Trusted Workforce 2.0 has accomplished key milestones in the overhauling of more than 40 policy documents related to the Personnel Vetting process. As the program enters its phase 3, the Performance Accountability Council Program Management Office (PAC PMO) is rolling out a new format for its Quarterly Progress Reports, and helping agencies get ready to implement the critical changes required for the comprehensive culture shift of TW 2.0.
The new QPRs shift their focus with milestones organized into seven areas: five for the personnel vetting scenarios (Initial Vetting, Continuous Vetting, Transfer of Trust, Upgrade, Re-establishment of Trust), one for shared services, and one for performance management and continuous improvement goals. Noted in this latest progress report is the move to enroll the non-sensitive public trust population into Continuous Vetting, announcing the Personnel Vetting Management Standards issued by OPM and ODNI in July, and noting the Defense Counterintelligence and Security Agency (DCSA) new tiger team to address the growing backlog and timelines concerns.
Building the Framework for Better Vetting: PVMS
The rollout of Trusted Workforce 2.0 has sometimes been compared to creating a toll road for the vetting process, where unlike an old school highway, the new system seeks to consider both the needs of the driver and the process, with different lanes based on whether it’s a person’s first time on the Dulles Toll Road or they’re a seasoned commuter who needs that Fast Pass. If vetting is a super highway, the PVMS are the road: You may not pay it much attention, but you’d certainly notice if they weren’t there. The PVMS outline the five vetting scenarios and lay out the connective tissue between a number of other policy documents and updates in the TW 2.0 overhaul.
One of the many critical issues addressed in the PVMS is the sharing of information necessary to make transfer of trust more efficient. The policy notes, “Personnel vetting relies on lawful and bi-directional sharing of validated relevant information across and within D/As [Departments and Agencies] to eliminate unnecessary duplication, reduce waste, improve quality, increase effectiveness, and maximize efficiency, while protecting privacy and civil liberties and ensuring fair and consistent treatment to all individuals.”
Rather than a devil in the details there is gold in the Appendices of the PVMS, where key details around topics such as security awareness and Trusted Workforce briefings are provided. Details around security awareness briefings, indoctrinations, and debriefings are all spelled out. The PVMS is a reminder for all security practitioners that now is the time to begin updating security awareness programs to ensure they are in compliance with the PVMS and reflect the updated terminology and policies of TW 2.0.
The final – and also critical – clarification provided in the PVMS is around self-reporting. The move to Continuous Vetting (CV) hasn’t eliminated self-reporting requirements, but makes understanding them even more crucial as proactive self reporting is one of the steps required to mitigate adverse information. The PVMS outlines the self-reporting requirements based on risk level and position sensitivity, with specific reporting requirements outlined for low risk, moderate and high risk non-sensitive, and moderate and high risk sensitive positions.
Key to Personnel Vetting: Proactive Security
The latest quarterly progress report from the PAC PMO outlines the focus on new milestones related to major updates in implementation as reform policy becomes agency and department reality. The PVMS and other policy documents provide the framework, but the next several years remain critical to ensuring personnel vetting reforms truly move forward, and an agile and mobile cleared workforce is a reality.
In the meantime, security officers and practitioners should continue looking to ensure their programs align with the newly released policies, their security training is in place, and self-reporting requirements are widely shared.
