Keeping Pace with Executive Orders and Insider Threats

Share This Page

We’re all moving at such a rapid pace these days; keeping up with our kids, technology, world news and how it all affects our daily lives. When it comes to our public safety and security, though, we tend to rely on the government and associated organizations to put proper controls and programs in place.

A new Executive Order (EO) was issued on January 17, 2017, just before the inauguration, amending Civil Service Rules, Executive Order 13488 and Executive Order 13467. Analyzing this new executive order, I found changes that will impact our security as well as the pace of government. These are four of the key takeaways I observed:

  1. This EO established the National Background Investigation Bureau (NBIB), which comes as no surprise, but language in this EO establishes the NBIB and gives it a large range of responsibility beyond just background investigations for security clearances. It adds authorization for a person to be issued a federal credential, also known as Personal Identity Verification card (PIV), as noted below:

    “…primary executive branch service provider for background investigations for eligibility for access to classified information; eligibility to hold a sensitive position; suitability or, for employees in positions not subject to suitability, fitness for Government employment; fitness to perform work for or on behalf of the Government as a contractor; fitness to work as a nonappropriated fund employee, as defined in Executive Order 13488 of January 16, 2009, as amended; and authorization to be issued a Federal credential for logical and physical access to federally controlled facilities or information systems

    Read on for some additional terminology in this definition, forming an important theme in this EO.

  2. Notably, the order broadened membership in the Performance Accountability Council and gave it more defined direction. The Suitability and Security Clearance Performance Accountability Council has been renamed the “Security, Suitability, and Credentialing Performance Accountability Council.” If you’re keeping track of words, the new name adds “Credentialing.” This is consistent with a theme throughout the EO that adds credentialing – or the granting of a PIV credential - to the order. 

    Membership now includes the Suitability and Credentialing Executive Agent (Director of Office of Personnel Management operating with two roles), the Security Executive Agent (EA), and the Under Secretary of Defense for Intelligence. The Director of the NBIB has been added as a member, as well. As the EA for Credentialing, the OPM is tasked with developing adjudicative guidelines for “covered individual's eligibility for a PIV credential.

  3. A broader population has been defined. This, I believe, is one of the more subtle, but very useful directives in this EO.  We’ve often had a concern trying to differentiate between the population able to access classified information and the population covered under the broader definition of insider threat. Throughout this EO, as noted above, there is explicit inclusion of the population that has been issued a federal credential (or PIV card). This population is of all federal employees - including those in positions of public trust, but who may not be accessing classified information.

    'Sensitive Position' means any position within or in support of a department or agency, the occupant of which could bring about, by virtue of the nature of the position, a material adverse effect on the national security, regardless of whether the occupant has access to classified information, and regardless of whether the occupant is an employee, a military service member, or a contractor.

    This EO goes on to define a person in a “sensitive position,” bestowing such status “regardless of whether the occupant has access to classified information.” This broadening of the term adds much needed definition to the insider threat population within the federal workforce.

  4. “Continuous vetting” for the broader population has been introduced (unrecognized in the former EO). The language decrees:

    "Continuous vetting' means reviewing the background of a covered individual at any time to determine whether that individual continues to meet applicable requirements."

    This is like continuous evaluation but is meant for “covered persons” who are in sensitive positions and hold a federal credential. This is broader than the definition of Continuous Evaluation (CE), which is defined as a vetting process for all security clearance holders.

    “Continuous evaluation (CE) means a vetting process to review the background of an individual who has been determined to be eligible for access to classified information or to hold a sensitive position at any time during the period of eligibility. CE leverages a set of automated record checks and business rules to assist in the on-going assessment of an individual's continued eligibility. CE is intended to complement continuous vetting efforts."

Overall, this executive order successfully communicates a sharper definition of the populations of interest and narrower focus on the agencies responsible. This is a big step forward for the safety of our country and citizens alike.

Our recent webinar on Changing Insider Threat Guidelines and What They Mean to your Organization, highlighted the changes to the 13 adjudicative guidelines for evaluating cleared employees and ways to identify behaviors of risk before they become an actual threat. Through examination of recent case studies and analysis of data-driven intelligence, we were able to share insight into how threats can be mitigated and both assist the employee and protect the organization, keeping pace with government and insider threats.

The webinar is available now to view on demand and I encourage you to take the time to watch and share with your colleagues.

I welcome your feedback, comments or questions—please contact me by filling out the form below.

Learn more on our TransUnion Government page or read my other blogs here.

Contact us

* Required field