Security - HSS Outreach and Collaboration by yaosaigeng

VIEWS: 7 PAGES: 11

									      Security
        …At a glance


      Important Challenges
•   Implement a corporate approach
    within DOE to ensure that security
    programs are properly integrated,
    coordinated, and implemented              Accomplishments to Date
•   Develop comprehensive threat
    guidance
                                          •   Completed the revision of the
•   Manage protective force operations        Headquarters Facilities Master
    and the Headquarters Security             Security Plan that serves as the
    Officer program, as well as other         “how to” guide for all aspects of
    security-related programs                 security at DOE Headquarters               Future Needs
                                              facilities
•   Develop means to identify and
    address the number and                •   Replaced the Design Basis Threat
    sophistication of emerging threats        (DBT) policy with the Graded
    to DOE and national security              Security Protection (GSP) policy,
                                              which is more flexible and
•   Address the proliferation and
                                              adaptable to local security
    sophistication of cyber security                                              •   Improve collaboration with
                                              situations
    threats                                                                           other national security
                                          •   Improved personnel security             organizations, such as the
•   Develop means to maintain
                                              program processes                       Office of the Director of
    security while accommodating the
                                                                                      National Intelligence, the
    increasing number of foreign
                                                                                      Department of Defense,
    visitors and research collaborators
                                                                                      the Office of Personnel
                                                                                      Management, the Office of
                                                                                      the Assistant to the
                                                                                      President for National
                                                                                      Security Affairs, and the
                                                                                      Office of Management and
                                                                                      Budget, to modernize and
                                                                                      streamline government-
                                                                                      wide security processes




                                                                                                            i
                              Functional Area: Security

Introduction

       The superior man, when resting in safety, does not forget that danger may come. When in
       a state of security he does not forget the possibility of ruin. When all is orderly, he does
       not forget that disorder may come. Thus his person is not endangered, and his States and
       all their clans are preserved. . . . Confucius

 The Department of Energy (DOE) is responsible                  HSS Offices Contributing to Security
 for many national assets, from materials, to         HS-1.3 Office of Security Operations
 information, to personnel, to facilities that are        Provides physical, technical, and information security for all
 uniquely significant to the nation’s security and        DOE facilities in the National Capital Region; maintains the
                                                          DOE database for personnel security and clearance
 economic vitality. Given the highly sensitive            processing activities; manages the Headquarters personnel
 nature of DOE’s missions and the ever-                   security programs and the administrative review process;
                                                          administers the security enforcement program related to
 increasing sophistication of potential threats,          classified information violations; and provides DOE executive
 security is an integral part of DOE operations           protection services.

 and is embedded into its culture.                    HS-1.4 Office of Departmental Personnel Security
                                                          Serves as the central leader and advocate vested with the
                                                          authority to ensure consistent and effective implementation of
 Within DOE, the Office of Health, Safety and             personnel security programs Department-wide (including for
 Security (HSS) has a key corporate                       the National Nuclear Security Administration.)

 responsibility for ensuring that the                 HS-1.2 Office of Resource Management
 Department’s personnel, facilities, and                  Supports the infrastructure of HSS by providing balanced,
                                                          unbiased, technically competent, and customer focused
 information are protected through proper                 services in a number of areas, including information
 integration, coordination, and implementation of         management and information security programs.

 security programs. HSS provides leadership           HS-40 Office of Enforcement
 and strategic vision to the security programs at         Promotes overall improvement in the Department's nuclear
                                                          safety, worker safety and health, and security programs
 Headquarters facilities and throughout DOE.              through management and implementation of the DOE
 HSS’s security mission encompasses four                  statutorily-required enforcement programs.

 broad, interdependent, and to a degree               HS-60 Office of Independent Oversight
 overlapping, responsibilities:                           Provides DOE line management, Congress, and other
                                                          stakeholders with an independent evaluation of the
                                                          effectiveness of DOE policy and line management
   •   National Capital Region Security                   performance in safeguards and security; cyber security;
                                                          emergency management; environment, safety, and health;
       Operations                                         and other critical areas as directed by the Secretary.
   •   Personnel Security                             HS-70 Office of Security Policy
   •   Cyber Security Operations and Oversight            Develops and promulgates safeguards and security policy
                                                          governing the protection of national security and other critical
   •   Field Operations Security Support and              assets entrusted to the Department and manages DOE-wide
       Oversight.                                         activities for foreign national visits and assignments and
                                                          determinations of foreign ownership, control, or influence.

At DOE field locations, individual program            HS-80 Office of Security Technology and Assistance
                                                          Provides security expertise to assist field elements in
offices have direct responsibility for security.          planning site protection strategies, and coordinates with
However, HSS promotes communication, assists              domestic authorities to provide safeguards and security
                                                          technical assistance, technical systems support, and
field elements with interpretation and integration        technology development and deployment opportunities.
of security policies into field operations, manages
development and promotes deployment of new
technologies, and implements independent



                                                                                                                1
                               Functional Area: Security

oversight and enforcement programs in order to
ensure effective security program conduct throughout          Bases for Security – Code of Federal
the Department.                                             Regulations (CFR) and DOE and Executive
                                                                            Orders
1. Scope of HSS Efforts                                    10 CFR 710 (Subpart A) – Criteria and Procedures for
National Capital Region Security Operations                Determining Eligibility for Access to Classified Matter or
                                                           Special Nuclear Material
HSS is directly responsible for the physical security
                                                           10 CFR 710 (Subpart B) – Criteria and Procedures for
of DOE’s two Headquarters locations, the Forrestal         Establishing of the Personnel Security Assurance Program
Building in downtown Washington D.C. and the               and Determining of an Individual's Eligibility for Access to a
Germantown campus in Germantown, Maryland.                 Personnel Security Assurance Program Position

HSS conducts annual vulnerability assessments of           10 CFR 1016 – Safeguarding of Restricted Data

Headquarters security plans and programs to identify       10 CFR 1044 – Security Requirements for Protected
                                                           Disclosures Under Section 3164 of the National Defense
potential threats to the security of these resources and   Authorization Act for Fiscal Year 2000
the adequacy of protective measures. The                   10 CFR 1046 – Physical Protection of Security Interests
assessments provide a basis for developing plans to
                                                           10 CFR 1047 – Limited Arrest Authority and Use of Force
address identified vulnerabilities. In fiscal year (FY)    by Protective Force Officers
2008, HSS completed and issued the revised                 10 CFR 1048 – Trespassing on Strategic Petroleum
Headquarters Facilities Master Security Plan, which        Reserve Facilities and Other Property
now serves as the “how to” guide for all aspects of        10 CFR 1049 – Limited Arrest Authority and Use of Force
                                                           by Protective Force Officers of the Strategic Petroleum
security at DOE Headquarters facilities.                   Reserve
                                                           32 CFR 2001 – Classified National Security Information
HSS’s Headquarters facility vulnerability assessments
                                                           32 CFR 2003 – National Security Information--Standard
and Design Basis Threat (DBT) are reviewed and             Forms
updated annually to ascertain adversary capabilities       48 CFR 970.5204-2 – Laws, Regulations, and DOE
and the adequacy of corresponding security measures.       Directives
The DBT relies on accurate and timely intelligence,        DOE Order 142.1 – Unclassified Foreign Visits and
which is reviewed to determine whether it is               Assignments

applicable to Departmental assets and whether a            DOE Order 470.4 – Safeguards and Security Program

change in the security posture is warranted. During        DOE Order 3792.3, Chg 1 – Drug-Free Federal Workplace
                                                           Testing Implementation Program
the FY 2008 review, the DBT was replaced by the
                                                           Executive Order 12829 – National Industrial Security
Graded Security Protection (GSP) policy. Compared          Program
to the DBT, the GSP policy is more flexible and
                                                           Executive Order 12958 – Classified National Security
adaptable to the local security situation. (The GSP        Information
policy is discussed further in Section 4, Key              Executive Order 12968 – Access to Classified Information
Accomplishments and Path Forward.)                         Executive Order 13292 – Further Amendment to Executive
                                                           Order 12958, as Amended, Classified National Security
                                                           Information
Additional HSS efforts relating to Headquarters
facility security include:                                 Intelligence Reform and Terrorism Prevention Act of 2004
                                                           Federal Information Security Management Act (FISMA)

       •   Managing and directing the Headquarters         Section 508 Amendment to the Rehabilitation Act of 1973
           protective security force operations            44 U.S.C 3501 – Paperwork Reduction Act
       •   Implementing the Headquarters Security
           Officer (HSO) program, in which each




                                                                                                                 2
                                     Functional Area: Security

                 Headquarters office designates a security representative to participate in the HSO
                 program and serve as the point of contact for security-related matters within their
                 respective offices
             •   Implementing the Headquarters facility clearance and approval program to determine
                 whether a facility is eligible to process and store classified materials, nuclear
                 materials, or property of significant monetary value
             •   Implementing the technical surveillance countermeasures program to detect, isolate,
                 and eliminate electronic eavesdropping devices.

                                                                              Executive Personnel Protection
Options for Success                                                           In addition to physical security
Lessons from Government Accountability Office (GAO) Review of Federal
                                                                              at Headquarters facilities, HSS
Protective Service (FPS) Operations – A June 2008 GAO report entitled         also provides executive
Homeland Security - The Federal Protective Service (FPS) Faces Several        personnel protection. HSS
Challenges That Hamper Its Ability to Protect Federal Facilities provides the
following recommendations that are directly applicable to the challenges DOE
                                                                              provides executive protection
confronts in protecting DOE facilities.                                       services to the Secretary of
                                                                              Energy and other personnel
• Develop and implement a strategic approach to allocate security force
resources based on risk management principles and the agency’s goals and
                                                                              designated by the Secretary,
performance measures.                                                         and supports continuity of
• Clarify roles and responsibilities of local law enforcement in regard to    operations and continuity of
responding to incidents at General Services Administration facilities.        government by ensuring that
• Develop and implement specific guidelines and standards for measuring       Departmental leadership is
performance, including outcome measures to assess its performance and improve available to continue essential
the accountability of FPS.                                                    functions during and following
• Improve how FPS categorizes, collects, and analyzes data to help it better  a disruptive natural, terrorism,
manage and understand the results of its efforts to protect GSA facilities.
                                                                              or military emergency. In
                                                                              addition, HSS chairs the
      interagency Protective Service Working Group, which is composed of protective detail managers
      and liaison agents from government to work on issues that affect the protection of DOE
      leadership, related technologies, protective methods, and the exchange of information and
      intelligence.

    Transition Team and New Administration Personnel Security Support
    During the transition period following the election and inauguration of a new administration, or
    the appointment of a new Secretary of Energy, HSS develops and executes the Transition
    Security Plan to ensure that DOE security requirements (from clearances needed to access
    facilities and information systems to securing/monitoring private residences) are met in an
    efficient, timely, and effective manner. Through the Transition Security Plan, HSS provides
    security-related services to “in-brief/in-process” incoming senior personnel and to “out-brief/out-
    process” departing personnel. The Transition Security Plan also ensures that members of the
    Transition Team can access DOE facilities as required.

    Personnel Security
    The second broad area of HSS security responsibilities is personnel security. HSS serves as the
    central and corporate personnel security office within DOE and, as such, is responsible for


                                                                                                            3
                                    Functional Area: Security

developing and implementing sound personnel security policies, procedures, and directives.
HSS is DOE’s personnel security leader and advocate, and is vested with the authority to ensure
consistent and effective implementation of personnel security programs Department-wide,
including within the National Nuclear Security Administration (NNSA). Specific
responsibilities include issuing badges for Headquarters staff, contractors, and visitors; providing
personnel security assistance and oversight to DOE field offices; managing and coordinating the
process for adjudicating clearance requests; and upgrading personnel security information
management systems. At a broader, government-wide level, HSS serves as a “test bed” for
automation advances, such as electronic receipt of investigative results from the Office of
Personnel Management (OPM) and “e-Adjudication” to automate the adjudication process for
faster and more accurate results.

HSS has developed and implemented a program to ensure DOE-wide compliance with
Homeland Security Presidential
Directive 12 (HSPD-12) – Policy for        Government-Wide HSPD-12 Outlook
a Common Identification Standard            Full personal identity verification capabilities of HSPD-12 cards may not
                                            be fully achieved in the near future – In its April 2008 testimony, the
for Federal Employees and                   Government Accountability Office (GAO) stated that for the limited number of
Contractors. HSPD-12 mandates the           HSPD-12 cards that had been issued, most agencies had not been using the
implementation of a new,                    electronic authentication capabilities on the cards and had not developed
                                            implementation plans for those capabilities. A key factor for this limited progress
standardized badging process to             is that OMB had emphasized issuance of the cards, rather than full use of the
enhance security, reduce identity           cards’ capabilities. In addition, OMB had not considered HSPD-12
                                            implementation to be a major new investment and thus had not required
fraud, and protect personal privacy         agencies to prepare detailed plans regarding how, when, and the extent to
by establishing a mandatory,                which they would implement the electronic authentication mechanisms. Until
                                            OMB revises its approach to focus on the full use of the capabilities of the new
government-wide standard for secure         ID cards, HSPD-12’s objectives of increasing the quality and security of ID and
and reliable forms of identification        credentialing practices across the Federal government may not be fully
issued by the Federal government to         achieved.

its employees, contractors, and other       (GAO Testimony Before the Subcommittee on Government Management,
classes of individuals. In a parallel       Organization, and Procurement; Committee on Oversight and Government
                                            Reform, House of Representatives. April 9, 2008. GAO-08-551T.
effort, HSS serves as the HSPD-12           http://www.gao.gov/new.items/d08551t.pdf )
card implementation lead and DOE
liaison with the General Services
Administration (GSA)-sponsored USAccess program, which allows civilian agencies and
commissions to share a common identity management infrastructure. In this capacity, HSS is the
DOE physical security lead for HSPD-12 implementation and coordinates HSPD-12
implementation for DOE in accordance with a signed agreement between HSS and GSA. HSS
collects data and maintains a database of HSPD-12 implementation metrics throughout DOE.
HSS also works with DOE program offices to facilitate the deployment and use of the USAccess
enrollment centers across the DOE complex without requiring major resources from the DOE
program offices and sites.

Cyber Security Operations and Oversight
HSS’s third major area of security responsibility is the increasingly mission-critical area of cyber
security. Under the broad rubric of cyber security, HSS’s responsibilities encompass three
general areas: HSS network security, DOE-wide information technology (IT) security, and
oversight of access to sensitive information by foreign nationals.


                                                                                                                     4
                                    Functional Area: Security


  HSS Network Security              Options for Success
  HSS is streamlining and             Use of the Internet will continue to grow – New connection models, such as
  optimizing both the number          “Anywhere Access” (where people can access their data from anywhere on any
                                      device), mean that global connectivity and the number of valuable targets will
  and the scope of its IT             increase, thus attracting even more criminal activity. It is therefore critically
  support services and other          important that we find a way to both improve the security of computer networks
  IT vendor contracts to              and put people back in control of their computer environment.
  obtain maximum financial
                                      Setting reasonable security goals – All security strategies, whether designed
  and security benefits from          to ensure physical security or information security, must be based on sound risk
  economies of scale. HSS             management principles. Put more bluntly, it is about risk management, not risk
  has also standardized               elimination. In addition, any security strategy must include an ecosystem
  services, procedures, and           strategy and product, and/or service strategy that maps to it; home and car
                                      alarms are not valuable without neighbors and/or police who can and will
  operating environments for          respond.
  its local area network              (Establishing End to End Trust. Microsoft White Paper.
  (LAN), classified local area        http://download.microsoft.com/download/7/2/3/723a663c-652a-47ef-a2f5-
  network (CLAN), web                 91842417cab6/Establishing_End_to_End_Trust.pdf)
  hosting environments, and
  IT service request protocols. CLAN is a stand-alone computer network that enables HSS staff to
  collaborate on classified information and to develop DOE-wide security policies and guidance.
  Collectively, these efforts conserve resources, yield a more secure and efficient LAN and CLAN,
  and ensure that HSS’s public access websites are on-line, user-friendly, and increasingly secure
  from mischievous or malevolent hackers in accordance with requirements of the Federal
  Information Security Management Act.

   DOE-wide IT Security
   HSS has cyber security subject matter experts (SMEs) who works closely with the DOE Office
   of the Chief Information Officer (OCIO) and other Federal agencies to ensure that the HSS and
   DOE unclassified and classified computing environments and data systems operate in a secure
   and reliable manner. For example, the HSS CLAN also serves as the diskless, classified
   workstation backbone for DOE Headquarters program offices (excluding the NNSA). For the
   CLAN, HSS personnel provide Information System Security Officer services and support. HSS
                                                                                 also participates in various
Options for Success                                                              OCIO working groups to
The need for proper information security assessment – The first step of any      develop and implement
successful information security assurance program is the understanding of the    innovative IT and cyber
missions, critical information supporting the missions, and the information flow security architectures for
throughout the information technology infrastructure. Too many organizations
spend tremendous amounts of resources implementing “secure” hardware and         the Department, focusing
software, only to have their information exploited by a lack of proper security  on HSS-specific cyber
procedures.                                                                      security issues, as well as
(National Security Agency - Information Security Assurance Training & Rating
Program http://www.nsa.gov/ia/industry/education/iatrp.cfm?MenuID=10.3.2 )       those of interest to DOE
                                                                                 field operations.

  Oversight of Access to Sensitive Information by Foreign Nationals
  HSS supports the Secretary and Deputy Secretary in executing the Department's Special Access
  Program Oversight Committee (SAPOC) by serving as the Executive Secretariat to the SAPOC,


                                                                                                                5
                                  Functional Area: Security

maintaining related directives and guidance, and providing oversight of field implementation.
HSS also oversees the foreign ownership, control, or influence (FOCI) program at Headquarters
to evaluate the potential foreign involvement of any company being considered for award of a
contract that requires access to classified data. The objective of the FOCI program is to obtain
information that indicates whether offerors/bidders, contractors, and subcontractors are owned,
controlled, or influenced by a foreign person or entity and whether, as a result, there may be the
potential for an undue risk to the common defense and national security.

Field Operations Security Support and Oversight
The fourth element of HSS’s security portfolio consists of providing direct security-related staff
and technical support to sites across the DOE complex. HSS security SMEs are a ready resource
for senior managers to utilize in programmatic planning activities to ensure that security is
effectively incorporated into their missions. This resource pool includes individuals from all
security disciplines – program management, protection program operations, information security,
material control and accountability, and personnel security. These experts review, analyze, and
assist in the resolution of major site security issues, including identification of technology
deployment and development opportunities. HSS also coordinates the deployment of security
technologies throughout
DOE to enhance and
automate site security
                               Options for Success
programs. Additional           Benefits of technology deployment – There have been upward of 14 security
details regarding HSS          pilot technologies deployed at DOE sites, where in return for providing test beds,
security technology and        DOE (and the sites) benefit from limited upfront costs and often the security
assistance programs are        technologies remain at the site for continued use.
provided in the                The technology deployment experience of HSS project managers indicate that
document titled                technology deployment often highly benefits DOE in cost avoidance, accuracy of
                               detection, and increased coverage area and duration.
Functional Area:
Technology and
Nuclear Information and Weapons Data.

2. Constituents and Collaborative Partners
The constituents for HSS security activities are individuals and organizations that have a need to
access DOE facilities, personnel, and information. To improve the personnel clearance
investigation and adjudication processes, HSS collaborates with the Office of the Director of
National Intelligence, the Department of Defense, OPM, the Office of the Assistant to the
President for National Security Affairs, and the Office of Management and Budget to modernize
and streamline government-wide security and suitability processes. For cyber security, HSS is a
partner in two standing committees within the Department: the Cyber Security Working Group,
which consists of members from Independent Oversight’s Office of Cyber Security Evaluations,
the OCIO, and key cyber security managers from Headquarters program offices; and the
Executive Steering Committee, which consists of the Chief Information Officer, the Chief
Health, Safety and Security Officer, and the DOE and NNSA Undersecretaries.
Additional examples of HSS collaboration efforts relating to security are shown in Table 1.




                                                                                                             6
                                     Functional Area: Security



            Table 1. HSS Participation in Safeguards and Security National Committees

            Committee                Lead Agency                                  Function
     Combating Terrorism            DoD                  The TSWG works closely with over 100 Government
     Technical Support Office,                           agencies, State, and local governments, law enforcement,
     Technical Support Working                           and national first responders to leverage technical expertise,
     Group (TSWG)                                        operational objectives, and interagency sponsored funding.

     Interagency Security           DHS                  Develop standards, policies and best practices for enhancing
     Committee                                           the quality and effectiveness of physical security in, and the
                                                         protection of, nonmilitary Federal facilities in the United
                                                         States.
     Department of Defense          DoD                  A protective force/security force meeting held at different
     (DoD)/DOE                                           sites of the two agencies possessing nuclear weapons to
     Nuclear Security Summit                             discuss common issues, such as staffing, weapons, vehicles,
                                                         and training.
     Security Policy Verification   DoD                  Discusses nuclear security initiatives within DoD and DOE.
     Committee                                           Within DoD, a variety of commands and Headquarters-level
                                                         staffs are represented, primarily Navy, Air Force, and
                                                         Marines.
     National Integrated            Director, National   Serves as lead organization to establish policy and assign
     Technical Surveillance         Intelligence         responsibilities for the national oversight of integrated
     Countermeasures                                     technical surveillance countermeasures for the U.S.
     Committee                                           Government in support of the National Counterintelligence
                                                         Strategy.
     Training Advisory              DOE                  TAC is a training and advising committee that consists of
     Committee (TAC)                                     Federal and contractor representatives who present and
                                                         resolve safeguard and security training issues.
     Protective Force Policy        DOE                  Advises on policy, safety, training requirements, and other
     Panels                                              pertinent issues relating to DOE firearms, special response
                                                         team, armor, medical/physical fitness, and security
                                                         officer/security police officer-I and II programs.
     Protective Force Safety        DOE                  Advises on safety-related policy, operations, and training
     Committee                                           requirements, and other pertinent issues relating to the DOE
                                                         protective force program.
     Training Managers Working      DOE                  Advises on protective force policy, training requirements, and
     Group                                               other pertinent issues relating to DOE protective force
                                                         training programs.
     Safeguards and Security        DOE                  Advises and distributes information on security awareness
     Awareness Policy Panel                              policy issues; serves as a resource for the development and
                                                         revision of security awareness training; and provides a forum
                                                         and mechanism for review and input on new security
                                                         awareness policy initiatives and draft directives.
     Safeguards and Security        DOE                  Promotes safeguards and security awareness within DOE,
     Awareness Special Interest                          assists sites/facilities in carrying out safeguards and security
     Group (SASIG)                                       program requirements, facilitates communication among
                                                         group members, and shares security awareness best
                                                         practices and resources.
     Annual DoD/DOE Security        DOE                  SNL-hosted event that focuses on security technology and
     Systems Conference at                               systems needs that are common to the two departments.
     Sandia National
     Laboratories (SNL)
     Physical Security Policy       DOE                  Advises management through representatives from
     Panel                                               Headquarters and field sites on policy development
                                                         opportunities in the different elements of physical security
                                                         systems.


3. Current Status
  Between January 2007 and August 2008, HSS conducted 12 cyber security and 13 safeguards
  and security evaluations throughout DOE. Understandably, the findings and recommendations


                                                                                                                            7
                              Functional Area: Security

 in these evaluations are not for public dissemination. In its December 2007 special report,
 Management Challenges at the Department of Energy, the DOE Office of Inspector General
 (OIG) noted that for cyber security, HSS has collaborated with the DOE Office of Science to
 conduct site visits to identify and resolve cyber security problems, provide site assistance, and
 follow up on corrective actions. The OIG further noted that this process, if implemented across
 the complex, should help the Department improve its IT system certification and accreditation
 process and strengthen information system security. Based on the number of evaluations and
 site visits in 2007 and 2008, it is clear that HSS continues to collaborate with the operating
 organizations to ensure proper implementation of cyber security and safeguards and security
 programs.

 Because DOE maintains laboratories with both classified and unclassified programs, scientific
 research and collaboration presents an area of continuing security challenges for DOE as
 national laboratories and officials interact with thousands of foreign national visitors and
 assignees every year. The Office of Foreign Visits and Assignments and the Office of
 Intelligence and Counterintelligence help DOE ensure that security risks are addressed while
 fostering collaboration with foreign nationals who are of value to DOE’s research facilities and
 assets.

4. Key Accomplishments and Path Forward
  GSP Implementation
  An area of vital importance in terms of facility security centers on the Department’s efforts to
  meet the DBT (now referred to as the GSP) policy, which reflects the most credible threats to
  Departmental assets and operations. In 2003, DOE revised the DBT to reflect the threat
  environment existing after the attacks of September 11, 2001. In August 2008, HSS replaced
  the DBT with the GSP policy. This was a large effort and a major accomplishment by HSS, in
  collaboration with NNSA program offices and site organizations, to assess the metrics outlined
  in the 2005 DBT policy and the vulnerability assessment process to ensure that they fully
  embrace the Department’s risk management philosophy. With the GSP, intelligence and law
  enforcement agency data are integrated with data from many Federal, state, and local
  organizations, resulting in more accurate, site-specific threat assessments that take into account
  the knowledge, skills, abilities, and intent of potential enemies and potential threats from
  natural causes. The GSP also allows for more flexibility and potentially more latitude in
  technology development and deployment to meet emerging threats.

 Classified Information Security Oversight
 Since the formation of HSS, DOE’s self-governing enforcement mandate has been extended to
 include classified information security. This mandate requires DOE contractors to self-report
 and correct noncompliance, and regulations and statutes hold them financially accountable
 when they do not. Once the circumstances surrounding a noncompliance and its security
 significance and implications are understood, it is HSS’s responsibility to consider the
 appropriate enforcement action and associated penalties. Additional details on the enforcement
 program are provided in the report entitled Functional Area: Oversight and Enforcement.




                                                                                                   8
                            Functional Area: Security

Personnel Security
Through HSS’s personnel security program process improvements, DOE is realizing numerous
benefits, including:

   •   Reducing the time needed to process security clearance applications.
   •   Supporting DOE-wide reductions in access authorizations – only individuals with a
       valid, continuing need for access to classified information are submitted or approved
       for access authorizations.
   •   Integrating the employee assistance program, the human reliability program, and
       security programs to help ensure that the people trusted to perform the Department's
       work are of high character, loyal to the United States, and worthy of the highest level of
       trust from their colleagues, their government, and the public.
   •   Implementing the DOE-wide drug testing policy.
   •   Enhancing collaborative partnerships.
   •   Developing and implementing policy/guidance to enhance the collection and validation
       of more relevant information at the beginning of the hiring/clearance process by using
       the e-Qip application, automated record checks, and the personal subject interview.
       These enhancements address longstanding weaknesses, including delays in completing
       the clearance processing and incomplete investigative reports from OPM.
   •   Leveraging DOE’s existing Case Management System to use and build on OPM’s
       Agency Delivery system. Benefits of incorporating Agency Delivery include reducing
       both the time needed to adjudicate clearances and the amount of paper used in the
       clearance process.




                                                                                               9

								
To top