National Counterintelligence and Security Center
Continuous Evaluation
Overview
In his role as the Security Executive Agent (SecEA), the Director of National Intelligence (DNI) established the Continuous Evaluation Program within the National Counterintelligence and Security Center (NCSC). Continuous Evaluation (CE), a personnel security investigative process, is a key component of security clearance reform efforts to modernize personnel security practices and increase the timeliness of information reviewed between periodic reinvestigation cycles. The CE Program provides oversight, policy, and guidance to implement CE across the Executive Branch and operates the ODNI CE System (CES). The CES is an information technology (IT) system that conducts automated checks of security-relevant information, a capability that is the cornerstone of security clearance transformation efforts within the Trusted Workforce 2.0 framework and the move toward government-wide Continuous Vetting.
Security Clearance Reform
Current Status
Since IRTPA and E.O. 13467, the SecEA has instituted a variety of reform efforts to improve background investigation and adjudication timeliness, improve the quality of information used to make security clearance decisions, compile system-wide metrics, and assess and oversee personnel security program implementation across the executive branch. With increasing cybersecurity threats and incidents, and large classified information leaks coupled with background investigation backlogs, there will be the need to drive continuous and future security clearance reforms.
As the SecEA, the DNI is the champion for reform activities that include the issuance of guidance, training, oversight, and implementation assessment that are vital for standardizing and improving Executive Branch personnel security programs. The Director of the National Counterintelligence and Security Center (NCSC) serves in support of the DNI’s role as SecEA to develop, implement, oversee and integrate personnel security initiatives throughout the U.S. Government.
Recent reform activities have focused on the following:
- The 2010 Intelligence Authorization Act (IAA) requires the President to submit an annual report on security clearance determinations to Congress and directs this report to include the number of U.S. Government employees and contractors who hold a security clearance at each level. SecEA gathers performance metrics government-wide on the timeliness of personnel security investigations, adjudication and reciprocal actions.
- The SecEA issues Executive Correspondence and Security Executive Agent Directives (SEADs) as a primary means of disseminating national security policy and requirements in order to institutionalize reform initiatives, provide a foundation to government-wide personnel security policies, and conduct oversight of processes related to security clearances and sensitive national security positions.
- In 2012 the Federal Investigative Standards (FIS) were jointly issued by Security and Suitability Executive Agents. FIS is a critical security clearance reform initiative that established new federal investigative criteria to conduct background investigations to determine eligibility for logical and physical access, suitability for U.S. Government (USG) employment, eligibility for access to classified information or to hold a sensitive position, and fitness to perform work for or on behalf of the USG as a contractor employee.
- SecEA considers Agency Head requests for delegated authority, or modification of their existing authority, to conduct personnel security investigations and adjudications.
- Ensuring reciprocal recognition among the USG agencies for eligibility of access to classified information and eligibility to hold a sensitive position, including acting as the final authority to arbitrate and resolve disputes involving the reciprocity of investigations and eligibility determinations.
- Reducing the backlog of periodic reinvestigations (PR). The SecEA issued guidance directing agencies to prioritize out of scope background investigations and focus on their required PRs. The FY 16 Omnibus Appropriation, H.R. 2029-673 requires the DNI to develop a plan to eliminate the backlog of PRs.
- Expansion of eAdjudication (electronic adjudication) to other types of national security and suitability investigations offers the opportunity to improve clearance processing and permit adjudicators to focus on investigations presenting adjudicative issues.
- The Quality Assessment Standards (QAS) were approved by the PAC on 22 January 2015. The QAS Implementation Plan was approved 1 April 2016, which identified separate milestones for Departments and Agencies (D/As) that are only assessing the quality of background investigations (BIs) and those D/As that are responsible for conducting BIs and assessing their quality.
Security Clearance Reform - Overview
The Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) called for improvements in the U.S. Government’s security clearance processes. The Director of National Intelligence (DNI) and the Undersecretary of Defense for Intelligence co-authored a charter to establish a Joint IC/DoD Security Clearance Reform Team that convened on 18 June 2007. Additionally, Executive Order (E.O.) 13467, Reforming Processes Related to Suitability for Government Employees, Fitness for Contractor Employees, and Eligibility for Access to National Security Information, and Executive Order 13764 amended and clarified several personnel security-related statutory and executive authorities when creating the DNI’s Security Executive Agent (SecEA) role. The SecEA is a key figure with Security Clearance Reform and is a Principal member on the Suitability and Security Clearance Performance Accountability Council (PAC). Chaired by Office of Management and Budget, the PAC is the principal interagency forum for ensuring the alignment of security clearance and suitability processes across the Executive Branch.
NITTF Policy & Legal
Executive Order (E.O.) 13587 (PDF) and the National Insider Threat Policy (PDF) directed the NITTF to develop a Government-wide policy for the deterrence, detection, and mitigation of insider threats, and, in coordination with appropriate agencies, develop minimum standards and guidance for implementation of the insider threat program’s Government-wide policy, both of which were signed by the President on 21 November 2012. The NITTF continually monitors these two foundational and dynamic documents, in collaboration with departments and agencies (D/A), to ensure they are meeting D/A needs as they develop and implement their insider threat programs.
NITTF promotes interdisciplinary and interprofessional collaboration across the executive branch of the U.S. Government with the Committee on National Security Systems and the National Institute of Standards and Technology publications on a range of related issues including continuous evaluation, privileged users, and privacy and civil liberties. The NITTF also ensures National Policy is aligned with D/A policy.
NITTF Core Documents
- Executive Order (E.O.) 13587: Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information (PDF)
- National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs (PDF)
- Summary of Federal Citations for the National Insider Threat Task Force (PDF)
Committee on National Security Systems (CNSS) Documents
- Committee on National Security Systems Directive (CNSSD) No. 504 - Directive on Protecting National Security Systems (NSS) from Insider Threat *
- Committee on National Security Systems Instruction (CNNSI) No. 1015 - Enterprise Audit Management Instruction for National Security Systems (NSS) (PDF)
- Committee on National Security Systems Instruction (CNNSI) No. 4009 – National Information Assurance (IA) Glossary (PDF)
Additional Insider Threat Related Documents
* This material is For Official Use Only, and has not been approved for public release. Please contact the NITTF if you have an official need for this item.
Mission
Lead and support the U.S. Government’s counterintelligence (CI) and security activities critical to protecting our nation; provide CI outreach to U.S. private sector entities at risk of foreign intelligence penetration; and issue public warnings regarding intelligence threats to the U.S.
Vision
NCSC is the nation’s premier source for counterintelligence and security expertise and a trusted mission partner in protecting America against foreign and other adversarial threats.
Strategic Goals
- Goal 1: Advance our Knowledge of, and our Ability to Counter Foreign and Other Adversarial Threats and Incidents
- Goal 2: Protect U.S. Critical Infrastructure, Facilities, Classified Networks, Sensitive Information, and Personnel
- Goal 3: Advance our Counterintelligence and Security Mission and Optimize Enterprise Capabilities through Partnerships
- Goal 4: Strengthen our Effectiveness through Stakeholder Engagement, Governance, and Advocacy
- Goal 5: Achieve our Mission through Organizational Excellence
Leadership
National Insider Threat Task Force (NITTF) Mission
National Insider Threat Task Force (NITTF) Mission
The primary mission of the NITTF is to develop a Government-wide insider threat program for deterring, detecting, and mitigating insider threats, including the safeguarding of classified information from exploitation, compromise, or other unauthorized disclosure, taking into account risk levels, as well as the distinct needs, missions, and systems of individual agencies.
Calendar Year 2025 Hub Ops Training
Calendar Year 2024 Hub Ops Training
Establishment of NITTF
In October 2011, the president issued Executive Order (E.O.) 13587 (PDF) establishing the [National] Insider Threat Task Force (NITTF) under joint leadership of the Attorney General and the Director of National Intelligence. The president directed federal departments and agencies with access to classified information to establish insider threat detection and prevention programs, and the NITTF to assist agencies in developing and implementing these programs. In November 2012, following an extensive interagency coordination and vetting process, the president issued the National Insider Threat Policy and the Minimum Standards (PDF) via a Presidential Memorandum.
NITTF Products and Resources:
Provided below are some resources NITTF has available to the Inside Threat Community. To view additional resources please view our NITTF Resources Library.
NCSC has unveiled four updated documents to help organizations build effective insider threat programs from inception through maturity.
NITTF Announcements:
- NCSC and Partners Focus on "Deter, Detect, Mitigate" During National Insider Threat Awareness Month 2024
- October 2023 Enterprise Risk Mitigation Blueprint for Non-Intelligence Agencies
- NCSC and Federal Partners Focus on “Bystander Engagement” During National Insider Threat Awareness Month 2023
- 2023 Insider Threat Hub Operations Training
- NCSC and Federal Partners Focus on Countering Risk in Digital Spaces during National Insider Threat Awareness Month 2022
- Social Media And Insider Threat Risk, NITAM 2022 Bulletin 1
- Critical Thinking And Reducing Insider Threat Risk, NITAM 2022 Bulletin 2
- Critical Thinking As An Antidote to Misinformation and Influence Efforts, NITAM 2022 Bulletin 3
- Critical Thinking As An Antidote to Election Season Misinformation and Influence Efforts, NITAM 2022 Bulletin 4
- Understanding Why We Are So Susceptible to Mis/Disinformation, NITAM 2022 Bulletin 5
- NITTF whitepaper on State of Insider Threat Programs: Trends from Annual Reports, 2018-2020. Note, this product is only available to our US government partners. US government partners can contact the NITTF Client Engagement Group for a copy
- NCSC and Federal Partners Kick Off "National Insider Threat Awareness Month” 2021
- NITTF collaborated with CDSE to produce the Insider Risk Implementation Guide for the Food and Agriculture Sector.
- The Acting Director of the National Counterintelligence and Security Center has issued his letter of endorsement for the third annual National Insider Threat Awareness Month in September 2021. Please join us during September to emphasize the importance of safeguarding our nation by detecting, deterring, and mitigating insider threats. If you would like to increase awareness in your workforce, visit our partner the Center for Development of Security Excellence, to learn more about the serious risks posed by insider threats and how to recognize and report anomalous/threatening activities to enable early intervention.
- The National Counterintelligence and Security Center released Insider Threat Mitigation for U.S. Critical Infrastructure Entities: Guidelines from an Intelligence Perspective in March 2021. The publication is designed to raise awareness of insider threats to critical infrastructure organizations, provide information on how to incorporate this threat vector into organizational risk management, and offer best practices on how to mitigate insider threats.
- The National Threat Task Force (NITTF) released the Insider Threat Program Maturity Framework on November 1, 2018. The Framework is an aid for advancing federal agencies’ programs beyond the Minimum Standards, and builds upon best practices found in the 2017 NITTF Insider Threat Guide. The goal is to help programs become more proactive, comprehensive, and better postured to deter, detect, and mitigate insider threat risk.
- NITTF has developed technical bulletins to provide additional information to the insider threat community on technical topics existing within the Insider Threat community. Please review the NITTF Technical Page to view these bulletins.
- NITTF has added additional resources to the NITTF Resource Library in the Additional Insider Threat Resources section (formerly known as Briefings to the Insider Threat Community section). Please take some time to review these resources provided by members of the Insider Threat Community.
