The National Background Investigation Services program is meeting some initial milestones after the software project’s schedule was reset last year, but the development team “still has heck of a lot of work” to do on the security clearance system, according to a top Defense Department official.
NBIS was initially conceived to replace the legacy Office of Personnel Management background investigations system that was hacked in 2015. But NBIS is now central to the government’s Trusted Workforce 2.0 initiative, especially its emphasis on “continuous vetting,” which involves using IT systems to do automated record checks and constant monitoring of the cleared workforce.
DoD budget documents describe NBIS as a “secure end-to-end IT architecture for the government’s personnel vetting enterprise.”
The Defense Counterintelligence and Security Agency took over NBIS development last year. DCSA Director Bill Lietzau said officials quickly determined they would need to “re-baseline” the program.
“Early on, we realized this thing is not on track to provide the technological capability that the agency needs to implement what the policymakers have put in place,” Lietzau said during a June 30 event hosted by the Potomac Officers Club. “You could have all the greatest policy in the world and people work for years to come up with this wonderful Trusted Workforce 2.0. In this case, without that technological capability, you just can’t get there.”
The Defense Information Systems Agency had been in charge of NBIS development until the Oct. 1, 2020 handoff to DCSA. Budget documents show DISA spent about $216 million between fiscal year 2017 and FY-20 on the program. DISA awarded Perspecta an other transaction agreement in 2018 to develop the NBIS prototype.
DISA had projected the system would reach full operational capability by 2020, according to budget documents. But the system remained in development as it shifted to DCSA.
The budget has only increased under the security agency, with DCSA receiving $110 million for system development in FY-21 alone. The agency is requesting an additional $123 million in FY-22. The program is also among DoD’s “software and technology pilot programs,” which have more budget flexibility compared to traditional programs.
Peraton is now the prime contractor on the program after it acquired Perspecta in May. The company inherited a potential $500 million follow-on agreement to deliver the NBIS software.
Lietzau said the system is his top priority as director. The program executive officer reports directly to him, with the system’s development considered a “mission area” for DCSA, not just an enabling function or support area.
In the last year, the program “hit four milestones for NBIS development, on time, on schedule, really the first time they’ve done that since the program’s inception,” Lietzau said.
The NBIS team is now releasing capabilities in increments. But budget documents show DCSA won’t deliver the initial capability for processing background investigations until the summer of 2022. The agency expects to continue operating legacy OPM systems until 2023.
“We’ve re-baselined it, but there’s a heck of a lot of work that’s got to be done by NBIS,” Lietzau said.
Continuous vetting increases
Despite delays to the software program, agencies are implementing Trusted Workforce 2.0 in phases using interim IT capabilities to do automated record checks and other “continuous vetting” functions on their employees and contractors.
More than 90% of the national security workforce, about 3.8 million individuals, are now enrolled in continuous vetting programs, according to Mark Frownfelter, assistant director at the Special Security Directorate in the National Counterintelligence and Security Center (NCSC). Agencies plan to have everyone in the national security workforce enrolled in continuous vetting by September’s end.
“The bottom line is we’re moving aggressively with these policies,” Frownfelter said at the Potomac Officers Club event. “DCSA, we’re in lockstep with them working to establish the systems that can achieve these milestones.”
In January, OPM released a core vetting doctrine outlining the principles behind the Trusted Workforce 2.0 policy. Frownfelter said the government will soon a release a “draft implementation strategy,” as well as some other draft policies before the end of 2021.
In addition to national security employees, approximately 11,000 individuals from 15 non-defense agencies are now enrolled in continuous vetting, according to Heather Green, assistant director for vetting risk operations at DCSA.
“Then we have another 35 agencies or so interested and in the process of onboarding,” Green said.
Lietzau also lauded DCSA’s workforce for finishing the job of cutting the background investigations backlog down to a steady state of 200,000 cases last year, despite having to telework during COVID-19. He said the pandemic also forced DCSA to digitize its records, including the old OPM security clearance logs housed at Iron Mountain in Boyers, PA.
“I just visited Boyers a couple weeks ago — those files are all gone,” Lietzau said. “Everything’s now electronic. Frankly, COVID helped us to be able to do that.”