted to work on the sensitive project, because those doing the asking in-house failed to look at the documentation and relied on the individual’s response.
The FAS contracting officer also failed in their oversight of the contract.
The contracting entity identifies everyone against whom charges are being made for the various contracts. The employee who had not submitted the SF-85 was included, and there was no verification completed at the point of contractual oversight. The FAS paid the invoices not only for this individual, but others for whom the NACI had not yet been approved. The OIG estimates that FAS paid more than $675,000 for the work of individuals who had not yet been approved to do that work.
This employee should have been warming the pine bench while waiting for the green light to join the rest of the team in their sensitive work. His subterfuge, once discovered, led to his quick dismissal.
Who’s responsible?
The contracting company is responsible for ensuring that only those individuals for whom the NACI process has been completed and who have been cleared for employment, are allowed access to the sensitive work.
To whom should this responsibility be assigned? Some may assign this to the senior most executive in charge of their national industrial security program, or the site’s Facility Security Officer (FSO). The FSO is a logical choice given their expertise with the national security clearance process.
For those who do not have an FSO or facility clearance, or don’t engage in classified work, then a senior executive with corporate security responsibilities, would be an appropriate designee.
This individual should have the expectation that they are shouldering both the responsibility and accountability of ensuring the government rules and regulations are being followed. This responsibility, no doubt, will be made infinitely smoother with close collaboration with the Human Resource and Contract Administration offices.
The NACI process
The NACI process is nowhere near as comprehensive as that which is required for a national security position requiring a security clearance. Indeed, the applicant for a position requiring an NACI background check files an SF-85, which is about six pages, and not the 125+ pages required in the SF-86.
The company takes in this information and submits it to OPM who in turn brings in the other agencies as required.
- The Office of Personnel Management’s Security/Suitability Investigations Index (SII).
- Defense Clearance and Investigations Index (DCII).
- Federal Bureau of Investigation Criminal History Check (based on fingerprints and name).
- Employment history for the last 5 years.
- Criminal conviction history in locations where the employee resided, worked, and went to school within the past 5 years.
- Education verification.
- Residence verification.
What’s the outcome?
The contracting company promises to do better.
The FAS provided a laundry list of remedial steps it was taking to ensure that such would not happen again.
And the GSA OIG remains skeptical.
My money is on the GSO OIG doing more audits and finding more of these incidents. There are certainly issues of oversight, but there are also the obvious challenges for government contractors attempting to find and place cleared talent when it can take one to two years to process a security clearance for an uncleared candidate. Nevertheless, taking short cuts and going off a candidate’s word rather than verifying security clearance status is clearly not an option – particularly for companies who would like to continue doing business with the government.
Contracting officers within government have the resources to verify each name showing up on invoice. Similarly, those submitting the contracts should be maintaining a dynamic list of individuals for whom clearance has been received, those who are in queue and thus assuring that this type of error does not reoccur.
