[Federal Register Volume 79, Number 180 (Wednesday, September 17, 2014)]
[Rules and Regulations]
[Pages 55622-55633]
[FR Doc No: 2014-22034]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF DEFENSE
Office of the Secretary
32 CFR Part 157
[Docket ID: DOD-2012-OS-0167]
RIN 0790-AI97
DoD Investigative and Adjudicative Guidance for Issuing the
Common Access Card (CAC)
AGENCY: Under Secretary of Defense for Intelligence, DoD.
ACTION: Interim final rule.
-----------------------------------------------------------------------
SUMMARY: This interim final rule establishes policy, assigns
responsibilities, and prescribes procedures for investigating and
adjudicating eligibility to hold the DoD Common Access Card (CAC). The
CAC is the DoD personal identity verification (PIV) credential.
Individuals appropriately sponsored for a DoD CAC must be investigated
and adjudicated in accordance with this part.
Prior to this rule, DoD components have been implementing
investigative and adjudicative requirements for Homeland Security
Presidential Directive--12 (HSPD-12) based solely on broad guidance
issued by the U.S. Office of Personnel Management (OPM). This interim
final rule elaborates on OPM guidance for component adjudicators who
determine, based on review of investigative case files, whether to
grant CAC eligibility to individuals who require: Physical access to
DoD facilities or non-DoD facilities on behalf of DoD; logical access
to information systems (whether on site or remotely); or remote access
to DoD networks that use only the CAC logon for user authentication.
The adjudicator's role is discussed further in the SUPPLEMENTARY
INFORMATION. The interim final rule provides the adjudicator with
conditions that may be disqualifying and circumstances relevant to the
determination of whether there is a reasonable basis to believe there
is an unacceptable risk.
DATES: Effective Date: This rule is effective September 17, 2014.
Comments must be received by November 17, 2014.
ADDRESSES: You may submit comments, identified by docket number and/or
RIN number and title, by any of the following methods:
Federal Rulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
Mail: Federal Docket Management System Office, 4800 Mark
Center Drive, East Tower, Suite 02G09, Alexandria VA 22350-3100.
Instructions: All submissions received must include the agency name
and docket number or Regulatory Information Number (RIN) for this
Federal Register document. The general policy for comments and other
submissions from members of the public is to make these submissions
available for public viewing on the Internet at http://www.regulations.gov as they are received without change, including any
personal identifiers or contact information.
FOR FURTHER INFORMATION CONTACT: Dr. Kelly Buck, 703-604-1130.
SUPPLEMENTARY INFORMATION:
Background
The adjudicator's role is to ensure a CAC is not issued to
individuals if: (a) The individual is known to be or reasonably
suspected of being a terrorist, (b) the employer is unable to verify
the individual's claimed identity, (c) there is a reasonable basis to
believe the individual has submitted fraudulent information concerning
his or her identity, (d) there is a reasonable basis to believe the
individual will attempt to gain unauthorized access to classified
documents, information protected by the Privacy Act, information that
is proprietary in nature, or other sensitive or protected information,
(e) there is a reasonable basis to believe the individual will use an
identity credential outside the workplace
[[Page 55623]]
unlawfully or inappropriately, (f) there is a reasonable basis to
believe the individual will use Federally-controlled information
systems unlawfully, make unauthorized modifications to such systems,
corrupt or destroy such systems, or engage in inappropriate uses of
such systems, (g) there is a reasonable basis to believe, based on the
individual's misconduct or negligence in employment, that issuance of a
CAC poses an unacceptable risk, (h) there is a reasonable basis to
believe, based on the individual's criminal or dishonest conduct, that
issuance of a CAC poses an unacceptable risk, (i) there is a reasonable
basis to believe, based on the individual's material, intentional false
statement, deception, or fraud in connection with Federal or contract
employment, that issuance of a CAC poses an unacceptable risk, (j)
there is a reasonable basis to believe, based on the nature or duration
of the individual's alcohol abuse without evidence of substantial
rehabilitation, that issuance of a CAC poses an unacceptable risk, (k)
there is a reasonable basis to believe, based on the nature or duration
of the individual's illegal use of narcotics, drugs, or other
controlled substances without evidence of substantial rehabilitation,
that issuance of a CAC poses an unacceptable risk, (l) a statutory or
regulatory bar prevents the individual's contract employment; or would
prevent Federal employment under circumstances that furnish a
reasonable basis to believe that issuance of a CAC poses an
unacceptable risk; or (m) the individual has knowingly and willfully
engaged in acts or activities designed to overthrow the U.S. Government
by force.
I. Purpose
a. The Need for the Regulatory Action and How the Action Will Meet That
Need
This interim final rule establishes policy, assigns
responsibilities, and prescribes procedures for investigating and
adjudicating eligibility to hold the DoD CAC. The CAC is the DoD
personal identity verification (PIV) credential.
On August 27, 2004, the President issued Homeland Security Policy
Directive 12, ``Policy for a Common Identification Standard for Federal
Employees and Contractors, which mandated a requirement for a common
identification standard for secure and reliable forms of identification
for federal employees and contractors. Pursuant to section 2.3(b) of
Executive Order 13467, on July 31, 2008, the U.S. Office of Personnel
Management OPM issued its final government-wide credentialing standards
and mandated that all Federal departments and agencies use them in
determining whether to issue or revoke PIV cards to their employees and
contractor personnel, including those who are non-United States
citizens.
Pending the issuance of this interim final rule, the DoD
promulgated two Directive-type memoranda: DTM 08-006, ``DoD
Implementation of Homeland Security Presidential Directive--12 (HSPD-
12), issued on November 26, 2008, established DoD policy for
implementation of HSPD-12. Pursuant to DTM 08-006, DTM 08-003, ``Next
Generation Common Access Card (CAC) Implementation Guidance,'' December
1, 2008, was issued to provide interim implementation guidance
governing the CAC. DTM 08-006 was subsequently cancelled with issuance
of DoDI 1000.13, ``Identification (ID) Cards for members of the
Uniformed Services, Their Dependents, and Other Eligible Individuals,''
January 23, 2014. DTM 08-003 was subsequently cancelled with issuance
of DoD Manual 1000.13, Volume 1, ``DoD Identification (ID) Cards: ID
Card Life-Cycle,'' January 23, 2014. This interim final rule implements
HSPD-12 for the DoD by establishing policy and assigning
responsibilities for investigating and adjudicating eligibility to hold
a CAC, procedures upon revocation of a CAC, and processing of appeals.
b. Legal Authority for the Regulatory Action
Homeland Security Presidential Directive-12, ``Policy for a Common
Identification Standard for Federal Employees and Contractors,'' August
27, 2014, requires the government-wide standard for secure and reliable
forms of identification for Federal employees and contractors. The
Department of Commerce issued Federal Information Processing Standard
201-2 as the standard. Executive Order 13467 of June 30, 2008,
``Reforming Processes Related to Suitability for Government Employment,
Fitness for Contractor Employees, and Eligibility for Access to
Classified National Security Information'' established the Office of
Personnel Management (OPM) to serve as the Suitability Executive Agent
regarding suitability and eligibility for logical and physical access.
As such, OPM issued the ``Final Credentialing Standards for Issuing
Personal Identity Verification Cards Under HSPD-12'' on July 31, 2008.
II. Summary of the Major Provisions
This rule:
a. Provides investigative requirements and credentialing standards
for issuing, denying, or revoking a CAC.
b. Provides guidance for applying credentialing standards during
adjudication.
c. Provides for an appeal process.
d. Establishes procedures upon revocation of a CAC.
III. Costs and Benefits
The interim final rule does not impose direct costs onto the public
because costs associated with the implementation of the investigation
and adjudicative standards will be borne by the Department. However,
the HSPD-12 mandate will increase overall costs for the DoD to
investigate and adjudicate individuals covered by the Instruction who
would not otherwise undergo an adjudication to determine suitability
for the competitive service, eligibility for a national security
sensitive position, or fitness for appointment to the excepted service
or to perform work under a Government contract. The costs to the
Department are not driven by the policy contained in this interim final
rule, but rather HSPD-12 and the U.S. Department of Commerce's National
institute of Standards and Technology's Federal Information Processing
Standards Publication 201-2 (FIPS 201-2), August 2013, mandate for
investigating and adjudicating eligibility to hold a CAC.
This interim final rule provides for protections against
unauthorized access to federal facilities and federally controlled
information systems and other sensitive or protected information. This
policy manages risk and creates efficiencies by ensuring persons are
vetted to uniform national standards. Standardized investigative and
adjudicative guidance will eliminate inter-agency variations that have
existed in the quality and security of identification used to gain
access to secure facilities where there is potential for terrorist
attacks. Establishing a mandatory, Department-wide standard for secure
and reliable forms of identification that the Department issues to its
employees and contractors enhances security, increases Government
efficiency, reduces identity fraud, and protects personal privacy.
Implementing policies and procedures that apply across the
Department will also result in significant intra-agency efficiencies.
Absent this Department-wide guidance--which leverages already
established processes and capabilities--the individual components may
handle HSPD-12 compliance in multiple ways, duplicating effort and
expending
[[Page 55624]]
valuable resources. Thus the cost of complying with the HSPD-12 mandate
will be even greater in the absence of DoD-wide policy and procedures.
Interim Final Rule Justification
This rule is being published as an interim final rule as DoD's
current efforts to comply with HSPD-12 need extensive procedural
guidance to ensure consistency of implementation of 32 CFR part 156 and
DoD Instruction 5200.02. This interim final rule provides DoD
components and Component Heads with detailed policy and procedures
specific to the DoD regarding investigation, adjudication, and appeals
for DoD CAC issuance. This rule consolidates, clarifies, and elaborates
DoD CAC policy as appropriate to ensure that Components' policies and
procedures for CAC applications, investigations, adjudications,
management, oversight, and appeals are aligned across the Department
using consistent standards and practices in cost-effective, timely, and
efficient ways.
If this rule is not published as an interim final rule, it will
prolong the vulnerability of DoD's personnel, information, and
facilities to risks that are created by a current lack of uniformity in
how DoD Components define and implement roles, responsibilities and
requirements associated with DoD CAC-issuance. As one example,
circumstances surrounding the shooting at the Washington Navy Yard
highlight the importance of consistent and specific requirements for
revocation and retrieval of credentials for personnel who have been
identified as posing unacceptable risks. As such, this policy mandates
revocation and retrieval of credentials and timely updates to physical
and logical accesses, when appropriate, to prevent use of invalidated
credentials.
Additionally, to better consistently protect DoD's personnel,
systems, and facilities, the DoD Components' concurred with applying
both basic and supplemental credentialing standards and this policy
helps codify that agreement. As such, the DoD ensures that all
behaviors that suggest unacceptable risks to life, safety, or health of
DoD personnel, information, or property are uniformly considered in all
adjudications for credentials.
To ensure that all individuals are consistently afforded
opportunity to respond to any official decision that they are not
acceptable risks for issuance of a CAC, this interim rule provides
standard procedures for use across the DoD by individuals who wish to
appeal denials or revocations of CACs.
This rule is subject to update whenever additional policy guidance
is provided by the Office of Management and Budget or the U.S. Office
of Personnel Management. Further, DoD will consider public comments
received in response to this interim rule in the formation of the
Department's final rule.
Executive Order 12866, ``Regulatory Planning and Review'' and Executive
Order 13563, ``Improving Regulation and Regulatory Review''
We have consulted with the Office of Management and Budget (OMB)
and determined this interim final rule meets the criteria for a
significant regulatory action under Executive Order 12866, as
supplemented by Executive Order 13563, and was subject to OMB review.
Sec. 202, Public Law 104-4, ``Unfunded Mandates Reform Act''
Section 202 of the Unfunded Mandates Reform Act of 1995 (UMRA)
(Pub. L. 104-4) requires agencies assess anticipated costs and benefits
before issuing any rule whose mandates require spending in any 1 year
of $100 million in 1995 dollars, updated annually for inflation. In
2014, that threshold is approximately $141 million. This document will
not mandate any requirements for State, local, or tribal governments,
nor will it affect private sector costs.
Public Law 96-354, ``Regulatory Flexibility Act'' (5 U.S.C. 601)
It has been certified that 32 CFR part 157 is not subject to the
Regulatory Flexibility Act (5 U.S.C. 601) because it would not, if
promulgated, have a significant economic impact on a substantial number
of small entities.
Public Law 96-511, ``Paperwork Reduction Act'' (44 U.S.C. Chapter 35)
This rule does impose reporting or recordkeeping requirements under
the Paperwork Reduction Act of 1995. This collection has been approved
by the Office of Management and Budget under OMB Control Number 0704-
0415 titled ``Application for Department of Defense Common Access
Card--DEERS Enrollment''.
Executive Order 13132, ``Federalism''
Executive Order 13132 establishes certain requirements that an
agency must meet when it promulgates a proposed rule (and subsequent
final rule) that imposes substantial direct requirement costs on State
and local governments, preempts State law, or otherwise has Federalism
implications. This document will not have a substantial effect on State
and local governments.
List of Subjects in 32 CFR Part 157
Common Access Card (CAC), Contractors; Federal employees, Federal
facilities, Federally-controlled information systems, HSPD-12
credentialing standards, Identity verification, Personal identity
verification (PIV) card, Sensitive or protected information, Terrorist;
Unauthorized access.
Accordingly 32 CFR part 157 is added to read as follows:
PART 157--DOD INVESTIGATIVE AND ADJUDICATIVE GUIDANCE FOR ISSUING
THE COMMON ACCESS CARD (CAC)
Sec.
157.1 Purpose.
157.2 Applicability.
157.3 Definitions.
157.4 Policy.
157.5 Responsibilities.
157.6 Procedures.
Authority: HSPD-12, E.O 13467, E.O. 13488, FIPS 201-2, and OPM
Memorandum.
Sec. 157.1 Purpose.
This part establishes policy, assigns responsibilities, and
prescribes procedures for investigating and adjudicating eligibility to
hold a Common Access Card (CAC). The CAC is the DoD personal identity
verification (PIV) credential.
Sec. 157.2 Applicability.
This part applies to:
(a) the Office of the Secretary of Defense, the Military
Departments (including the Coast Guard at all times, including when it
is a Service in the Department of Homeland Security by agreement with
that Department), the Office of the Chairman of the Joint Chiefs of
Staff and the Joint Staff, the Combatant Commands, the Office of the
Inspector General of the Department of Defense, the Defense Agencies,
the DoD Field Activities, and all other organizational entities within
the DoD (hereinafter referred to collectively as the ``DoD
Components'').
(b) The Commissioned Corps of the U.S. Public Health Service
(USPHS), under agreement with the Department of Health and Human
Services, and the National Oceanic and Atmospheric Administration
(NOAA), under agreement with the Department of Commerce.
Sec. 157.3 Definitions.
These terms and their definitions are for the purpose of this part.
[[Page 55625]]
Actionable information. Information that potentially justifies an
unfavorable credentialing determination.
CAC. The DoD Federal PIV card.
Contractor. Defined in Executive Order 13467, ``Reforming Processes
Related to Sustainability for Government Employment, Fitness for
Contractor Employees, and Eligibility for Access to Classified National
Security Information''.
Contractor employee fitness. Defined in E.O. 13467.
Debarment. A prohibition from taking a competitive service
examination or from being hired (or retained in) a covered position for
a specific time period..
Drugs. Mood and behavior-altering substances, including drugs,
materials, and other chemical compounds identified and listed in 21
U.S.C. 801-830 (also known as ``The Controlled Substances Act of 1970,
as amended'') (e.g., marijuana or cannabis, depressants, narcotics,
stimulants, hallucinogens), and inhalants and other similar substances.
Drug abuse. The illegal use of a drug or use of a legal drug in a
manner that deviates from approved medical direction.
Employee. Defined in E.O. 12968, ``Access to Classified
Information''.
Fitness. Defined in E.O. 13488, ``Granting Reciprocity on Excepted
Service and Federal Contractor Employee Fitness and Reinvestigating
Individuals in Positions of Public Trust''.
Fitness determination. Defined in E.O. 13488.
Logical and physical access. Defined in E.O. 13467.
Material. Defined in 5 CFR part 731.
Reasonable basis. A reasonable basis to believe occurs when a
disinterested observer, with knowledge of the same facts and
circumstances, would reasonably reach the same conclusion.
Terrorism. Defined in 19 U.S.C. 2331.
Unacceptable risk. A threat to the life, safety, or health of
employees, contractors, vendors, or visitors; to the U.S. Government
physical assets or information systems; to personal property; to
records, including classified, privileged, proprietary, financial, and
medical records; or to the privacy rights established by The Privacy
Act of 1974, as amended, or other law that is deemed unacceptable when
making risk management determinations.
U.S. National. Defined in U.S. OPM Memorandum, ``Final
Credentialing Standards for Issuing Personal Identity Verification
Cards Under HSPD-12'' (available at http://www.opm.gov/investigate/
resources/finalcredentialingstandards.pdf).
Sec. 157.4 Policy.
It is DoD policy that:
(a) Individuals appropriately sponsored for a CAC consistent with
DoD Manual 1000.13, Volume 1, ``DoD Identification Cards: ID Card Life-
Cycle,'' January 23, 2014, (available at http://www.dtic.mil/whs/
directives/corres/pdf/100013vol1.pdf) must be investigated and
adjudicated in accordance with this part. Individuals not CAC eligible
may be processed for local or regional base passes in accordance with
Under Secretary of Defense for Intelligence (USD(I)) policy guidance
for DoD physical access control consistent with DoD Regulation 5200.08-
R, ``Physical Security Program'' (available at http://www.dtic.mil/whs/directives/corres/pdf/520008r.pdf) and local installation security
policies and procedures.
(b) A favorably adjudicated National Agency Check with Inquiries
(NACI) or equivalent in accordance with revised Federal investigative
standards is the minimum investigation required for a final
credentialing determination for a CAC.
(c) Individuals requiring a CAC must meet the credentialing
standards in accordance with the U.S. Office of Personnel Management
(OPM) Memorandum, ``Final Credentialing Standards for Issuing Personal
Identity Verification Cards Under HSPD-12''; and U.S. Office of
Personnel Management Memorandum, ``Introduction of Credentialing,
Suitability, and Security Clearance Decision-Making Guide (available at
http://www.opm.gov/investigate/resources/
decisionmakingguide.pdf) and this part.
(d) A CAC may be issued on an interim basis based on a favorable
National Agency Check or a Federal Bureau of Investigation (FBI)
National Criminal History Check (fingerprint check) adjudicated by
appropriate approved automated procedures or by a trained security or
human resource (HR) specialist and successful submission to the
investigative service provider (ISP) of a NACI, or a personnel security
investigation (PSI) equal to or greater in scope than a NACI.
Additionally, the CAC applicant must present two identity source
documents, at least one of which is a valid Federal or State
government-issued picture identification.
(e) The subsequent final credentialing determination will be made
upon receipt of the completed investigation from the ISP.
(f) Discretionary judgments used to render an adjudicative
determination for issuing the CAC are inherently governmental functions
and must only be performed by trained U.S. Government personnel who
have successfully completed required training and possess a minimum
level of investigation (NACI or equivalent in accordance with revised
Federal investigative standards). Established administrative processes
in 32 CFR part 156 and DoD Directive 5220.6, ``Defense Industrial
Personnel Security Clearance Review Program'' (available at http://www.dtic.mil/whs/directives/corres/pdf/522006p.pdf) must be applied.
(g) Adjudications rendered for eligibility for access to classified
information, eligibility to hold a sensitive position, suitability, or
fitness for Federal employment based on a NACI or higher level
investigation may result in a concurrent CAC decision for that
position.
(h) Favorable credentialing adjudications from another Federal
department or agency will be reciprocally accepted in accordance with
conditions stated in the procedural guidance in this part. Reciprocity
must be based on final favorable adjudication only.
(i) CAC applicants or holders may appeal CAC denial or revocation
in accordance with the conditions stated in the procedural guidance in
this part. Appeals must be processed as indicated in the procedural
guidance in this part.
(j) Non-U.S. nationals at foreign locations are not eligible to
receive a CAC on an interim basis. Special considerations for
conducting background investigations of non-U.S. nationals are
addressed in U.S. OPM Memorandum, ``Final Credentialing Standards for
Issuing Personal Identity Verification Cards Under HSPD-12.'' An
interim CAC may be issued to non-U.S. nationals in the U.S. or U.S.
territories if they have resided in the U.S. or U.S. territory for at
least 3 years, and they satisfy the requirements of paragraph (e) of
this section and paragraph (a)(4)(ii)(A) of Sec. 157.6.
(k) Individuals who have been denied a CAC or have had a CAC
revoked due to an unfavorable credentialing determination are eligible
to reapply for a credential 1 year after the date of final adjudicative
denial or revocation.
(l) Individuals with a statutory or regulatory bar are not eligible
for reconsideration while under debarment, see paragraph (d)(6) of
Sec. 157.6.
(m) The Deputy Secretary of Defense directed all reports of
investigations conducted as required for compliance with Homeland
Security Presidential
[[Page 55626]]
Directive-12, ``Policy for a Common Identification Standard for Federal
Employees and Contractors'' (available at http://www.dhs.gov/homeland-security-presidential-directive-12) to be sent to the consolidated DoD
Central Adjudications Facility.
(n) When eligibility is denied or revoked, CACs shall be recovered
whenever practicable, and shall immediately be rendered inoperable. In
addition, agencies' physical and logical access systems shall be
immediately updated to eliminate the use of a CAC for access.
Sec. 157.5 Responsibilities.
(a) The USD(I) must:
(1) In coordination with the Under Secretary of Defense for
Personnel and Readiness (USD(P&R)) and the General Counsel of the
Department of Defense (GC, DoD), establish adjudication procedures to
support CAC credentialing decisions in accordance with DoD Manual
1000.13, Volume 1, ``DoD Identification (ID) Cards; ID Card Life-
Cycle''; U.S. Office of Personnel Management Memorandum, ``Final
Credentialing Standards for Issuing Personal Identity Verification
Cards Under HSPD-12''; U.S. Office of Personnel Management Memorandum,
``Introduction of Credentialing, Suitability, and Security Clearance
Decision-Making Guide; Office of Management and Budget Memorandum M-05-
24, ``Implementation of Homeland Security Presidential Directive (HSPD)
12--Policy for a Common Identification Standard for Federal Employees
and Contractors'' (available at http://www.whitehouse.gov/sites/default/files/omb/memoranda/fy2005/m05-24.pdf); U.S. Office of
Personnel Management Federal Investigations Notice Number 06-04, ``HSPD
12--Advanced Fingerprint Results'' (available at http://www.opm.gov/
extra/investigate/FIN0604.pdf); Homeland Security Presidential
Directive-12, ``Policy for a Common Identification Standard for Federal
Employees and Contractors''; 5 U.S.C. 552, 552a and 7313; Federal
Information Processing Standards Publication 201-2, ``Personal Identity
Verification (PIV) of Federal Employees and Contractors'' (available at
http://csrc.nist.gov/publications/PubsFIPS.html); Executive Order
13467, ``Reforming Processes Related to Suitability for Government
Employment, Fitness for Contractor Employees, and Eligibility for
Access to Classified National Security Information''; Executive Order
13488, ``Granting Reciprocity on Excepted Service and Federal
Contractor Employee Fitness and Reinvestigating Individuals in
Positions of Public Trust''; 15 U.S.C. 278g-3; 40 U.S.C. 11331; and
U.S. Office of Personnel Management Federal Investigations Notice
Number 10-05, ``Reminder to Agencies of the Standards for Issuing
Identity Credentials Under HSPD-12'' (available at http://www.opm.gov/investigate/fins/2010/fin10-05.pdf) for issuing a CAC to Service
members and DoD civilian personnel.
(2) In coordination with the Under Secretary of Defense for
Acquisition, Technology, and Logistics (USD(AT&L)) and the GC, DoD,
establish adjudication procedures to support a CAC credentialing
decision for contractors in accordance with the terms of applicable
contracts and the references cited in paragraph (a)(1) of this section,
the Federal Acquisition Regulation (available at http://www.acquisition.gov/far/current/pdf/FAR.pdf), and the Defense Federal
Acquisition Regulation Supplement (available at http://www.acq.osd.mil/dpap/dars/dfarspgi/current/index.html).
(3) Issue, interpret, and clarify CAC investigative and
adjudicative guidance in coordination with the Suitability Executive
Agent as necessary.
(b) The USD(P&R) must, in coordination with the GC, DoD, implement
CAC PSI and adjudication procedures established herein as necessary to
support issuance of a CAC to Service members and DoD civilian personnel
in accordance with the references cited in paragraph (a)(1) of this
section.
(c) The USD(AT&L) must, in coordination with the GC, DoD, implement
CAC PSI and adjudication procedures established by the USD(I) for
contractors in accordance with the terms of applicable contracts and
the references cited in paragraph (a)(1) of this section, Federal
Acquisition Regulation, current edition; and Defense Federal
Acquisition Regulation Supplement, current edition.
(d) The GC, DoD must:
(1) Provide advice and guidance as to the legal sufficiency of
procedures and standards involved in adjudicating CAC investigations.
(2) Perform functions relating to the DoD Homeland Security
Presidential Directive (HSPD)-12 Program in accordance with DoD
Directive 5220.6, ``Defense Industrial Personnel Security Clearance
Review Program'' (available at http://www.dtic.mil/whs/directives/corres/pdf/522006p.pdf) and DoD Directive 5145.01, ``General Counsel of
the Department of Defense'' (available at http://www.dtic.mil/whs/directives/corres/pdf/514501p.pdf) including maintenance and oversight
of the Defense Office of Hearings and Appeals (DOHA) and its
involvement in contractor CAC revocations as specified in paragraph
(b)(6)(i)(B) of Sec. 157.6 of this part.
(3) Coordinate on USD(P&R) implementation of CAC PSI and
adjudication procedures, in accordance with the references cited in
paragraph (a)(1) of this section, for Service members and DoD civilian
personnel, and USD(AT&L) implementation of USD(I) procedures for CAC
PSI and adjudication in accordance with the terms of applicable
contracts and the references cited in paragraph (a)(1) of this section,
Federal Acquisition Regulation and Defense Federal Acquisition
Regulation Supplement.
(e) The Heads of the DoD Components must:
(1) Comply with and implement this part.
(2) Provide resources for PSIs, adjudication, appeals, and
recording of final adjudicative results in a centralized database.
(3) Require individuals sponsored for a CAC to meet eligibility
requirements stated in DTM 08-003.
(4) Provide appeals boards for those individuals appealing CAC
denial or revocation as specified in paragraph (b)(6)(i)(A) of Sec.
157.6.
(5) Enforce requirements for reporting of derogatory information,
unfavorable administrative actions, and adverse actions to personnel
security, HR, and counterintelligence official(s), as appropriate.
(6) Require all PSIs submitted for non-DoD personnel to be
supported by and comply with DoD PIV procedures in contracts that
implement requirements of paragraphs 4.1303 and 52.204-9 of Federal
Acquisition Regulation, current edition.
(7) Require all investigations and adjudications required for non-
DoD personnel to be in response to a current, active contract or
agreement and that the number of personnel submitted for investigation
and adjudication does not exceed the specific requirements of that
contract or agreement while ensuring compliance with HSPD-12.
Sec. 157.6 Procedures.
(a) CAC Investigative Procedures-- (1) Investigative Requirements.
(i) A personnel security investigation (NACI or greater) completed by
an authorized ISP is required to support a CAC credentialing
determination based on the established credentialing standards
promulgated by OPM Memorandum, ``Final Credentialing Standards for
[[Page 55627]]
Issuing Personal Identity Verification Cards Under HSPD-12''.
(ii) Individuals identified as having a favorably adjudicated
investigation on record, equivalent to or greater than the NACI, do not
require an additional investigation for CAC issuance.
(iii) There is no requirement to reinvestigate CAC holders unless
they are subject to reinvestigation for national security or
suitability reasons as specified in applicable DoD issuances.
(2) Submission of Investigations. Investigative packages must be
submitted promptly by HR or security personnel to the authorized ISP.
Fingerprints for CAC applicants must be taken by HR or security
personnel. DoD Components using the OPM as the ISP may request advanced
fingerprint check results in accordance with OPM Federal Investigations
Notice Number 06-04.
(3) Reciprocity. (i) The sponsoring Component must not re-
adjudicate CAC determinations for individuals transferring from another
Federal department or agency, provided:
(A) The individual's former department or agency verifies
possession of a valid PIV.
(B) The individual has undergone the required NACI or other
equivalent (or greater) suitability or national security investigation
and received favorable adjudication from the former department or
agency.
(C) There is no break in service 2 years or more and the individual
has no actionable information since the date of the last completed
investigation.
(ii) Interim CAC determinations are not eligible to be transferred
or reciprocally accepted. Reciprocity must be based on final favorable
adjudication only.
(4) Foreign (Non-U.S.) Nationals. DoD Components must apply the
credentialing process and standards in this part to non-U.S. nationals
who work as employees or contractor employees for the DoD. However,
special considerations apply to non-U.S. nationals.
(i) At Foreign Locations. (A) DoD Components must initiate and
ensure completion of a background investigation before applying the
credentialing standards to a non-U.S. national at a foreign location.
The background investigation must be favorably adjudicated before a CAC
can be issued to a non-U.S. national at a foreign location. The type of
background investigation may vary based on standing reciprocity
treaties concerning identity assurance and information exchanges that
exist between the U.S. and its allies or agency agreements with the
host country.
(B) The investigation of a non-U.S. national at a foreign location
must be consistent with a NACI, to the extent possible, and include a
fingerprint check against the FBI criminal history database, an FBI
investigations files (name check) search, and a name check against the
terrorist screening database.
(ii) At U.S.-Based Locations and in U.S. Territories (Other than
American Samoa and Commonwealth of the Northern Mariana Islands). (A)
Individuals who are non-U.S. nationals in the United States or U.S.
territory for 3 years or more must have a NACI or equivalent
investigation initiated after employment authorization is appropriately
verified.
(B) Non-U.S. nationals who have been in the United States or U.S.
territory for less than 3 years do not meet the investigative
requirements for CAC issuance. DoD Components may delay the background
investigation of a Non-U.S. national who has been in the U.S. or U.S.
territory for less than 3 years until the individual has been in the
United States or U.S. territory for at least 3 years. In the event of
such a delay, an alternative facility access identity credential may be
issued at the discretion of the relevant DoD Component official, as
appropriate based on a risk determination in accordance with DoD
5200.08-R, ``Physical Security Program'' (available at http://www.dtic.mil/whs/directives/corres/pdf/520008r.pdf) and U.S. Office of
Personnel Management Memorandum, ``Final Credentialing Standards for
Issuing Personal Identity Verification Cards Under HSPD-12.''
(C) The U.S. territories of American Samoa and the Commonwealth of
the Northern Mariana Islands are not included in the ``United States''
as defined by the Immigration and Nationality Act of 1952, as amended
(Pub. L. 82-414).
(5) Investigations Acceptable for CAC Adjudication. A list of
investigations acceptable for CAC adjudication is located in the Table.
These investigations are equivalent to or greater than a NACI. This
list will be updated by the USD(I) as revisions to the Federal
investigative standards are implemented.
Table--Favorably Adjudicated Investigations Acceptable for CAC
Adjudication
------------------------------------------------------------------------
Investigation Description
------------------------------------------------------------------------
ANACI............................ Access National Agency Check and
Inquires.
BGI-0112......................... Upgrade Background Investigation (1-
12 months from LBI).
BGI-1336......................... Upgrade Background Investigation (13-
36 months from LBI).
BGI-3760......................... Upgrade Background Investigation (37-
60 months from LBI).
BI............................... Background Investigation.
BIPN............................. Background Investigation plus Current
National Agency Check.
BIPR............................. Periodic Reinvestigation of
Background Investigation.
BITN............................. Background Investigation (10 year
scope).
CNCI............................. Child Care National Agency Check plus
Written Inquires and Credit.
IBI.............................. Interview Oriented Background
Investigation.
LBI.............................. Limited Background Investigation.
LBIP............................. Limited Background Investigation plus
Current National Agency Check.
LBIX............................. Limited Background Investigation--
Expanded.
MBI.............................. Moderate Risk Background
Investigation.
MBIP............................. Moderate Risk Background
Investigation plus Current National
Agency Check.
MBIX............................. Moderate Risk Background
Investigation--Expanded.
NACB............................. National Agency Check/National Agency
Check plus Written Inquires and
Credit Check plus Background
Investigation Requested.
NACI............................. National Agency Check and Inquires.
NACLC............................ National Agency Check with Law and
Credit.
NACS............................. National Agency Check/National Agency
Check plus Written Inquires and
Credit Check plus Single Scope B.I.
Requested.
NACW............................. National Agency Check plus Written
Inquires and Credit.
[[Page 55628]]
NACZ............................. National Agency Check plus Written
Inquires and Credit plus Special
Investigative Inquiry.
NLC.............................. National Agency Check, Local Agency
Check and Credit.
NNAC............................. National Agency Check plus Written
Inquires and Credit Plus Current
National Agency Check.
NSI.............................. NSI--NACI/Suitability Determination.
PRI.............................. Periodic Reinvestigation.
PRS.............................. Periodic Reinvestigation Secret.
PRSC............................. Periodic Reinvestigation Secret or
Confidential.
PPR.............................. Phased Periodic Reinvestigation.
SPR.............................. Secret Periodic Reinvestigation.
SSBI............................. Single Scope Background
Investigation.
SSBI-PR.......................... Periodic Reinvestigation for SSBI.
------------------------------------------------------------------------
(b) CAC Adjudicative Procedures.--(1) Guidance for Applying
Credentialing Standards During Adjudication. (i) As established in
Homeland Security Presidential Directive-12, credentialing adjudication
considers whether or not an individual is eligible for long-term access
to Federally controlled facilities and/or information systems. The
ultimate determination to authorize, deny, or revoke the CAC based on a
credentialing determination of the PSI must be made after consideration
of applicable credentialing standards in OPM Memorandum, ``Final
Credentialing Standards for Issuing Personal Identity Verification
Cards Under HSPD-12.''
(ii) Each case is unique. Adjudicators must examine conditions that
raise an adjudicative concern, the overriding factor for all of these
conditions is unacceptable risk. Factors to be applied consistently to
all information available to the adjudicator are:
(A) The nature and seriousness of the conduct. The more serious the
conduct, the greater the potential for an adverse CAC determination.
(B) The circumstances surrounding the conduct. Sufficient
information concerning the circumstances of the conduct must be
obtained to determine whether there is a reasonable basis to believe
the conduct poses a risk to people, property or information systems.
(C) The recency and frequency of the conduct. More recent or more
frequent conduct is of greater concern.
(D) The individual's age and maturity at the time of the conduct.
Offenses committed as a minor are usually treated as less serious than
the same offenses committed as an adult, unless the offense is very
recent, part of a pattern, or particularly heinous.
(E) Contributing external conditions. Economic and cultural
conditions may be relevant to the determination of whether there is a
reasonable basis to believe there is an unacceptable risk if the
conditions are currently removed or countered (generally considered in
cases with relatively minor issues).
(F) The absence or presence of efforts toward rehabilitation, if
relevant, to address conduct adverse to CAC determinations.
(1) Clear, affirmative evidence of rehabilitation is required for a
favorable adjudication (e.g., seeking assistance and following
professional guidance, where appropriate; demonstrating positive
changes in behavior and employment).
(2) Rehabilitation may be a consideration for most conduct, not
just alcohol and drug abuse. While formal counseling or treatment may
be a consideration, other factors (such as the individual's employment
record) may also be indications of rehabilitation.
(iii) CAC adjudicators must successfully complete formal training
through a DoD CAC adjudicator course from the Defense Security Service
Center for Development of Security Excellence or a course approved by
the Suitability Executive Agent.
(2) Credentialing Standards. HSPD-12 credentialing standards
contained in OPM Memorandum, ``Final Credentialing Standards for
Issuing Personal Identity Verification Cards Under HSPD-12'' must be
used to render a final determination whether to issue or revoke a CAC
based on results of a qualifying PSI.
(i) Basic Standards. CAC credentialing standards and the
adjudicative guidelines described in paragraph (c) of this section are
designed to guide the adjudicator who must determine, based on results
of a qualifying PSI, whether CAC issuance is consistent with the basic
standards, would create an unacceptable risk for the U.S. Government,
or would provide an avenue for terrorism.
(ii) Supplemental Standards. The supplemental standards are
intended to ensure that the issuance of a CAC to an individual does not
create unacceptable risk. The supplemental credentialing standards must
be applied, in addition to the basic credentialing standards. In this
context, an unacceptable risk refers to an unacceptable risk to the
life, safety, or health of employees, contractors, vendors, or
visitors; to the Government's physical assets or information systems;
to personal property; to records, including classified, privileged,
proprietary, financial, or medical records; or to the privacy of data
subjects.
The supplemental credentialing standards, in addition to the basic
credentialing standards, must be used for CAC adjudication of
individuals who are not also subject to the following types of
adjudication:
(A) Eligibility to hold a sensitive position or for access to
classified information,
(B) Suitability for Federal employment in the competitive service,
or
(C) Qualification for Federal employment in the excepted service.
(3) Application of the Standards. (i) CAC credentialing standards
shall be applied to all DoD civilian employees, Service members, and
contractors who are CAC eligible, have been sponsored by a DoD entity,
and require: (a) Physical access to DoD facilities or non-DoD
facilities on behalf of DoD; (b) logical access to information systems
(whether on site or remotely); or (c) remote access to DoD networks
that use only the CAC logon for user authentication.
(ii) If an individual is found unsuitable for competitive civil
service consistent with 5 CFR part 731, ineligible for access to
classified information pursuant to E.O. 12968, or disqualified from
appointment in the excepted service or from working on a contract, the
unfavorable decision may be sufficient basis for non-issuance or
revocation of a CAC, but does not necessarily mandate this result.
(4) Adjudication. The CAC adjudicators will consider the
information provided by the CAC PSI in rendering a CAC credentialing
[[Page 55629]]
determination. The determination will be unfavorable if there is a
reasonable basis to conclude that a disqualifying factor in accordance
with the basic CAC credentialing standards is substantiated, or when
there is a reasonable basis to conclude that derogatory information or
conduct relating to supplemental CAC credentialing standards presents
an unacceptable risk for the U.S. Government.
(i) If a DoD Component or DOHA proposes to deny or revoke a CAC
under conditions other than those cited in paragraph (b)(3)(ii) of this
section, the DoD Component or DOHA, as appropriate in accordance with
paragraph (b)(6)(i) of this section, must issue the individual a
written statement (also known as a letter of denial (LOD) or revocation
(LOR)) identifying the disqualifying condition(s). The statement must
contain a summary of the concerns and supporting adverse information,
instructions for responding, and copies of the relevant CAC
credentialing standards and adjudicative guidelines from this section.
The written LOD or LOR must be as comprehensive and detailed as
permitted by the requirements of national security and to protect
sources that were granted confidentiality, and as allowed pursuant to
provisions of 5 U.S.C. 552 and 552a. (Section 552a is also known and
hereinafter referred to as ``The Privacy Act of 1974, as amended.'')
(ii) The individual may elect to respond in writing to the DoD
Component or DOHA, as appropriate, within 30 calendar days from the
date of the LOD or LOR. Failure to respond to the LOD or LOR will
result in automatic CAC denial or revocation.
(iii) When, subsequent to issuance of an interim or final CAC, the
U.S. Government receives credible information that raises questions as
to whether a current CAC holder continues to meet the applicable
credentialing standards, the DoD Component may reconsider the
credentialing determination using the procedures in this part.
(5) Denial or Revocation. (i) DoD Components must deny or revoke a
CAC if the individual fails to respond to the LOD or LOR within the
specified time-frame or the response to the written statement has not
provided a basis to reverse the decision.
(ii) Denial or revocation of a CAC must comply with applicable
governing laws and regulations:
(A) The U.S. Coast Guard shall afford individuals appeal rights as
established in applicable Department of Homeland Security and U.S.
Coast Guard Issuances.
(B) CAC provides Service members with Geneva Convention protection
in accordance with DoD Instruction 1000.1, ``Identification (ID) Cards
Required by the Geneva Conventions'' (available at http://www.dtic.mil/whs/directives/corres/pdf/100001p.pdf), and authorized benefits (e.g.
medical) and must not be revoked or denied pursuant to the provisions
of this part. CAC for Military Service members will be surrendered only
upon separation, discharge, or retirement.
(C) In certain instances a CAC provides other benefits or specific
privileges to civilian employees (e.g. medical, post exchange and
commissary) when assigned overseas long-term; or protected status to
civilian employees and contractors who are accompanying U.S. forces
during overseas deployments in accordance with DoD Instruction 1000.1.
CAC for DoD civilians or contractors in this circumstance will not be
revoked pursuant to the provisions of this part, but may be surrendered
as part of other adverse employment or contracting actions or
procedures.
(iii) When eligibility is denied or revoked, the CAC shall be
recovered whenever practicable, and shall immediately be rendered
inoperable. In addition, agency's physical and logical access systems
shall immediately be updated to eliminate the use of the CAC for
access.
(6) Appeals. (i) Individuals who have been denied a CAC or have had
a CAC revoked due to an unfavorable credentialing determination must be
entitled to appeal the determination in accordance with the following
procedures:
(A) Except as stated in paragraph (b)(6)(ii) of this section, new
civilian and contractor applicants who have been denied a CAC may elect
to appeal to a three member board composed of not more than one
security representative and one human resources representative.
(B) Contractor employees who have had their CAC revoked may appeal
the unfavorable determination to the DOHA in accordance with the
established administrative process set out in DoD Directive 5220.6.
(ii) This appeal process does not apply when a CAC is denied or
revoked as a result of either an unfavorable suitability determination
consistent with 5 CFR part 731 or a decision to deny or revoke
eligibility for access to classified information or eligibility for a
sensitive national security position, since the person is already
entitled to seek review in accordance with applicable suitability or
national security procedures. Likewise, there is no right to appeal
when the decision to deny the CAC is based on the results of a separate
determination to disqualify the person from an appointment in the
excepted service or to bar the person from working for or on behalf of
a Federal department or agency.
(iii) The DoD Component will notify the individual in writing of
the final determination and provide a statement that this determination
is not subject to further appeal.
(7) Recording Final Determination. Immediately following final
adjudication, the sponsoring activity must record the final eligibility
determination (e.g., active, revoked, denied) in the OPM Central
Verification System as directed by OPM Memorandum, ``Final
Credentialing Standards for Issuing Personal Identity Verification
Cards Under HSPD-12.'' DoD Component records will document the
adjudicative rationale. Adjudicative records shall be made available to
authorized recipients as required for appeal purposes.
(c) Basic Adjudicative Standards. (1) A CAC will not be issued to a
person if the individual is known to be or reasonably suspected of
being a terrorist.
(i) A CAC must not be issued to a person if the individual is known
to be or reasonably suspected of being a terrorist. Individuals
entrusted with access to Federal property and information systems must
not put the U.S. Government at risk or provide an avenue for terrorism.
(ii) Therefore, conditions that may be disqualifying include
evidence that the individual has knowingly and willfully been involved
with reportable domestic or international terrorist contacts or foreign
intelligence entities, counterintelligence activities, indicators, or
other behaviors described in DoD Directive 5240.06,
``Counterintelligence Awareness and Reporting (CIAR)'' (available at
http://www.dtic.mil/whs/directives/corres/pdf/524006p.pdf).
(2) A CAC will not be issued to a person if the employer is unable
to verify the individual's claimed identity.
(i) A CAC must not be issued to a person if the DoD component is
unable to verify the individual's claimed identity. To be considered
eligible for a CAC, the individual's identity must be clearly
authenticated. The CAC must not be issued when identity cannot be
authenticated.
(ii) Therefore, conditions that may be disqualifying include:
[[Page 55630]]
(A) The individual claimed it was not possible to provide two
identity source documents from the list of acceptable documents in Form
I-9, Office of Management and Budget No. 1115-0136, ``Employment
Eligibility Verification,''(available at http://www.uscis.gov/files/form/i-9.pdf) or provided only one identity source document from the
list of acceptable documents.
(B) The individual did not appear in person as required by Federal
Information Processing Standards Publication 201-2.
(C) The individual refused to cooperate with the documentation and
investigative requirements to validate his or her identity.
(D) The investigation failed to confirm the individual's claimed
identity.
(iii) No conditions can mitigate inability to verify the
applicant's identity.
(3) A CAC will not be issued to a person if there is a reasonable
basis to believe the individual has submitted fraudulent information
concerning his or her identity.
(i) A CAC must not be issued to a person if there is a reasonable
basis to believe the individual has submitted fraudulent information
concerning his or her identity in an attempt to obtain the current
credential.
(A) Substitution occurred in the identity proofing process; the
individual who appeared on one occasion was not the same person that
appeared on another occasion.
(B) The fingerprints associated with the identity do not belong to
the person attempting to obtain a CAC.
(ii) No conditions can mitigate submission of fraudulent
information in an attempt to obtain a current credential.
(4) A CAC will not be issued to a person if there is a reasonable
basis to believe the individual will attempt to gain unauthorized
access to classified documents, information protected by the Privacy
Act, information that is proprietary in nature, or other sensitive or
protected information.
(i) Individuals must comply with information-handling regulations
and rules. Individuals must properly handle classified and protected
information such as sensitive or proprietary information.
(ii) Individuals should not attempt to gain unauthorized access to
classified documents or other sensitive or protected information.
Unauthorized access to U.S. Government information or improper use of
U.S. Government information once access is granted may pose a
significant risk to national security, may compromise individual
privacy, and may make public information that is proprietary in nature,
thus compromising the operations and missions of Federal agencies.
(iii) A CAC must not be issued if there is a reasonable basis to
believe the individual will attempt to gain unauthorized access to
classified documents, information protected by the Privacy Act of 1974,
as amended, information that is proprietary in nature, or other
sensitive or protected information.
(iv) Therefore, conditions that may be disqualifying include any
attempt to gain unauthorized access to classified, sensitive,
proprietary or other protected information.
(v) Circumstances relevant to the determination of whether there is
a reasonable basis to believe there is an unacceptable risk include:
(A) Since the time of the last act or activities, the person has
demonstrated a favorable change in behavior.
(B) The behavior happened so long ago, was minor, or happened under
such unusual circumstances that it is unlikely to recur and does not
cast doubt on the individual's ability to safeguard protected
information.
(5) A CAC will not be issued to a person if there is a reasonable
basis to believe the individual will use an identity credential outside
the workplace unlawfully or inappropriately.
(i) A CAC must not be issued to a person if there is a reasonable
basis to believe the individual will use an identity credential outside
the workplace unlawfully or inappropriately.
(ii) Therefore, conditions that may be disqualifying include:
(A) Documented history of fraudulent requests for credentials or
other official documentation.
(B) Previous incidents in which the individual used credentials or
other official documentation to circumvent rules or regulations.
(C) A history of incidents involving misuse of credentials that put
physical assets or personal property at risk.
(iii) Circumstances relevant to the determination of whether there
is a reasonable basis to believe there is an unacceptable risk include:
(A) The behavior happened so long ago, was minor, or happened under
such unusual circumstances that it is unlikely to recur and does not
cast doubt on the individual's ability and willingness to use
credentials lawfully and appropriately.
(6) A CAC will not be issued to a person if there is a reasonable
basis to believe the individual will use Federally-controlled
information systems unlawfully, make unauthorized modifications to such
systems, corrupt or destroy such systems, or engage in inappropriate
uses of such systems.
(i) Individuals must comply with rules, procedures, guidelines, or
regulations pertaining to information technology systems and properly
protect sensitive systems, networks, and information. The individual
should not attempt to use federally-controlled information systems
unlawfully, make unauthorized modifications, corrupt or destroy, or
engage in inappropriate uses of such systems. A CAC must not be issued
to a person if there is a reasonable basis to believe the individual
will do so or has done so in the past.
(ii) Therefore, conditions that may be disqualifying include:
(A) Illegal, unauthorized, or inappropriate use of an information
technology system or component.
(B) Unauthorized modification, destruction, manipulation of
information, software, firmware, or hardware to corrupt or destroy
information technology systems or data.
(iii) Circumstances relevant to the determination of whether there
is a reasonable basis to believe there is an unacceptable risk include:
(A) The behavior happened so long ago, was minor, or happened under
such unusual circumstances that it is unlikely to recur and does not
cast doubt on the individual's ability and willingness to conform to
rules and regulations for use of information technology systems.
(d) Supplemental Adjudicative Standards. (1) A CAC will not be
issued to a person if there is a reasonable basis to believe, based on
the individual's misconduct or negligence in employment, that issuance
of a CAC poses an unacceptable risk.
(i) An individual's employment misconduct or negligence may put
people, property, or information systems at risk.
(ii) Therefore, conditions that may be disqualifying include:
(A) A previous history of intentional wrongdoing on the job,
disruptive, violent, or other acts that may pose an unacceptable risk
to people, property, or information systems.
(B) A pattern of dishonesty or rule violations in the workplace
which put people, property or information at risk.
(C) A documented history of misusing workplace information systems
to view, download, or distribute pornography.
[[Page 55631]]
(D) Violation of written or recorded commitments to protect
information made to an employer, such as breach(es) of confidentiality
or the release of proprietary or other information.
(E) Failure to comply with rules or regulations for the
safeguarding of classified, sensitive, or other protected information.
(iii) Circumstances relevant to the determination of whether there
is a reasonable basis to believe there is an unacceptable risk include:
(A) The behavior happened so long ago, was minor, or happened under
such unusual circumstances that it is unlikely to recur and does not
cast doubt on the individual's current trustworthiness or good judgment
relating to the safety of people and proper safeguarding of property
and information systems.
(B) The individual was not adequately warned that the conduct was
unacceptable and could not reasonably be expected to know that the
conduct was wrong.
(C) The individual made prompt, good-faith efforts to correct the
behavior.
(D) The individual responded favorably to counseling or remedial
training and has since demonstrated a positive attitude toward the
discharge of information-handling or security responsibilities.
(2) A CAC will not be issued to a person if there is a reasonable
basis to believe, based on the individual's criminal or dishonest
conduct, that issuance of a CAC poses an unacceptable risk.
(i) An individual's conduct involving questionable judgment, lack
of candor, dishonesty, or unwillingness to comply with rules and
regulations can raise questions about his or her reliability or
trustworthiness and may put people, property, or information systems at
risk. An individual's past criminal or dishonest conduct may put
people, property, or information systems at risk.
(ii) Therefore, conditions that may be disqualifying include:
(A) A single serious crime or multiple lesser offenses which put
the safety of people at risk or threaten the protection of property or
information. A person's convictions for burglary may indicate that
granting a CAC poses an unacceptable risk to the U.S. Government's
physical assets and to employees' personal property on a U.S.
Government facility.
(B) Charges or admission of criminal conduct relating to the safety
of people and proper protection of property or information systems,
regardless of whether the person was formally charged, formally
prosecuted, or convicted.
(C) Dishonest acts (e.g., theft, accepting bribes, falsifying
claims, perjury, forgery, or attempting to obtain identity
documentation without proper authorization).
(D) Deceptive or illegal financial practices such as embezzlement,
employee theft, check fraud, income tax evasion, expense account fraud,
filing deceptive loan statements, or other intentional financial
breaches of trust.
(E) Actions involving violence or sexual behavior of a criminal
nature that poses an unacceptable risk if access is granted to
federally-controlled facilities or federally-controlled information
systems. For example, convictions for sexual assault may indicate that
granting a CAC poses an unacceptable risk to the life and safety of
persons on U.S. Government facilities.
(F) Financial irresponsibility may raise questions about the
individual's honesty and put people, property or information systems at
risk, although financial debt should not in and of itself be cause for
denial.
(G) Deliberate omission, concealment, or falsification of relevant
facts or deliberately providing false or misleading information to an
employer, investigator, security official, competent medical authority,
or other official U.S. Government representative, particularly when
doing so results in personal benefit or which results in a risk to the
safety of people and proper safeguarding of property and information
systems.
(iii) Circumstances relevant to the determination of whether there
is a reasonable basis to believe there is an unacceptable risk include:
(A) The behavior happened so long ago, was minor in nature, or
happened under such unusual circumstances that it is unlikely to recur.
(B) Charges were dismissed or evidence was provided that the person
did not commit the offense and details and reasons support his or her
innocence.
(C) Improper or inadequate advice from authorized personnel or
legal counsel significantly contributed to the individual's omission,
of information. When confronted, the individual provided an accurate
explanation and made prompt, good-faith effort to correct the
situation.
(D) Evidence has been supplied of successful rehabilitation,
including but not limited to remorse or restitution, job training or
higher education, good employment record, constructive community
involvement, or passage of time without recurrence.
(3) A CAC will not be issued to a person if there is a reasonable
basis to believe, based on the individual's material, intentional false
statement, deception, or fraud in connection with Federal or contract
employment, that issuance of a CAC poses an unacceptable risk.
(i) The individual's conduct involving questionable judgment, lack
of candor, or unwillingness to comply with rules and regulations can
raise questions about an individual's honesty, reliability,
trustworthiness, and put people, property, or information systems at
risk.
(ii) Therefore, conditions that may be disqualifying include
material, intentional falsification, deception or fraud related to
answers or information provided during the employment process for the
current or a prior Federal or contract employment (e.g., on the
employment application or other employment, appointment or
investigative documents, or during interviews.)
(iii) Circumstances relevant to the determination of whether there
is a reasonable basis to believe there is an unacceptable risk include:
(A) The misstated or omitted information was so long ago, was
minor, or happened under such unusual circumstances that it is unlikely
to recur.
(B) The misstatement or omission was unintentional or inadvertent
and was followed by a prompt, good-faith effort to correct the
situation.
(4) A CAC will not be issued to a person if there is a reasonable
basis to believe, based on the nature or duration of the individual's
alcohol abuse without evidence of substantial rehabilitation, that
issuance of a CAC poses an unacceptable risk.
(i) An individual's abuse of alcohol may put people, property, or
information systems at risk. Alcohol abuse can lead to the exercise of
questionable judgment or failure to control impulses, and may put
people, property, or information systems at risk, regardless of whether
he or she is diagnosed as an abuser of alcohol or alcohol dependent. A
person's long-term abuse of alcohol without evidence of substantial
rehabilitation may indicate that granting a CAC poses an unacceptable
safety risk in a U.S. Government facility.
(ii) Therefore, conditions that may be disqualifying include:
(A) A pattern of alcohol-related arrests.
(B) Alcohol-related incidents at work, such as reporting for work
or duty in an
[[Page 55632]]
intoxicated or impaired condition, or drinking on the job.
(C) Current continuing abuse of alcohol.
(D) Failure to follow any court order regarding alcohol education,
evaluation, treatment, or abstinence.
(iii) Circumstances relevant to the determination of whether there
is a reasonable basis to believe there is an unacceptable risk include:
(A) The individual acknowledges his or her alcoholism or issues of
alcohol abuse, provides evidence of actions taken to overcome this
problem, and has established a pattern of abstinence (if alcohol
dependent) or responsible use (if an abuser of alcohol).
(B) The individual is participating in counseling or treatment
programs, has no history of previous treatment or relapse, and is
making satisfactory progress.
(C) The individual has successfully completed inpatient or
outpatient counseling or rehabilitation along with any required
aftercare. He or she has demonstrated a clear and established pattern
of modified consumption or abstinence in accordance with treatment
recommendations, such as participation in an alcohol treatment program.
The individual has received a favorable prognosis by a duly qualified
medical professional or a licensed clinical social worker who is a
staff member of a recognized alcohol treatment program.
(5) A CAC will not be issued to a person if there is a reasonable
basis to believe, based on the nature or duration of the individual's
illegal use of narcotics, drugs, or other controlled substances without
evidence of substantial rehabilitation, that issuance of a CAC poses an
unacceptable risk.
(i) An individual's abuse of drugs may put people, property, or
information systems at risk. Illegal use of narcotics, drugs, or other
controlled substances, to include abuse of prescription or over-the-
counter drugs, can raise questions about his or her trustworthiness, or
ability or willingness to comply with laws, rules, and regulations. For
example, a person's long-term illegal use of narcotics without evidence
of substantial rehabilitation may indicate that granting a CAC poses an
unacceptable safety risk in a U.S. Government facility.
(ii) Therefore, conditions that may be disqualifying include:
(A) Current or recent illegal drug use, serious narcotic, or other
controlled substance offense.
(B) A pattern of drug-related arrests or problems in employment.
(C) Illegal drug possession, including cultivation, processing,
manufacture, purchase, sale, or distribution of illegal drugs, or
possession of drug paraphernalia.
(D) Diagnosis by a duly qualified medical professional (e.g.,
physician, clinical psychologist, or psychiatrist) of drug abuse or
drug dependence.
(E) Evaluation of drug abuse or drug dependence by a licensed
clinical social worker who is a staff member of a recognized drug
treatment program.
(F) Failure to successfully complete a drug treatment program
prescribed by a duly qualified medical professional.
(G) Any illegal drug use after formally agreeing to comply with
rules or regulations prohibiting drug use.
(H) Any illegal use or abuse of prescription or over-the-counter
drugs.
(iii) Circumstances relevant to the determination of whether there
is a reasonable basis to believe there is an unacceptable risk include:
(A) The behavior happened so long ago, was so infrequent, or
happened under such circumstances that it is unlikely to recur (e.g.,
clear, lengthy break since last use; strong evidence the use will not
occur again).
(B) A demonstrated intent not to abuse any drugs in the future,
such as:
(1) Abstaining from drug use.
(2) Disassociating from drug-using associates and contacts.
(3) Changing or avoiding the environment where drugs were used.
(C) Abuse of prescription drugs followed a severe or prolonged
illness during which these drugs were prescribed and abuse has since
ended.
(D) Satisfactory completion of a prescribed drug treatment program,
including but not limited to rehabilitation and aftercare requirements
without recurrence of abuse, and a favorable prognosis by a duly
qualified medical professional.
(6) A CAC will not be issued to a person if a statutory or
regulatory bar prevents the individual's contract employment; or would
prevent Federal employment under circumstances that furnish a
reasonable basis to believe that issuance of a CAC poses an
unacceptable risk.
(i) The purpose of this standard is to verify whether there is a
bar on contract employment, and whether the contract employee is
subject to a Federal employment debarment for reasons that also pose an
unacceptable risk in the contracting context. For example, a person's
5-year bar on Federal employment based on a felony conviction related
to inciting a riot or civil disorder, as specified in 5 U.S.C. 7313,
may indicate that granting a CAC poses an unacceptable risk to persons,
property, and assets in U.S. Government facilities.
(ii) Therefore, conditions that may be disqualifying include:
(A) A debarment was imposed by OPM, DoD, or other Federal agencies
when the conduct poses an unacceptable risk to people, property, or
information systems.
(B) The suitability debarment was based on the presence of serious
suitability issues when the conduct poses an unacceptable risk to
people, property, or information systems.
(iii) Circumstances relevant to the determination of whether there
is a reasonable basis to believe there is an unacceptable risk include:
(A) Applicant proves the reason(s) for the debarment no longer
exists.
(B) The debarment is job or position-specific and is not applicable
to the job currently under consideration.
(7) A CAC will not be issued to a person if the individual has
knowingly and willfully engaged in acts or activities designed to
overthrow the U.S. Government by force.
(i) Individuals entrusted with access to U.S. Government property
and information systems must not put the U.S. Government at risk.
(ii) Therefore, conditions that may be disqualifying include:
(A) Illegal involvement in, support of, training to commit, or
advocacy of any act of sabotage, espionage, treason or sedition against
the United States of America.
(B) Association or agreement with persons who attempt to or commit
any of the acts in paragraph (d)(7)(ii)(A) of this section with the
specific intent to further those unlawful aims.
(C) Association or agreement with persons or organizations that
advocate, threaten, or use force or violence, or use any other illegal
or unconstitutional means in an effort to overthrow or influence the
U.S. Government.
(iii) Circumstances relevant to the determination of whether there
is a reasonable basis to believe there is an unacceptable risk include:
(A) The behavior happened so long ago, was minor, or happened under
such unusual circumstances that it is unlikely to recur and does not
cast doubt on the individual's current trustworthiness.
(B) The person was not aware of the person's or organization's
dedication to illegal, treasonous, or seditious activities or did not
have the specific intent to further the illegal, treasonous, or
seditious ends of the person or organization.
(C) The individual did not have the specific intent to incite
others to
[[Page 55633]]
advocate, threaten, or use force or violence, or use any other illegal
or unconstitutional means to engage in illegal, treasonous, or
seditious activities.
(D) The individual's involvement in the activities was for an
official purpose.
Dated: September 11, 2014.
Aaron Siegel,
Alternate OSD Federal Register Liaison Officer, Department of Defense.
[FR Doc. 2014-22034 Filed 9-16-14; 8:45 am]
BILLING CODE 5001-06-P
