Continuous vetting identifies risks earlier, and is getting ready to roll out across government

Trusted Workforce 2.0, the comprehensive overhaul of how the government vets, checks, and keeps people in national security positions is gearing up for its latest muscle movement:  the enrollment of the full public trust population into continuous vetting.

Frequently confused with a security clearance, positions of public trust are a separate category, and used to identify positions that have access to sensitive, but not classified, information. And while the number of individuals with an active federal security clearance is approximately five million, the number of individuals that fall into a public trust position is significantly higher. 

Like individuals who apply for a security clearance, public trust positions require the completion of a comprehensive (but slightly less lengthy and in-depth) form requiring everything from employment history to criminal history and references.

The hardest part of obtaining a public trust position is completing that form, the SF-85P. The process of making a determination is largely automated and straightforward – without any flagrant or recent criminal or financial issues, most applicants can quickly obtain their public trust and get onboarded into a federal job. 

And up until recently, the only way the government was able to determine if an individual should keep that trusted position or access was with an episodic check-in, or periodic reinvestigation. 

Thanks to Trusted Workforce, the kind of continuous vetting that’s already helping identify risk factors for the security clearance population will apply across the federal workforce, including contractors in support functions. 

That’s good news for addressing insider threats, and good news for creating a proactive security posture rather than passively waiting for issues to surface. But it could be bad news for federal employees who run into issues and fail to address them. Nothing that comes up in a CV alert should be a surprise. But if you’re the type who runs into an issue and tries to bury it in the sand, or hope your employer never finds out, CV means that won’t be an option.

CV is a cornerstone of the government’s personnel security risk management posture – information the government wasn’t aware of before is identified through CV, not so an individual will lose their job, but so the problem can be addressed. Insider risk factors rarely operate in a silo, and they rarely occur when seen through the lens of a single issue. The aim of CV is to identify a problem in the workforce – allow managers and security officers to step in and address them – and to prevent those small issues from becoming big ones that result in a shift in someone’s reliability and trustworthiness.

Now is also the time for federal managers to step up and tell their employees CV is coming, and if there is an issue that could be flagged, report it and get help. The idea with CV is to eliminate red flags and change them to yellow ones – warnings of issues that could pose a threat, and help an at-risk employee get help – whether it’s financial counseling, mental health support, or legal services. The move aligns with a push to tie overall employee wellness to security – not just throwing annual security training at employees and hoping that it sticks, but supporting them with the right resources to stay. 

CV helps the government identify risks, but it also hopes to help mobility across the federal workforce. A favorably adjudicated public trust professional should be able to move into a similar position and have their investigation recognized. And thanks to CV, new employers won’t have to worry about issues that may have arisen years prior, which may have been the last time a new employee was investigated. 

In addition to federal managers, stakeholders in the security clearance process also need to understand that alerts aren’t necessarily bad things. Many issues that are triggered under CV are not relevant to an individual’s continued employment – just “good to knows” that allow managers to step in and check-in. Like military command climate, CV can give an organizational climate and show federal agencies and offices areas where they need to focus and assist their employees. A DUI causes an alert not because it’s something that should result in job loss, but because it’s something that the government should be aware of – because a pattern of DUIs or a DUI followed by a divorce and a drop in credit score could signal that an employee’s eligibility and access does need to be reconsidered. 

CV is coming – and that’s a good thing for security and risk management, and a good thing for the overall health of the federal workforce. But don’t let it catch you by surprise, and refresh yourself on your agency’s reporting guidelines and issues that could impact your position suitability.