 Okay, thank you. We're going to call this meeting to order at 10.05. Okay, let's go. My idea this morning is to try to move as quickly as we can. So let's see if I can do that or not. Anyway, welcome. This is a 60-second meeting of the NISPAC. This is a public meeting. It is also audio-recorded. We're also using WebEx as we did last time. We have a large number of presenters this morning. So again, we're going to try to move this along. At the end of each presentation, we'll have a small question-and-answer session. Microphones for the NISPAC members on the first two rows, and then for the rest of you all, they're at the end of each aisle. After the questions are taken internally here, we will turn to the WebEx and ask whether or not there are any questions that way, and then we'll also turn to the telephone. Again, we'll try to get everybody included and not leave anybody out. The only caveat in all that is when you do speak, please identify yourselves. As you know, we are required to produce minutes of this meeting, and it is a lot easier when we're doing that to say, okay, X is from here, Y was that, instead of us trying to figure out who is actually speaking right sometimes or not. We'll have a 10-minute break about halfway through, and so I'll give you more details on where the restrooms are and cafeteria and all that once we... All right, let's get to it. Let's introduce ourselves here at the table. I am Mark A. Bradley, the director of ISOO and the chair of the NISPAC. Greg Canoni, associate director of ISOO and the DFO for this meeting. I'm Jeff Spindiger from the Department of Defense. Nicosha Rice, Department of Energy. Darrell Parsons, U.K. Law Regulatory Commission. Quentin Wilkes, industry and HISPAC folks first. All right, HISPAC members in the first two rows, please, identify yourselves. Got the Department of Homeland Security. Kim Bogers, State Department. Erin Domlinger, Air Force. Chris Forrest, DCFA. Heather Mardega, DCSA. Lidaya Thelodron, NASA. Fred Gortler, DCSA. Crisco Fulton, D.H.A. NISPAC Industries. Kimberly Tiger, National Security Agency. David Wright, DOD-CAHF. Patricia Sirs, DCSA. Terry Carpenter, Esthetic Information Systems Agency. Chuck Warber, DCSA. Dennis Key, from the NISPAC industry. All right, Dennis, that's it. We're just doing the NISPAC members in the interest of time. We can hear for quite a while. All right, are there any NISPAC members on the telephone? NISPAC members on the WebEx. First and foremost, as we start the meeting, I'd like to thank Quentin Wilkes for his service. This is your last one of the issues. Well, he's been a gentleman and a scholar and a passionate advocate for industry. Anyway, we want to thank Katie Timmons. Thank you so much for all this. So, the plaque says, Quentin Wilkes, thank you for your time. Late nights, no kidding, moderation. Cat wrangling, that's true. Travel, dedication, support. As an industry NISPAC spokesperson, I could have done it without you. I'd also like to thank Dennis Key. Dennis, this is your last one, too. I'll never forget you, one of the first people I met in this. And you're Southern Charm. Always in presence. And anyway, you two have done great service to this organization. And so will they miss. So anyway, thank you. Lastly, we understand that the membership of Fred Gortler of DSS, now DCSA, has expired. We understand there are many changes in the agency. We hope to have a new member very soon. Reg, replacement. Anyway, going to be big shoes to fill. He's been another great asset to this body. All right, let's get into the meeting. I'm going to turn to Greg. We're going to address some administrative items and also cover some status from our last NISPAC in the orange. Thank you, Chair. As usual, the meeting presentations, handouts were electronically sent to all the members and anyone who RSVP'd on the invitation. And so for those of you attending that didn't receive those, you can look for that on our website, along with this meeting in about 30 days and the handouts, as well as an official transcript of this. So I'm going to move right into the action items from our last meeting. As you know, not much has happened since our last meeting. Not true. It's actually been a great deal going on. I'm sure all of you would have... So we had nine items from the last meeting and I'm going to read them off. And the first one we're going to do right now, and that is for DOD, I'm going to ask Valerie how to provide an update on the status of NISPOM Change 3, particularly for the C3... Fact Clearance Working Group. We continue to work on the companion guidance that would go out with the NISPOM Change 3 in an industrial security letter. There are some areas that we are working on in discussion with OGNI Drug Investments, related investments that have come up. We will keep you apprised. And as we always do, DOD will request NISPAC informal feedback on any draft industrial security letter about NISPOM Change 3 when we have it read. Thank you. Okay. Thank you, Valerie. Moving on. I'm going to provide them for OGNI to hold a meeting. The date we had was March 28th to discuss industry inclusion in Trusted Workforce 2.0. The meeting did occur. We will hear a little bit more about that in an update by Valerie Curbin from OGNI during her... So I'll pause on that. Next was industry requested to have a meeting to discuss DSS and transition. Same thing. We're going to pause on that. Quinton Wilkes Industry will address that during the industry update. Next was industry to provide ISU instances of delayed NID process by CSA slash CSO. So ISU did receive metric data from industry this morning. ISU will convene in this packet NID working group meeting in the very near future with industry, CSAs and DCSA to address the challenges in the NID process. So we've got that for action. Next, DCSA is the one that concerns the insider threat, ISL, Industrial Security Letter that's working its way through. My understanding is industry is consolidating all of their comments and expects to have them in the DCSA shortly. Okay, next is the CUI was going to host a stakeholders meeting on April 17th as well as an industry down the 21st. These meetings were held. There are slides posted for the stakeholders meeting on the CUI blog, which you can find on the CUI webpage. Next, CUI was to inform when the NIST, SP 800-171-REV2 will be available for public comment. In the summer more information was going to be on the blog. So there is a blog posting on that comment period for the 171-REV2 as well as the 171-B. And actually the comment period closes tomorrow. Has it been extended to what's that date? August 2nd. Okay, so update on that. August 2nd is an extension for the comment period on that. So next DCSA offered to meet with the Department of State about access to DISS. The Stokes from DCSA will provide an update on this. And then we have one more. And that was also the Stokes accepted an action item for the enterprise business support office to hold a stakeholders group meeting. And Stokes, along with Dr. Barber, will provide an update on this item a little later. So are there any questions? Good morning. Pretty packed agenda. So I'll try to keep my remarks very brief. Next file by again echoing the commentary regarding all of the ISLs are out there. And the continued commitment from NIST PAC industry for the candor feedback that comes in, products better. So please keep that going. Quentin and Dennis, their departure, frankly, their mentorship on many of these issues are called active. But that's essential to the process. Whoever's coming in on the backside of it, I hope you follow their example because thank you very much for that. The other, just the two biggest updates that I wanted to focus in on, right? Last time NIST came up, right? I can't not have a meeting or go 15 minutes without saying NIST. And so section 842 is that it was the attention getter last time continues to be and will continue to be. But I think we have a pretty good update and we'll look to delve into this much deeper at the working group. So we're happy to see that those will, you know, reinvigorate here in the coming months. But the takeaway is that for those who aren't familiar, section 842 establishes provisions regarding, you know, select companies under the National Technology Investment Board and TIP. And so it's not all companies that are under Folk ISSA, but it's a pretty good, it's a pretty healthy chunk of them. And so we had a number of waiver packages that were processed by DCSA, a pretty rigorous process that went through all DOD for subscribed owners and announced that the Undersecretary signed those waivers. Again, if you're unfamiliar, the waiver allows us to execute what's provided in the NDAA, effective on October 22nd, allows us to kick them off now. That should make a pretty healthy dent in the timeline concerns that certainly are our chief, but not exclusively part of the industry concerns. So I think that's really good. Our next steps on that, frankly, involve us to reach out to the other prescribed owners to see where they are in this process. Where can we go in and what's the potential of that? We are completely flat footed on that. So questions come in later to my colleagues up here on the dais. We have not had those conversations yet. So we'll own that for what it is. Probably different place than Apple, but we decided to turn our attention to in-house before we started to think about it. And then finally, the other alligator that's nearest our boat right now, and not specifically in this pack item, but Greg brought it up earlier, and that is emerging policy pertaining to control and classified information. So those of you who are in government or have ever been in government know that one of the great joys of working in a headquarters kind of element is the development and the coordination for implementation of policy. It's a thoroughly enjoyable job, said no one ever. But it's necessary, right? Baselining across the expanse of the Department of Defense, which is kind of a big solar system that our colleagues at ISU mind for all of us. But we're a big attention-getter as we start to think about critical technology protection. No policy is going to protect one technology or all of them, but it will level-set how we think about it, and that's a pretty important place. So we've got lots of attention at the highest levels within the Department, and that continues to stay no matter who's sitting in those seats because it's been a bit revolving here recently. And that's been steady pressure inside. I remain optimistic that we will see the instruction by the end of the FY. So we'll have a further update to what that means next at an upcoming NISPAC, and then certainly as we continue to engage ISU in their expanded mission responsibilities. Mike, who's next? Anybody have any questions here in order for him? Jeff. Hi, now, come on. Anybody on the phone have any questions for Jeff? Caroline? Anybody on the WebEx for Jeff? Mike Scott from DHS. I don't have a question for Jeff, but I do want to say for the waiver, the waiver companies for the NISP, we really look forward to talking to you because it would be internal to actually glom on to what you already have and the evaluation. Let us know so we can start talking on what we... Absolutely. Twice? Thank you, Jeff. Next here from Charlie Fallon. Let me just say a few words. You all know Charlie's been the INVID Director for a while. Now he's the Acting Director for the Tensha County Intelligence Security Agency. I've known Charlie for years. I knew him CIA and I was at the Department of Justice. I knew him at the FBI. The man is incredible. He seems to not want to permanently retire, which is a great thing for the United States. But anyway, he's quite a resource. And again, I want to just take a second to recognize all you've done for the country, Charlie. And you really... And a couple other quick thanks. Fred, thank you for representing DCSA. And I guess I know something in my inbox to figure out who you replaced and what it looks like. More specifically, Quentin, where's that? Dennis, thank you for the partnership with industry. I've known you guys for a long time, too, and I'm ability to contribute to this. My real question, and there's probably more for you guys, is how did you get to start things through security this morning? I'm impressed. So the good news is, topic one today is not the inventory. So that's a good thing. But it will be topic two. I do want to give you a quick DCSA update here. I've been saying in a number of forums for a long, long time that we're going to get this executive order signed by the President any day now that we'll be transferring the function. The President did sign it. And one of the codicils in there was within 60 days that it's being signed that the Secretary of Defense and the Director of OPM would sign a written agreement at 60 days. So at 60 days, we met that target. 67 days, I was handed a second hat. So in addition to being still the Director of DCSA and until October 1, at which point, NVIDIA becomes wholly subsumed, merged in with the Department of Defense. I think I want to take a quick moment here to thank Dennis, Dennis. Sorry, Dan Payne, my dear long-term friend. No, seriously, Dan is retiring. He has, in fact, I think we're having a nice day at the Marine Corps Museum tomorrow morning. And I just want to publicly thank him for all of his contributions. I don't want to do all the work he has done for the federal government over the years. He and I go back a very long time, back into the well into the 80s. And I'd like to tell you a lot of stories, but I need to have two things in hand. One is a beer, and the other is being inside a skiff to have some of these conversations. This is not the right venue for this, but again, thanks to Dan. So very quickly, I know we have about 50 minutes to hold all of the DCF. Sorry, you've got a number of folks that are going to come up and give you a brief at some high-level stuff here. My first task is to really take a look at the breadth of everything that is today in DCSA and get more familiar with all those missions, none of which are particularly foreign to me, but whether it's vetting, critical technology, protection, whether it is counterintelligence, and then take a look at this and deal with this in terms of the merger. Obviously, things are going to have to happen on day one. We need to be able to move all of the OPM NBIB humans, and that's roughly 3,000 in change, from OPM to DOD on that cover first. And at the same time, move sufficient funding to cover all of that, and those are all in motion. After that, then what do we do? And there's a lot of work done on this. I'll talk about that more in a minute here. But basic precept is, and I am happening within DCSA now, whether it's vetting technology, protection, whether it is counterintelligence, a lot of things in motion, a lot of momentum right now that has been built up to get things going in the right direction. And the last thing we want to do is disturb that next step after October 1st is going to reflect our commitment not to mess with that momentum. You'll hear more about some of that stuff here, but it is to keep that going and then figure out how we can gently start working things and processes together and further improve what we think is already headed on a very good path. Obviously, nobody in any of these organizations was surprised by the executive order. We've been hearing about this proposal. And I would argue that Intellectual Day 1 for this organization was months and months gotten past that. And the teams have been working together to work on this transition for an awfully long time. And I'm very, very happy with what they're doing. What they're doing, that's a mic drop. With the mic on us. Good timing, by the way. Let me also stop right here. And more importantly, how can we get everything together so the work... I would put stop what Jeff said is that we have absolute top cover and support from both the Secretary of Defense and from the USDI on any of the things we're doing here. So I'm very happy we're going in the right direction here. Before I move on to the next topic here, I just do want to take a second to highlight the fact that a month or so ago, well back in June, at the NCMS seminar, we did give out the Continental Awards this year and I would just... a thousand or so companies that we're working with in this universe 51 of them made the cut to get these awards and I think they deserve a lot of recognition for being really at the top end of what is a well-protected ecosystem that they really have gone well and recognized here. We're going to keep that going. You're going to hear more from some speakers about that, but that program will keep going. Okay, back to your minds. What's the inventory? I've got to get to question two here. So you guys may recall, I think we've heard of this as one of our baseline. The worst day ever was a year ago, April, so that's about 15 months or so. 725,000 in the inventory. Monday it is down to 386,000. We're still heading south. So a quick highlight. The ones that we are most... and I think you are most concerned about are the initial clearances. The total and particularly the National Security Realm, the total Tier 3 secret initial investigations inventory is now about 138,000 of which are industry initial. Tier 5, our total inventory of investigations is 53,000 in work, and of that number, 15,000 are in industry. So if you take that total industry peak, it was 127,000 back in that April 18 time, that number is dropping as well. So I hope you are seeing those results on your end of this thing. The other pieces that, through defense service, old processes and continued processes in DCSA, we're able to put a number of folks to work on intros. Roughly half of that number, or half of the total number of initials are on intros. I can't tell you how many are in industry and how many are government because we don't have that visibility. But I think it's, again, a lot of people able to get to work pretty fast. The timeliness numbers, still have not decreased to where I want them to be. We still got a ways to go on that, but we're seeing some good progress on that, and I think some of the handouts we have are showing where some of our median numbers are showing some very precipitously. So I'm going to just yield the floor here to Trisha and others in just a minute here, but I want to get back to that. You're going to hear from a number of folks in DCSA today talking about the personal vetting mission, talking about critical technology, talking about counterintelligence. We're building an awfully big organization, pulling together an awful lot of people, a lot of contractors. I know some of you in the room are helping us with a lot of this job done here, and I really appreciate that level of investment. We see an awful lot of synergy, an awful lot of energy, and a lot of commonality in putting all of these missions together and in the same, probably, the biggest security organization in the federal government that we get through with all this stuff. And this is a continuous stream of understanding that this works together, I think it's a critical piece here. I am going to stick around during the break and get here early enough and answer all of those. I have a friend in question here. But just sort of leave you with, Val is going to talk about the trusted workforce 2.0 a little bit. We talked about that concept of trusted workforce. I want to leave a thought in your head that it is when you think of this whole organization, the trusted workplace, and at the end of the day, it's trusted work. With that, you're on the stage. Here from Patricia Stokes, Defense Bedding Director. Patricia, please. Good morning, everyone. You've obviously met my new boss, Mr. Charlie Fallon. Thank you for having us here today. I'm going to be brief and really get to the presenters who have the information that you're very interested in. But just a few opening remarks from our DVD portfolio. First and foremost, as Mr. Fallon has stated, we have incredible momentum in successfully integrating our business operation functions with the NVIDIA operations, the employers, the needs, and certainly the DOD CAC. We've been at this for over a year. I can say that we are operating as one team. And it gets better every day with the momentum that Mr. Fallon just continues to grow our Enterprise Business Support Office. Our Enterprise Business Support Office is working very, very closely with our National Background Investigation Terry Carpenter is here, our program executive officer who will share some insight with you on where we are and this capability and delivery. But our EVSO, as we call it, is truly the office that works side-by-side with Mr. Carpenter's system developers developing the requirements, testing these capabilities, interacting with the user community to gauge and get their requirements and test these capabilities. And again, we're not doing this in isolation. We're doing it with full agency participation in every capability that we're developing. They also are preparing all of our agencies and our customers for transition into the new National Background Investigation Services system. This is no small task. They're doing this in conjunction very, very closely with what you all might know with the customer support and engagement group that NBIB, Mr. Mark Peckrell, up in Voyage, so those agency liaisons and our EVSO are completely integrated in all of their activities. I know I had two do-outs and I will discuss them. One is having at the end of this month and one, and then we will address where we're going with industry on our symposium to engage you and share with you and get your requirements for MBIS or any concerns and issues. I'll talk about that secondarily. The EVSO is also developing our rollout and deployment plan. So Mr. Carpenter delivers IT and then we work with the customers to roll it out. Those things do not happen at the same time. We work with Harry to develop the capabilities, but then in rolling them out, it's a phased rollout. You don't just turn a switch in the system at the immediate ideal IT delivery date. So there's a phased rollout. There's a lot of planning. There's a lot of documentation. There's MOAs. There's financial agreements that have to be done. There's interconnectivity. Every user has a little bit of a nuance. So it's not a one-size-fits-all, very, very laborious task, and that's what our EVSO is also doing. The team is also responsible for piloting the potential operational capabilities that Trusted Workforce 2.0 policy-wise will allow for us. That's also very critical. We're very grateful for our policymakers, I think for the first time, policy is going to perceive the ability to even execute, and I believe Valerie will speak to you about that, but we are working very diligently. We are on the tip of that spear and we are the executors of... Our EVSO is also developing training requirements aid. As you roll out capability, you need to have the training that goes with it. We need to understand that training up front and communicate it to our customers up front. Another one of their responsibilities. I feel like I'm doing your briefing, Dr.... Dr. Barber will elaborate on this a little more when he gets to the podium. Then we have our Vetting Risk Operations Center. They continue to expand. They are the Program Management Office for the DOD Continuous Evaluation Program, but they are, I'm glad to report, connecting to the high-side data sources that the DNI provides in continuous evaluation. We as the United States government made a very deliberate decision that we would not duplicate effort that the DNI is affording for good government. It's the right thing to do. We are tapping into the data sources that they have, I'll say, and on the high-side, and we have low-side data sources. Together, they combine into our Continuous Evaluation Program, and they will be critical to Continuous Vetting Program that the trusted workforce 2.0 will offer us in the future. The V-Rock is also very much integrating with all of the operational components in Boyers, Pennsylvania. So the FIRE team, the quality team that sits right across the street from where we are at Fort Need, the Counterintelligence Support Team to background investigations. We are completely engaged and integrated. They've met for the past two days. Those teams specifically, Artica is here to brief you on the on-going in the V-Rock, but those teams are completely integrated because that's true now and in the future. We also have the CAP and the Vetting Risk Operations Center is working very closely with the CAP and our own DITMAC, our Insider Threat Hub for the Uber Hub, as we like to call it, for the Department of Defense. All of this being together and integrated into a single end-to-end enterprise make nothing but good sense because that will take us to Trusted Workforce 2.0, where we're going from a continuous-setting perspective. Heather will share with you some of the statistics. Heather Martigas is one of our senior specialists at the V-Rock and so she's here and she'll brief you. Then we have the CAP. The CAP has a myriad of business process improvements activities going on. Mr. David Wright is here and he will share a lot of those with you. I know there's a great concern that the work stations over to the CAP, yes, it does. We are addressing that. We are dealing with it on a day-to-day basis. I can't speak highly enough about the senior leadership team in the CAP and the progress that they are making in their business process improvement. Their production has increased significantly over the course of the past year and some of those and David will share those with you. Lastly, as I mentioned, we work hand in glove with Mr. Terry Carpenter, our program executive officer who is building our new IT system for us. Terry will transition to DCSA as a member of DCSA next fiscal year but he's operationally reporting to our director now. There's a very tight group. We are moving our enterprise business support office and his developers into the same location so they can work together but they actually co-locate together. That's on the agenda too. I'll end with stressing from my perspective the importance and the opportunity that we have to transform these processes. I've never seen anything like it in my several years in the department of government but Trusted Workforce 2.0 is a reality. It is the framework that we will use to truly change the vetting enterprise from credentialing, security and suitability actually aligning those initiatives. We're excited and in DCSA and DVD, the transmitting directorate with all the components I just shared with you we are ready and willing and able to face that change and we want to deliver that to you. I think I have two outstanding questions for the record. One, I want to talk about the access to this that the department of state brought up last session. I know that our team has reached out and talked to Kim, Kim sitting in the front row right here but bigger than that is we've actually just engaged yesterday with their new director of security. We are committed and we're going to be meeting with the director of security for the department of state in the near future and talk about our more inclusive shared service model which access to this or access to the appropriate components within the lead that are allowed to us will be addressed in that session. So we're going to be having that session. In fact, I was engaged on email with the new director of security of the department of state last night. So we will continue to work with them and we look forward to them not just addressing this issue but really what are they going to embrace from a shared service model in the future. That's the first thing. The second thing is we talked about having a stakeholders form with this group in industry. So first and foremost, we are having a stakeholders form 29th and 30th of this month. It is July. Our EBSO along with our customer engagement team at Boyers have been working this. It is for federal agencies. Why? Because we have financial agreements we need to set up with these federal agencies before 1 October to do business with DODs. That was a priority. We're going to learn from that form. It's a two-day form. We had to have it two days because we had so many agencies we needed to address and so many questions and issues that we need to address to make sure that they are in the DOD system on 1 October when we shift to officially. So that was priority one. We will learn from that. We also intend on engaging with the NISCAC and other industry firms to understand what your concerns and your issues are so that we can, when we shape the symposium for them, for you guys, we will do it with your input so when we come to the table and have the symposium, we're addressing your issues. So I'm looking at Clinton's first quarter of 20 or second quarter of 20 to have that. It'll depend on when we are comfortable, you and us, that we have the right issues addressed and we have the form to do it. Is on the agenda for the new fiscal year. That's all I have and I will be followed and I'll ask, I'll see if there's any questions, but I will be followed. So Ms. Heather Martiga will be here and she's going to brief the V-Rocks that I mentioned. Mr. Wright will brief the CAF and then Dr. Barber will follow up with the EBSO and any other questions you might have on that and then certainly not least, last and least, but Mr. Carpenter will give you the all-important NBIS updates. I have one question. Okay, so with regard to this, I talked to your person. You've been about yourself personally. Kim Bogger, State Department. I talked to your staff number Tuesday evening. She was on vacation, but we talked on her cell phone. So I have one question because maybe to clarify what she in essence told me. What I got out of the conversation was, okay, we already know we've never got J-Pass access. That's an old story for some, but still an issue for me. From the time I asked about when non-DoD agencies would get access to this, no one really has addressed it. No one has really said until the other night when she pretty much told me that we're not going to get it nor are any other non-DoD agencies because it wasn't formatted. And again, I'm not a technical person. Whatever agreement you all put in place, no one ever thought when they designed it that all the stuff that had to go into place for non-DoD agencies to get it, whether it's lawyers or agreements, whatever it is. So I just want to clarify that we're really not going to get this access. I'm not going to go on record saying you're not going to get this access. You're going to get the need out of this to do your job. And what we will do is work with, because I really look forward, Kim, to be honest with you, working with your agency writ large to talk about a much broader shared service model, which would include DISS and access to the elements of DISS that you need to execute your responsibility in accordance with laws, swarms, and things of that nature. So I think when you spoke with perhaps the staff member, I think the results of that conversation sounded a little bit more black and white. I'm a little more optimistic that we have much, much more to discuss and talk about in a shared service model moving forward. And that'll be acceptable, right? You guys are meeting with all of them as well. We are, and that's why it's such a large task for our EBSL. So we have an investigative part as well that has issues that will be a part of those. Correct. Any other questions for Patricia here in the auditorium? Would Ia Taylor Dunn ask this? I just had a question because we hadn't been contacted, so I'm not sure if there's a way to get in touch with you all to find out how to get involved with the process. Absolutely. And Dr. Chuck Barber, who will be on the podium, I would suggest you guys make sure you meet during the break and exchange contact information because you should have been contacted. I don't know. I mean, sometimes the information goes into the very senior levels of the organization and doesn't get pushed down. So I don't know, but we will address that. Anyone else for Patricia in the auditorium? Caroline, any questions on the web? Any questions for Patricia on the phone? I'm here from Heather Mardau. Good morning. My name is Heather Mardau. I'm the Deputy Director of the Vetting Rift Operations Center with CCSA. I would like to provide you with an update of where we're at this fiscal year. You'll see that we have processed over 100,000 investigation submissions. Our current investigation inventory is at 17,000. We actually have deferred over 40,000 industry to area degree investigations into continuous evaluation. We have issued over 73,000 interim determinations, and we are averaging 15 to 20 days for our interim determinations. Moving over to continuous evaluation and the update for that, as Ms. Stokes mentioned, we are aggressively working to expand both the population into continuous evaluation and the data sources. So currently as of today, we have 1,351,551 individuals enrolled in the CE low-side data sources. These data sources primarily cover financial, criminal, public records, and eligibility. As of that population, you will see that industry comprises 27% of the CE population today. In regards to our continuous evaluation alerts, as of today, we are at 83,503 alerts. Approximately 57% of those alerts are valid. Of those valid alerts, we are at a 52% rate of the information not previously being known, and so therefore, VROC has to take appropriate action on those. The CE model is continuing to allow us to be able to identify those potential indicators early on and to be able to provide an individual with the opportunity to address and mitigate those triggers and with the goal of being able to mitigate insider threat. I want to make sure that I highlight that we have provided and updated frequently asked questions on the periodic investigation deferment activity on the DCSA website. We have updated those questions to ensure that they are also covering some issues such as when do I need to submit an equip for an overdue periodic re-investigation what to do if an employee is transferring to another company? What do I need to do if I am working with non-DOD agencies and to validate CE deferment for them? And how do I know if my employee is zippered? And of course, any time you have any of those questions, you can reach out to us via our mailbox and we will be able to provide that feedback and that support to you. In regards to disk provisioning status, I want to make sure that everybody is aware that on August 1st, we will be only accepting the SF312 non-disclosure agreement and the customer service request. Those are the, you know, those words that were formerly the RRUs and JPAAS only through disk. So it's really imperative that everyone obtain their disk accounts prior to August 1st. As of right now, we have 33% of this company's provisions in active in disk. We do have a staff that is working this daily and it's up to date on provisioning. So again, I encourage everyone to get in. We do have step-by-step provisioning instructions. Those are located on the front page of the DCSA website. We are also going to be working with the industrial security representatives for companies that are not compliant to help with that process. And again, this is for the ultimate goal of being able to get us all into one system, which would be this, and to be able to sunset JPAAS so we aren't working out a two-different system. That update. Any questions? This is Keith, industry. Only CE alerts received. You set a number with regards to the number that are valid. Correct. What was that? The number that are valid is 57% of the 83,000. 57%? Correct. Is there a target that you're trying to get to in terms of about 80%, 90%? Of course. As we are always looking to increase that number, a lot of it has to do with functionality and business rules and automation. So we are always looking to increase that number and that's what we're working through with our low-side data sources as we continue to progress into continuous sites. What would you say is the calls for 43% not being valid indicators? So that is a difference in turning on different data sources and having to work through the nuances of those data sources to ensure that the business rules have the right elements and the right data points and at the level that we need. So many times it takes a few times, just like turning on any program, you go through a couple of different beta phases before you are able to hit the right. So we are constantly adding the data sources to be able to start going into the continuous and continuous budding clients. I think we are going to be hopefully seeing that number increase in validity and it's going to be fluctuating until we have all the data sources online. Could I ask the chair to sort of consider that as an action item on the follow-up on the next slide? Good morning. Good morning. Katherine Kayway from Industry. Industry is seeing a lot of times where people are listed in J-PASS, but not in DIST. And come one August, submit the SF-312 if the person is not in DIST and we are being told not to put them into DIST. So we have security professionals that are faxing the SF-312s in but being told by the receiving in that they are not accepting them via fax and they need to submit them via the DIST, which they can't do because the person doesn't exist. Do you have any guidance on how that is actually supposed to be implemented, how we are supposed to submit the SF-312 if the person is not listed in the DIST account? So I would say take a look at the tips and tricks in regards to making sure that your hierarchy and everything is resolved. If that is in fact accurate, well, one, we're not going to actually enforce this until August 1st. So I would encourage you to respond back to the Ask V Rock mailbox. That individual works directly for me and questions that we can get you the support and we can figure out what the underlying root issue is and help you resolve it. Thank you. This is Lyndon Moss Industry. So along the same lines of what Kathy was saying, we're seeing a lot of problems with data in the new system. There's a lot of data missing. There's a lot of folks that's not in there that should be in there from our CAGE code that's in JPAS. And then there's a lot of people who are in there who are no longer in our CAGE code. I'm really concerned about the sunset because JPAS is accurate, this is not. What are you guys doing for our quality control and how can we address this because we can no longer do RRUs. So we're having real challenges getting the data accurate in DISS. Right. So we are constantly working back and forth with the DMDC as well as the CAF in regards to trying to ensure that those data systems match up and align to the best of our ability. This has been an ongoing struggle with having two different data systems, which is why we're moving to the DISS. And that's why we strategically only wanted to do the 312 and the RU first before doing this as a gradual so that we can work out those kinks as they occur. And I do have staff that is ramped up ready for this August for date to be able to address those issues. So I would say if you already know of certain issues in regards to people being out, please either talk to me offline or let's send an e-mail to our boss so we can try to work with the right entity so that we can get that resolved before August 1st and then even after August 1st, we're standing by ready to assist. We know it's not going to be clean and it's not going to be perfect, but we are prepared to help and ensure that we can make this as... Questions for Heather in the auditorium. Heather, Greg Pinone, I sue. Could you repeat the number percent that are provisioned as of this time? Right, 33% are provisioned into this as of right now. And that's on the basis that it sounds like 33% and then August 1st, we're going to turn something off and go the other way. So we have been working very closely with industry partners and we are prepared for this and we will work collaboratively as a team to move forward into this direction. We have been working diligently to moving everybody towards being provisioned into this and we are going to... Do you expect that to happen by August 1st to have everyone provisioned? Let me put it this way. I have realigned staff to help support when this occurs. So we have been advertising this for a while. This is not new news. And again, this is being very strategic in regards to just doing the NDAs and the RRUs as the first step. Step one in multiple steps until we get to our final IT solution. Thank you very much. Thank you. Careful, national background is... Nope, he's not. He's breaking out. Mariana Marcano, DOD consolidated adjudications facility. I'm not as prettiest Mary, I'm sorry. I am David Wright from the DOD CAP and now forming underneath the DCSA, the population for industry and how we are addressing those adjudications. So as you can see here, we've divided the population into three portfolios. The current work in progress, the 36,000 that you see in the slide, are divided into the readiness and the risk management portfolios. Those will be active. For the readiness portfolio, we've designed these to get people to work. As you can see here, the categories of the T3s, the T1s, the T5s. That slide reflects 22 days. As of yesterday, the July numbers were around 12, so right now we're seeing some good progress in that. This population also includes the SCIs, the KMPs, the rest classroom requests, and of course the RRUs. Again, this is all engineered to get as many people to work as quickly as possible. The second portfolio, the risk management portfolio, is engineered to address the threat or the risk to the Department of Defense and its population. As you can see here, it addresses those periodic re-investigations that have been deemed medium or high risk by NBIB, as well as other indicators or potential threats to national security or again to the DOD population. So again, managing that risk to the department. The third portfolio you see on the bottom there, the deferred, again, as eligibility no longer expire, we have created a deferred population. This is the folks whose adjudication has been deferred as they've been deemed by no risk by NBIB. This allows us to focus our energies on those top two portfolios you see there in readiness and the risk. Many of our strategic priorities there are aligned with NBIBs as far as addressing our aging inventory, reducing that as well as reducing the size and the timeliness of our inventory. At the same time, we continue to improve the quality and the consistency of our adjudications and the business processes surrounding them, mainly by those efficiency initiatives that you see there on the right side. We have several Lean Six Sigma programs going on to help us with our efficiencies. As we move underneath DCSA, we are reorganizing to create specialized teams and task-organized to help us find greater efficiencies and to improve our training opportunities and improve our consistency in our adjudications. Lastly, we're addressing the process with reciprocity to make sure that that is happening as quickly and as efficiently as possible. Any questions for David in the auditorium? Great to know, guys. So just if you could, on the deferred population, which is pretty sizable, to break this down, do we know that there are low risk or no risk prior to doing the investigation, or does this only inform us after the investigation is completed? And is this part of a temporary measure because we're catching up and enrolling people who see? Yes, sir. Thank you for your question. So yes, these are the low to no risk that have been deemed by MBIB after the investigation has been completed. It's kind of a second phase, if you would, for trust and workforce 2.0. So that suggests there's some minimal level of review for lack of using a better term. There's something that tells us there are low or no risk. Yes, there is. So yes, I'm not going to get into the weeds, but MBIB will go through suitability, determination, and they code the cases. So these are the ones that have been determined as a no or low risk. According to the issues in it. Yes, ma'am. As Ms. Stokes stated, as we look at these cases and we do review them from time to time to ensure that we're not missing anything. Again, due to the issues, if any at all were identified, none of these would into due process. None of them meant to be processed or revocation or being revoked. Just looking at the process, and maybe it's premature, but ideally if we can avoid doing the investigation and just enroll them in CE, it would save time, right? Yes. It may be a little bit more risk. Yes, and that is certainly the impact. Going forward with trust and workforce 2.0, this is the population that was kind of, we had already started the investigation. The investigation had already been completed. That's good. Thank you. There is a question here from Mark Ryan. Are the efficiency initiatives an order of priority? Why would reciprocity be lost? No, they're not in the order of priority. Thank you, Dave. Thank you. Appreciate it. I would hear from Dr. Charles Barber, Enterprise Business Support Office. All right, good morning, everybody. I think if I had to truly talk about everything that we're doing in the EBSO, I would need about three hours. I don't have three hours this morning. So I will talk very briefly about some of the key events and milestones that we have coming up to you on the horizon. So in May, we started our usability testing with some of our early offerings, EAP and INBIS agency. We also ensured that we had CE enrollment data that was visible for INBIS. In July, we just recently had our kickoff meeting with several of our industry partners. It was a kickoff for our TIP pilot. And TIP, for those of you who don't know, is the way we want to maximize the use of that upfront information to satisfy investigative and security requirements. The industry was very well represented. I don't want to exhaust the list of partners who participated, but the industry was very, very well represented. And hopefully what we learned from that pilot would be able to replicate on the government and I would like government partners also. Moving to August, we will continue this upgrade and some of those upgrades range from how we prioritize customer service requests to how we address latency issues that have been reported by many of you through Quintin and through multiple calls to me and emails from Quintin. But through our partnership with Quintin, the NISPAC, and our work that we're doing with Mr. Carpenter, we are definitely addressing those issues as we look to derive requirements and move functionality over to some of our new offerings. Moving to October, this is where we will finalize the concept of our TIP pilot. And we'll also start the initiation of moving our industry partners over to our new initiation services with E-Academic Agency, and that will be a phase implementation. And then moving to the start of the year, this is where we'll continue transformation and transition activities to include operationalizing and finalizing our TIP concept and sunsetting JPAG since we'll be adopting this in some of our industry services. And keeping with stakeholder inclusiveness any effort that we support within the EBSO, we always welcome the opportunity to allow our industry and our government partners to participate. So in terms of usability testing and how we want to start to migrate our part into our initiation services, I encourage you to reach out to the POC that just he lifts on the slide. Her name is Ms. Alicia Peoples and she will definitely help do what she can to get you set up to participate in our usability testing in some of our early activities that we have born in the EBSO. Any questions? Hi, this is Valerie Howell, DOD. I just want to clarify on your slide. Could we go back to it for just a moment? One more. So I just want to say January 2020 where it says sunset JPAG and fully adopt the ISS at the meeting the other day where this was brief. I just wanted to begin the process. Correct. To sunset. That's correct. I want to be sure that out of this meeting there's not public notice that JPAG sunsets January 2020. No. The process continues to get to that. Valerie, correct. Okay. Margaret State Department, where does CVS fit into all of this? Because that's the one thing we have access to. So where is this in the whole process? So we do have a more robust delivery, delivery and capability delivery model. Again, I cannot cover everything that we're working and supporting currently within the EBSO. But I'm trying to recall how we have that tag on our delivery map. I want to say it's fourth quarter by 20. But I will get back to you with a definition. It's going to be around. Correct. It's not leaving. So we have CVS on the roadmap to roll into NBIS, which is what I believe Dr. Barber is alluding to now. We also have some interim steps to get the appropriate information into CVS that all of you want prior to that. So we have a manual process first. We will go to an automated process to populate CVS and also populate scattered castles. And then we will then ultimately roll that capability along the bigger, broader roadmap of deployment and NBIS activity. Questions for Dr. Barber? We're going to hear from Terry Carpenter from National Background Investigations. Thank you. Does anybody know who Terry Carpenter is? I was doing a word count earlier, and that seems to be the most common thing said all day long. And I'm a little worried about that. I don't think I've seen any more. But now I am Terry Carpenter. I'm from DCA. I've been doing the PEO for the National Background Investigation Service at the Program Executive Office. And I am transitioning with the program to DCSA in the end of FY20. That's more of a paperwork drill as you heard about all the work with the transfer and the merger. Same thing is happening with our program as we move over. We're moving to people, but right now we're operating as one organization. So I don't know if you've heard today, but you've heard the term change quite a lot. And I'm telling you, we're in the middle of some major change and there's a lot more major change to come. And I approve all the insight from our industry partners on how that change impacts you and how we can make it better. If you've seen this picture before, it's a common picture we use to kind of describe the scope of what's in NBIB. The big thing to take away is the list is getting longer, right? Change is driving new requirements. We've heard continuous evaluation involving the continuous vetting. We've heard about the low side repository. How do we get the information in the hands of everybody who needs it? Those things are all being incorporated as we go through this evolution of building this new service with an underlying IT system to help deliver it. And I can't say enough about the partnership that we've had with our DOD entities, with my business partner on the DVD side that owns this business process transformation effort, and with our industry and other federal agencies who are coming to the table to give us that insight as we go along. So if you're familiar with the old, I've heard a lot of terms of system names. And as an IT person, I think about how hard that is from a user perspective, whether you're an industry in DOD or another federal agency. It's one of the pillars of what we're trying to do here. The first pillar is we're going to make something truly secure in a different way from the inside of the application out, not just protecting things at the boundary and at the perimeter. So we're building security inside the actual application architecture. And this architecture is going to be the foundation for enterprise architecture for us going forward for a lot of what we need to do in the future at DOD. The second pillar is business transformation. You've heard before how important transforming the process is. You're hearing about those changes right now. I hear some of the pain of that change, and that's normal. So we're making sure that that architecture can support the rapid pace of change and keep up. We're really excited about the opportunity to adjust and really support Trusted Workforce 2.0 and really try to achieve those new trusted workforce investigative tiers being delivered as close to a new policy being signed as possible. Sometimes that's hard in IT. You hear the word years following a change in policy. We're looking to do it. We think we can with it. And the third pillar is user experience. Really we're trying to focus on user experience. Our users, whether in a federal agency to be your industry partner group, are dealing with modern capabilities every single day in and out of work. So we're trying to bring those same best practices, those same capabilities to make that user experience much better inside this application. Having a user sitting in a chair and swiveling to five or six different windows on their screen and trying to figure out which one to open up while they were a DOD employee and then going out and joining industry and working for you all and then going and having to go to different screenings and try to figure out what that's like. So as part of this transformation not only are we transforming process and building a more secure foundation in the application but we're really going to look at that user experience. And that's really what you're seeing on the right-hand side is that modern architecture building security into the application architecture, building the foundations and good hygiene required for data analytics. If you've ever tried to do data analytics, it's easy if you have good data, you trust that data, you understand that data, and you get access to that data. And I'm telling you, that's not easy to do to get all those things to come together. So we're building all those foundations into the enterprise architecture for this and for the future of DCSA so that we'll have all that good hygiene that you would expect from a modern IT system. Lastly, I just want to put a few things in here to show. We've been busy. We've been rolling out regular releases. Those releases today haven't been as focused on the user experience of capability getting in the hands of users but a lot of stuff in the back behind the scenes. Building that foundation I talked about, you know, we'll manage that data, control it, secure it, know what it is, protect it, put proper policies around it for that future analytics. Building those initial capabilities. Changing the experience of the subject that they sit in front of that long form called the SF-80 fit. Really focusing on the CE process. We found tremendous business value and as we talked about earlier, we've used investigative cases that can be pushed into CE now and what we're doing with the future with CV. Really, again, getting that data broker to data foundations done so that we can really move into those advanced analytics capabilities. And then right around the corner with the rest of the investigative peers, again, following that trusted workforce 2.0 definition as it gets signed and getting into the additional capabilities to make that user experience for you and industry much better, much faster, much easier. So there's a lot of things that are being discussed that haven't been put into official plans. I don't have an official plan for anything like that yet today but I can't say if that's not in the discussion in the back. Greg Pinoni, ISU. I don't want to mischaracterize this but it sounds a little bit like we're flying the aircraft and updating it concomitantly at the same time. Are we confident that from a security assurance, cyber resilience perspective that we're not going to run into what happened before the OPM data breach or something similar to that? We're confident. I will say we have not done this in the shadows of a single room with a single group. There's a lot of tremendous depth of skills in the areas that are concerning that we've had on the team day-to-day as part of the build and design process and also as part of the oversight process reviewing those decisions of how we're designing how we're building. We have a pretty structured governance around the technology side with the right expected players within the department who have that expertise. Thank you, chair. Appreciate it. Thank you. Okay, now we'll hear from Chris Forrest. Can we give us an update on what's going on down at DCS? Good morning, everybody. My name's Chris Forrest. I'm deputy assistant director for the new policy office under ISIA. As you can see, I am not Keith Menard. Today is his 55th birthday, and I told him that I would cover for him for a birthday present, and I told him when my birthday comes, I expect him to paint my house multiple times. Let's just go ahead and start out. First, I want to echo thanks to and Dennis as well for their participation for continuing that. Quintin, no matter where I go, seems like I always see. So that's not it. I think we'll continue that relationship on going. Thank you both for your participation. Really appreciate it. Also, I would like to welcome one of the newer members to the National Industrial Security Program, the Department of Veterans Affairs. It is now 33rd agency to sign a agreement for industrial security services. So I'm not sure if they're in the audience today, but I wanted to welcome them to the program. Jump right in here with, we're going to go right to the National Industrial Security System, good old NIST. Some of the things that are going on right now, I know there has been some talk, some latency issue access, things going on. We're working diligently to correct those issues as they come about. One of the things that has happened is Call Center, as of May 1st, DCSA's Call Center, we've updated that for additional function and technical resources. So we're hoping that's going to help get more answers out to not just industry but government as well. We're also, right now we have about 80% of CAGE codes registered within NIST. Get that, continue to move forward with getting that to 100%. So we're working on that as well. One of the do-outs that I believe Mr. Pinoni discussed was industry and government, they need to provide requirements and recommendations for the system. We have a meeting scheduled for August for industry and government to come and we'll sit down. There'll be more information coming, but we'll have a NIST group to sit down and walk through some of the issues and some of the positives that are also going through it. I'm going to make it all and continue to move forward with that. Next system is NCCS 254, the NIST contract classification system. We have about 60% of the information that's coming into that system right now is, and we're still working with our DoD components to increase their NCCS use. Our DoD components continue to update policies and processes to reflect NCCS use within their organization. All the no-depths, and again I want to thank Sharon Dahlinger for Air Force has taken the lead on that and they've really been a good partner working with us to work through some of the issues associated with NCCS. Thank you Sharon, we really appreciate that. We're also from an NCCS standpoint. We continue to look at, we have three engineering change proposals that we have out right now and one of those is trying to look at, again, how about the non-DoD agencies? How are they going to play into this? How is that going to work? So we're working through that. I want to make sure that our non-DoD partners realize that we haven't forgotten about you. We know you're out there, so we want to make sure that you're still. Quick CDFC update, there's a virtual security conference July 24th. I have the big bull that is, that's a government registration, government attendance for this year only. You can go on our website, if you're interested in a government member, sign up for that. Next year there will be an industry government, we'll have access. Both government and industry will be able to participate in that. That's coming next year. So don't take offense to industry, we didn't forget about you again. There's also several DIT webinars that are currently under that are posted. I'm not going to go through them, but as you have questions and things arise with DIT, look at those webinars and also do not be afraid to contact your local field offices and also our headquarters element to continue to get a better understanding of where we're going in that. Any questions so far? I'm kind of rambling here. Valerie, please. Hi Valerie, how do you do? Just to give an update about MCTS usage and I'll send a notice to the NISPAC members, but as of July 12th, the federal register now includes a notice out for public comment, amend the security requirements and the federal acquisition regulation, apply our use of the DCSA managed and CCS automated 254. It does include a requirement for DOD components and those non-DOD agencies with DOD does include a provision for any of those non-DOD agency legacy systems to continue. Federal notice 2019-14379. Thank you Valerie. Mr. Spineger hit this topic during his comments concerning the 842 NISP and it also, Mr. Pinone also addressed it. This is really a big deal, especially for someone like me that's been allowed through changes for one agency. So I watched this NID process kind of go through the whole iteration. I won't tell you how many years that is because I don't want to go away my age, but it is a big deal and it's worth noting that there was a lot of effort between industry, government and inside of government to get this process and get these waivers approved and we're moving out on them. I believe this is also going to help us with efficiencies for other NIDS that's going to address Mr. Pinone, the backlog that some of the numbers totally think that's going to help out approximately 19 facilities that are covered under that waiver. And we'll continue to move forward with that. But again, that's really going to help that process out for a minute. That's a good news story for everybody. I wanted to give a quick update on Emass. This is part of the NISA working group. The Emass is alive and well. It's effective May 6 of this year. IS authorizations and reauthorizations needed to be submitted to Emass. I want to remind everybody that no later than 30 September of this year industry partners must transfer their authorization letters in all supporting artifacts for all existing authorizations from LBMS to EMS. So refer to your NIS EMS job aid to help you work through that. Again, if you have some problems with that, please reach out to your local field offices, your regions, and even give it. And also, I don't... One more, this was a big bold on my talking points was please get ready for Windows 7 upgrade. I don't have to tell you about all that. That's coming to make sure that you are ready for Windows 7 to Windows 10. That'll be something that we'll be looking at. That's not effective till 14 January of 2020, but might as well start now. Any questions so far? Okay, last bullet that I have is I wanted to just briefly discuss Advisory Committee. Our industrial... Advisory Committee on Industrial Security and Industrial Based Policy. Up to this point, we've been fairly vague about the process, where we're going, what we're doing. We still are in the process of vetting, not just government members, but also industry members. One of the concerns I know from this group was would there be mispacked representation on that committee? And I can tell you that I'm pretty confident that that representation will be there and it'll be at a fairly high level. So just if you can bear with me, I think it'll all come together and we'll be able to share more information after the final vetting process is completed. Any questions? Kind of ran through that a little quick. For Chris, from the auditorium. Thanks, sir. Thank you. Thank you. All right. This presentation, Mr. Wilkes, your swan song please. I'm sorry. First, I want to thank you for allowing me to have the opportunity to represent industry. I had a really learning experience over the last four years. I'll put it that way. I also want to thank Dennis for his participation in leadership. We did it without him. We have many calls about challenges and issues and how to put it in the right verb in a way that everybody will accept it. So without further ado, what we want to talk a little bit about is in this pack in the MOU membership, we want to get into some policy changes and what we think some of the impacts are going to be. We're going to talk a little bit about new business, some continued business. We're going to address some of maybe some specific challenges we're having with the systems, and then we'll finish it up with all this. The first thing that, of course, we talked about is myself and Dennis Keith are coming off in September, and we'll be having elections in upcoming weeks to select two new members that will follow us one October. So that'll be coming. I'll look for the e-mails on, you know, the process of being able to submit someone. When it comes to the MOUs, we do have a couple of new MOUs. We have Joseph Krauss, who's the new assistant person. We have Kathy Koeh, who's the new president for NCMS, and Charlie Sall for the PSC. So I want to thank you guys. When it comes to the policy changes, one of the things that we're taking a really close look at is deferring of investigations that are pending in the adjudication of the CAF. We've heard a lot about, you know, how this is going to help clear up space so that they can adjudicate the issue cases. But we still want to take a look at this because if those are no-risk cases, you know, maybe it's something that we can put in place so that members in the field actually know that the case is being deferred. At the moment, there's no way that, on the industry side of the house, from looking in J-PAS, we're looking at this, that we know that the case is deferred, which is a pending adjudication of the CAF. So hopefully, moving forward, we'll have, and hopefully, some type of change will come in place. When it comes to that, in the last meeting, we talked about accountability for top-secret material, and we asked for more guidance, and a good thing is there's draft ISO out right now on the accountability for top-secret materials in electronic form. We're providing comments back now. They're not done, but we're working on getting the comments collected and back to the government, I'm sorry. Next slide. We talked a lot about having working groups and different things in place to work with the government in previous meetings. We've come to a lot of meetings and said, hey, these are things that we're working, and we need answers. We want answers, that kind of thing. We asked to put working groups in place. Mark really pushed putting working groups in place. We put the work, and now we're really starting to make progress. We've got a couple of ISOs that have been out for comment. We've provided comment. We're waiting on feedback based on what we presented. I know one of the ISOs that came out that we had a lot of comments on was the investment reporting, and Valerie already said that's something that they're working on. I can't tell you that we did address the CBQ. And a whole lot of other things, and I'm sure it's going to take a process that it has to go through before they can come back and say this is what we are. So we're hoping we're going to see those type of things soon. We've made a huge step forward when it comes to the NID process. I mean, we've, every meeting, since I've been on NID for four years, we've talked about NIDs, and to be able to, or 19 companies. Now I have one, it's LODEC, BAE. It's actually because BAE was the first, and we didn't find out about the 19 until Monday. So, but it is more companies than just BAE. But that's a huge step forward. Hopefully, moving forward, we'll be able to put a working group together and talk about the SEI piece. And that'll be critical. That'll be the next step that's going to be critical to closing the gap on the NID process and maybe coming up with solutions that we can process better and faster. When it comes to CUI, we're just waiting to see how the cybersecurity maturity model is going to play into CUI moving forward. And this pack gathered information from industry partners. We submitted the information on current methods of assessment and provided it to the ISU in June. And we're just waiting in comments to see where we're going to go from there. But we are engaged. Again, the working groups are in place. We're trying to work with the government and provide what we think are some concerns and challenges, concerns and challenges moving forward so that we can hope for a better process and so that we don't have so many problems moving forward. Next slide. When it comes to DIT, we talk about it and we talk about it when we talk about it. And it's here. It's not something that's coming. It's here. So one of the things that industry has concerns is when it comes to how long it takes for, how long it takes for the Taylor Security plans to be put in place. Out of 100 companies that have been through the Comprehensive Security Review, almost 50 have TSP's in place. So we need to take a look at what is the holdup, what's causing the stoppage of moving forward with these. It's going to be a really difficult sell if moving forward, everybody's going to be required to TSP if we need to refine the process for the TSP. We did have a working group in March to address some of our concerns and we talked about a lot of concerns and so we'll have to see in the next working group how, based on what we brought up and what our concerns were, what is the future changes moving forward. Right now we don't know. All we can say is we addressed a lot of concerns and we were waiting for them to come back and say, hey, this is where we are in the process. Next slide. When it comes to trusted workforce, we requested a meeting with DNI, which we had in March. It was a really good meeting. They talked to us about the way forward. We also talked to them about what can we do to help them as we move forward and what can industry do to make the processes better to help them come up with processes that are going to be effective and that are going to be something that we talked a lot about, where they want to go in the future and actually to the point of maybe having tabletop exercises based on some of the ideas that they come up with to see what we think and what the impact may be on industry moving forward. We're really engaged with DNI and the trusted workforce piece. We're still trying to make sure that we have some representation in all of the meetings, that somebody from industry here can address the concerns and that's something that they're working with us on to hopefully be able to have something like that in place moving forward. When it comes to the systems, I mean, you guys have heard it. We're having some latency problems with a lot of the systems. When it comes to DSS, I mean to DISS and making the transition from J-PASS, we are having some data problems. We've addressed this in numerous meetings. We're having data problems with information in one system but not in the other system. So we know we have some work ahead but we have addressed those concerns and we're working with the government again and multiple working groups to come up with what we can do to help this process. One of the things that ties industry hands is we don't have the ability to do any system problem and it's something that DCSA is going to have to figure out on their side to make sure that the two systems are talking. And one of the things that we're taking a look at is as we make the transition to DISS as being a system of record, it is going to be extremely difficult to submit and do some of the things the government wants us to do with the person's information. So what we have to do is take a look at the data, work with the government and see if we add the data into DISS. Is that going to be acceptable or is it going to make duplications? These are things that we're going to have to take a look at. Make sure that whatever we do to help ourselves so that we can help the government, that's something moving forward. And we're not going to know that until we start doing those things and working with the government to be able to test it. One of the things that we ask from the government is as they move forward with multiple systems in the future, a lot of the systems that they're going to be testing right now only work with a CAC card. And it's really hard for industry to participate. CAC is required. You're going to have to come up with systems that allow CAC and PKI because PKI is what industry use. So if you're going to want industry involved from the beginning, which is where you want us, so we can help you make something that's going to be acceptable and it's going to work, you're going to have to take a look at your systems and make sure that they work with both CAC and PKI as we move into the future. Next slide. We still have some concerns with small businesses. We did, NCMS did do a white paper to talk about consultants and what consultants can do. We asked DCSA to provide some policies on consultants and they did provide us some guidance back. They answered a lot of the questions that we had in the white paper. They were problems that they could handle entirely, but we're still waiting for some answers specifically when it comes to whether consultants can be account managers and how they can participate more when they're working with their customers in the field. So again, that's one of the things we're waiting for additional. Next slide. It comes to the seeds, but we're still waiting for information on seeds on the C3ISL. We did provide comments, but as Valerie was saying, it's something that they're working on and we'll have to see when we're going to be the final on that in the future. So again, that's something that we're looking forward to. Hopefully we can see it before as it's out from the lease that everyone else. It comes to the seeds and the draft seeds. Again, we're working with the DNI. They're doing all they can to share information with us that they won't get in trouble sharing with industry based on it. It is policy and industry can assist and provide comments on policy, but we can't develop a policy. But we are engaged and we are having meetings to talk about all the seeds that are coming out in the future. And last slide. The last slide just talks about the Defense Policy Advisory Committee, and Chris already touched on that. We're just patiently to see how this is going to turn out. One of the good things, based on what he said is we've been asking and asking and asking to have some type of industry participation and he's saying it's going to happen at the highest level. So we're waiting patiently to see and make sure. Just correction on your slide. That's not my committee. Hello, Jane Dinkle Industry. Quinton, you mentioned a TS Accountability ISL that's been distributed for comment. And I don't know about the rest of the audience, but I have not seen that. Can you tell me when that was released for comment and when are those comments due back by? It was released Thursday last week. And the comments, Valerie, can you help me when the comments are due back? I want to say sometime in August. Sometime in August. But I did send it to all of the NISPAC and the MOUs. But if you need it, I can get it. The deferred population for the adjudications. If you look at the subject within this, they have a recent closed investigation and they are enrolled in CE. That's your indicator that that's good. But if you could post that on your website to tell us. And also, if it is posted on the website, just tell us where. But two, remember that only 33% of industry have this account. So most people are using this system, right? Thank you. And we will post it. We'll put it in the VLAS call center and the CAS frequently asked questions. And to your point, that's true. But again, we have been asking industry to move to this several months. And so we need the support of your committee to ensure and to stress the importance of it. So again, the one off the state is we've got to start moving forward in transformation and into the NISIS record where that will be part of ENVIS. So at some point in time, we have to say you're in or you need to address whatever issues, if there are issues. And we know this is hard. Change is hard. And not everybody is going to be able to have problems encountered. And we want to help with these problems because it was very clear. We have a whole team postured to help with those issues. But we really need the support of this committee to stress to industry how important it is. So your help would be very much appreciated. And the business rules, can I speak one more thing? The business rules that you suggested for the deferrals, that's the plan. What we want to do is build based on the risk portfolios of these cases and all the analysis. We want to now update the business rules to address that so it's an automatic thing. So we won't be in the kind of... And just to kind of help you out when it comes to the communication process and getting the word out to industry. We, you know, our committees have worked really hard with Heather and the BROC to push the word out. We've had NCMS brown bags. We've briefed at NCMS our national committees. We've sent out emails and reminders. And every time you guys post something on your website, we're posting it on our website. Anson and I are two of our members. So we're really doing our part. But I think the challenge is not to system a record. And until more things are put into this, it's going to force people to go over and look for information. I'm not sure if you're going to get the outcome that you're looking for. I know that the date is coming up for one August. And hopefully you guys will get a flood of information put into the, you know, a flood of new members or new people getting access to the system by the end of the month. But again, with limited things that you can see in this, I think that's one of the problems. And also the other problem is how long will it be before this becomes system a record that will also help with the change. But this is something that we've seen in the past when we went from one system to the other. Whenever you have two systems, as long as that old system is system a record, it's just a challenge getting people to move forward. Yeah. First, I do want to recognize and thank Quentin for working with you and all your expertise. And I'll see you continue in that because I'm expecting you will. But I did want to amplify, excuse me, on the process for becoming a member. It's completely transparent. If you go on our website, look at the bylaws for the NISPAC and you will see our process for how folks are nominated to become a NISPAC industry member. So I encourage that. And as just in the interest again of transparency, one of the slides that Quentin referred to was the NISP and CUI. And yes, we know unprecedented changes in the space of unclassified information, particularly on systems. And so I want you to know we are working that. It's early on. But ISOO, DOD and SA have met. And we will be working on something and we'll coordinate that with the CSAs because I know the oversight assessment part of that is a challenge probably for all of us on both sides. It's safe to say. So we're working it. We know it's a big issue. And hopefully I would say within the next 30 days we will have some guidance out there. I want to say one thing about the working groups. And as you know, my biggest fear of the NISPAC was it wasn't doing anything. Fading society mostly. And so these working groups will be beginning to show some promise. I mean, the ones I've attended have been very good. They've spirited, but they're actually getting some things done. In fact, I like to see more working groups. I like to see a working group once more. Again, this is kind of the ground level to be able to get these to work. And surely, your group reminds me of a weight lifter. Every time I turn around, you're putting more weight to help you too. And so I see this as a very collaborative effort. It's something that can actually get things done for a change. Let's hear from Devin Casey on CUI. And then we'll take a 10 minute break. Good morning. I'm Devin Casey. I see CUI. I stand between you and a well-deserved 10 minute break. So I'll keep it short. But try to hit all the main information here. ACCs are still implementing CUI. That's been the card we've been playing for a couple years now. We have seen significant progress in our annual report where agencies have reported on where they were from last year. And we are currently in the process of drafting a letter and request for this year's annual report to get better information from them and see if they manage to meet or keep to the timelines that they sent us last year. The most important thing that we got from the reports last year is that most agencies are in the process policies within the next six to 12 months. And that's the biggest hurdle of the CUI program. It requires that they've done a good analysis of where they are and that they have a plan about where they're going. After that program, that policy development and publication and agencies, the dominoes tend to fall rather quickly. You heard from DOD earlier that they are working on their CUI policy as well. And that a lot will change once that CUI policy comes out. The program starts to implement. The rest of years of bureaucracy kick in and the program really gains a lot of speed. Two big efforts that are going on that the industry is probably interested in is, of course, the public notice and public comment period for the NIST 800171 and 800171B. The NIST 800171 Rev.2 has minor kind of quality of life changes. The content has not changed. The controls are the same. The number of controls are the same. How that information is laid out has changed a little bit. So please do feel free to comment. Again, that comment period is open until August 2nd. Now, the NIST 800171B, which is an attachment being added to the 171 world, includes additional controls to address advanced persistent threats on contracts or programs that are HVAs or high value assets. We know that those types of programs, that type of information is being targeted in a way that's more advanced and or different from what the controls 800171, and how we're going to be revision two, address, these controls are meant to address those more advanced and slightly different threats that these different types of information face. So please provide your comment back. The period was extended to August 2nd. You can find a blog post on our website. There'll be a new blog post letting you know that the comment period was extended. But how and when to comment and who to send those comments to are provided on the NIST website and you can get to them. We did have an industry day here at these offices where a lot of, it was actually kind of geared toward agencies to help meet with industry where industry's providing solutions for the implementation of CUI. It was very successful. A lot of the industry participants who were there said that they, well, was a smaller group than a lot of the big trade fairs. It was the perfect target audience because it was the concerned implementers of the CUI programs at agencies. That was a very successful thing. Now the best way to find out about all this is through our website and blog. So we have archives.gov.org.cui on the top right is the way to join our blog. You'll get notified about any of these events. One of the main events that we notify or that you can get notified by on our blog is our stakeholder update. So you see that we had one that we mentioned that we would have. We've actually had two since then. We just had one yesterday afternoon. It's an online webinar WebEx that you call into. It's for agencies, industry, academia, any stakeholders in the CUI program. Any updates to the program in the first half of the meeting? And then we do question and answers with anyone who questions about the CUI program or what's been there. So that's been going well. We will have another one. We'll announce on our blog. We'll be posting the slides to our previous one on the blog as well. So let me say blog a lot. So please go to the CUI blog for more information about the CUI program. Some other things, some things that we mentioned in that briefing that we've talked about that are happening. So the position description that's out for CUI that agencies can use to hire individuals who are running the program manager position at agencies. We have a destruction notice that's in a spinal stage that's being worked out that will revise the existing multi-step destruction notice to clarify issues and questions about single-step destruction and the requirements for protection of information to final destruction in a multi-step process. We also have a new registry committee, which is a working group developed from our advisory council that helps advise our office on changes, updates, and modifications to the CUI registry and helps streamline that process and get better buy-in from the affected parties, the legal offices, and the information security professionals from multiple agencies so that the CUI executive agent can have a good recommendation from that group prior to bringing it to the council for final approval. I saved the best two for last. I don't have too much information on the FAR. There's no new status for you. It's still going to come out for public comment sometime this fall. That's the CUI FAR case. We have a lot of material that we put online where we've talked about it. It is based off of the D-FAR 7012, so it's kind of a more advanced version of that that will apply to all of the other agencies. It's going through the regular government process. It's not particularly hung up on anything, so it hasn't been intentionally stalled. It's just going through a process. Again, it'll come out for public comment. If you're not someone like me who reads the federal registry every morning, you can go in our CUI blog and get a notification of the notices and the public comment period for that FAR. We are already planning that once the FAR comes out for public comment, we will do an ad hoc stakeholders meeting to talk to anyone who wants to understand what we were going for in the FAR to understand the context of what's in there to help ensure that we get better quality comments back on possible changes to that text. Ad hoc meetings, which we will announce when we announce the public comment period. We encourage and want feedback from industry and we want to make sure that we provide the information to you so you can give us those quality comments that help us change that text in a way that's beneficial to all parties. Another kind of the next part is, and it goes in line with the FAR, oversight to industry is something that the CUI program is very focused on and standardization across the executive branch includes those non-federal entities and it's something that we have a plan for that will really start to take shape after the FAR goes up for public comment and becomes finalized that our office will move out on. So we also have a lot to learn from the people who are already doing DE, DHS or some of the other more mature information security offices and we are working with their current efforts and becoming more involved with their current efforts to ensure that they align well with the standardization goes very well hand in hand with the goals of the NIST, the shared baseline, a standardized approach that allows for better security with less overhead and less needless administration and overhead in both realms from our side as well as from yours. So we are working on all of those. Some things that we're looking to clarify the relationship between as we move forward and as CUI has its FAR come out are things like the relationship between CUI and the HVA program and the C8171B how the CMMC process you might have been hearing about deliver on compromised defense and transition are all things that are doing a lot of work and a lot of really good work and some standardization and overseeing the unclassified world and we're trying to make sure that we're prepared to provide that guidance to the executive branch as well as industry and other stakeholders and how those overlap, why they overlap, where they overlap and make sure that everyone's working together on the same page as CUI continues to roll out. So I'll kind of end on that note. I haven't, I don't think I've said it yet. We have a website. We have a blog on that website that I haven't mentioned at all throughout this briefing. How that you can find out a lot more information. We do proactively engage in a lot of different meetings through NPMS, a lot of the industry groups that are here. If you have more questions about CUI, the website has an email and phone number. Please call or email us or send me an email. Questions for Devin in the auditorium? Thank you. We're going to take a 10-minute break. The restrooms are to your left when you exit. Please be back in 10 minutes so we can wrap this thing up. Okay, we're going to continue on now. I'm going to call Valerie Curbin to the mic. Give us an update. Oh, you can do it. You can sit here too. Thank you for coming back after the meeting. We're interested in Secchia update. So for Secchia, the security executive agent, I'm just going to give you a little bit of a status on where we are and some of the policies. And then I'll talk a little bit about trust and workforce and also cover some of the things that came out of our meeting with industry. As you heard from the last meeting, speed eight, the draft is about temporary eligibility. So this policy will cover some more specifics on your agencies and industry, working together on granting temporary eligibility access to the various levels of collateral clearance and the process for a one-time access and then also the process for approving people for a higher sensitive position. So this policy will cover specifics, as I said, on basically these areas. So the policy has been in play for a little over a year and I've mentioned before to this forum policy. And the point is we did go out to our security executive agent advisory committee comments. We adjudicated those comments. And right now, speed eight has come back from OMB review. So some of your agencies were targeted at that point to also review it again. So it's been out for interagency coordination. We're going to get it back to OMB shortly. And of course, the hopes are kind of high to have this policy signed and implemented before the end of the year. And that's one of those on the forefront. The other one is speed nine, whistleblower protection, retaliatory revocation of national security eligibility. This is also draft pre-deliberative. We did go out to the security executive and advisory committee. And departments and agencies have responded with comments. And please know that ISOO and other CSAs in the room are writing comments on behalf of industry. So we'll get those comments back out to the SAC so they see how it's been adjudicated. And we're also trying to get this through to OMB. So again, those are the two policies right now in process for coordination. So Trusted Workforce, and we've all heard a tidbit about it today. The Trusted Workforce is really an effort that is sponsored by the executive agents, the DNI security executive, essentially executive agents with PAC, Foreign Accountability Council, and our other PAC principal partners, as well as a few of the other departments and agencies. So the executive steering group continues to meet every month and makes decisions on how we're going to move everybody from leadership, the DNI, PDNI, I know, success. We're all really committed to moving this reform effort. A lot of things are going on. A lot of different tasks. And everybody's really has, everybody has a lot of attention to making. We're all used to the process for the past 50 years if we've all been working there. How we investigate, how we adjudicate, and how we do polygraph. And we're trying to do things more efficiently. We've also learned from the phase one on how to reduce the inventory and some of those measures and best practices we're taking forward as we create the trustee. So a lot of things are underway. The biggest thing is the National Security Presidential Memo. It's been at the White House for a few months and we're waiting for signs, but that's not stopping what we're doing. We're still making short table top discussions. The PAC TMO is leading some of those efforts with us coordinating it and we're ensuring we're hearing everybody. We're from Terry and Patricia, you know, they're working on modernizing everything. So there will be a process for everything inclusive of the continuous, eventually kind of move away from the traditional periodic re-investigation. So I'd like to then talk about the meeting we held in March. The executive agents and PACs hosted the meeting for NISU and our CSAs and we all talked about where we're going on trust and workforce. We talked about and discussed the concerns of industry and we addressed a lot of the questions that were raised. We did commit to meeting periodically with the NISPAC members. So we're going to plan for a future meeting in this fall and I'll get together with you Greg and we'll plan a meeting. We're not ready to host it, but it will be again the same group of partners and the whole trust to work for it. Any questions for Valerie and the auditor? Yep, there's one more. Sure thing. Charlie Sal with industry. I think I heard you say that the, for the security executive agent directives, industry input for that should come through the CSAs. Well the CSAs see the policy and they comment on things that would impact them or raise concerns. So there's still not a direct industry input. No. Okay, thank you. Anyone else for Valerie? Really anybody? Okay. Thank you, Valerie. Appreciate it. Okay. Now we will hear from Daryl Parsons on the update on the NISSA working group. Thank you. Again, Daryl Parsons with Nuclear Regulatory Commission. I appreciate the invite down. Allegra, who I understand is not here today, volun told me to come down and talk to you all today. So I appreciate that. I'm really struck by the amount of change that's happening within the industry. Just what I've seen today. And I just wanted to let you all know my leadership, so my executive director for operations and certainly the commission ask questions about what happens here and what is the impact and our licensees. And so I'll give you a quick distinction. You all talk about contractors. The NRC talks about our licensees. So they pay us versus the government paying them. There's a little bit of a natural tension there between what happens within the NISPAC versus how the NRC is using. The other thing I would say is that NRC is always looking and trying to better collaborate with parts of the government. I'll point to Department of Energy. Certainly we share the same microphone. Department of Defense has been a big help for us even in the past couple months. We appreciate that. Nice who's always a friendly face to see at the NRC. Just in the grand scheme of the NRC versus and just for the economies of scale, if you think about the industrial security program as the entire screen, we are probably the size of the period right after the facility. So I just wanted to give you sort of that sort of picture view into how large we really are. Two years ago, I think we gave this presentation. We said there was approximately 10 classified networks that we oversee. And given the state of the nuclear energy economy in the United States right now, it is very depressed. And we are seeing that within the commission as well. So we've cut back on some of these, some of our licensees have cut back on their classified networks. So we're approximately half of what we were two years ago. I don't even want to mention the number because you'd probably laugh at me. But we do, again, collaborate with Department of Energy on the accreditation of these networks. So we have a very good working relationship with John in Oak Ridge, Tennessee, who go out to parts of the desert in New Mexico and look at some of our licensees and what they're doing in the classified networks. So a lot of these networks are control networks. I won't go into details around them, but we do have an accreditation program associated with this. And as a regulator, we don't necessarily want to sign as the approving authority on that. That's another distinction for us. As a regulator, we don't necessarily see there's a condition of risk there. So that's why we collaborate a lot with Department of Energy on these types of networks. The other thing that I wanted to say, am I missing anything here? So there's two areas from the NRC, two offices. One is traditionally NRC going out and getting contracts and having a classified or cleared contractor work. The majority of them work for me specifically, but I actually represent the area of the licensees and the classified work that they do. So there's two sort of offices within the NRC that handle contractors or the industrial security program. The other thing I would want to say is just mentioning CUI that has come up a lot today. A week from today, NRC is actually going to have a public meeting on CUI and its impact on our working group for CUI within the agency. So is that any questions or anything about the way NRC operates versus the way Department of Energy operates? We are separate agencies. Please. So thank you. I appreciate your time. No, thanks. Thanks for coming. Greg, you're going to talk about the clearance working group. Yes. Okay. Well, thank you. So being toward the end here, most of what I would discuss has really already been discussed. We did have a robust discussion at the clearance working group about just about everything we heard today, whether it be the systems, NISS, DISS, NCCS, NID. We talked about the NIDS. We talked about DIT and transition, NISP and CUI. So pretty much every trusted workforce do more than those seeds. I did mention a couple of points on the one item that I didn't hear today that we talked about in our meeting was the level of cyber assurance for that system. The question came up in our working group, does it meet the moderate level of confidentiality? Given the data going to eventually be in there or is already in some ways in there, I think it's useful to find out. So that's the baseline for CUI, basic information. So I'd ask that DOD take that back to confirm what the level of confidentiality and integrity and assurance for that system is or is planned to be. I did also want to mention we talked about the implementation for continuous evaluation. So we heard today close to 1.4 million. My understanding is, and Validate correct me if I'm wrong, Validate Irvin, but December 2021 is the target date that everyone is a requirement that they will be enrolled in. So we're marching toward that date and I think that's a good thing. Obviously we also talk about metric data and of course that's a good news story at least in terms of the substantial inventory reduction. Obviously timelines, there's still a ways to go to bring those timelines down. They're way beyond the overall, or the goals. So there's quite a bit of work to be done there. With that, I'm going to stop and if anyone has any questions. Okay, now we're going to get into the last part of the dinner, Russell Hunter. Metrics. That wasn't just a dramatic entrance. You said the word metric as I was trying to walk. That was the problem. So I can make this very brief because it's a good news story and in fact as far as the, I have to ask that this not be held as metrics or statistics because most of what I have to say is not that. That having been said, we have a normal workload of industrial statements of reasons to review from the campus. Right now we have 233. That's very squarely in the mid of our normal range between 200 and 250 a month. So that means that we're working those within 30 days. The exception, of course, is when we have to go back and get additional information. So that's a thing that will continue to be an issue but as we reform the investigative process, the adjudicative process is our hope that we'll get more cases that are to use a term the cap has been using recently, more adjudicative cases. Because whether it's CE or a typical old school investigation, when Doha gets a case, it's because there is actionable information that's out of revocation. In industry, that's a really tiny percentage of the overall population. We're talking about 1.5% of the people who apply or re-evaluated appearances. Just over a thousand denials and revocations a year. But with that said, we know that the workload will be coming as the backlog gets suppressed and are working with the CAF to ensure that that gets done as efficiently as possible at the CAF is providing some resources to Doha in the form of some contractors, printers, and scanners that will allow us to work more easily within DISS. That will also enable Doha to issue statements of reasons directly without having to send our legal review back to the CAF. That's going to save time. The other thing that we're doing, and it's been very successful with the CAF, is working on tiny percentage of cases that involve a mental health evaluation. The reason that that's worthy of mention, even though it's a tiny number of people last week from the independent Doha appeal board, which said that the way that we had worked out with the CAF, and I have to commend that part no of the industry division because the appeal board concluded that the mental health evaluations that the CAF had been getting are an admissible document in our proceeding, which means that we can effectively using taxpayer dollars to conduct the most sensitive cases, which are the mental health evaluations. So it seems like a tiny number of cases, but it's important because it's an example of how, when we figure out that there's a problem, we've been working together with the CAF and getting it right. The number of cases that Doha has pending is actually right now less than 700. Of those, 383 are active with administrative judges. 157 cases that are being written up as hearing decisions and there are four. So again, we're talking about tiny numbers at the end of the process that starts out with hundreds of thousands. That's all I have. Does anybody have any questions? Yes, ma'am. There's one here. Is consideration with EAP being out in place that Doha and or the CAF can go to the individual directly to get the data and take out the FSO and the middle person? So that's a great question, and that is a very appropriate future reading question because one of the challenges with dealing with an individual whose most sensitive information is being adjudicated is the Privacy Act. So as you all know, NISPOM 2-202 provides that the FSO will sit down with the individual to prepare the application, which means that the FSO or does it need privacy act information that the individual is closing. You know, back in the really old days that was done in a sealed envelope. Now I like to say the FSO has become the sealed envelope for privacy act purposes. There is a future stage, but not now, in which we might be able to go direct to the individual. Certainly everything that Doha does after the issuance and answer of this does go directly to the individual. So we are trying, when we get a case, we maximize going direct to the individual. Having the FSO in the middle is valuable, however, because one of the things we need to assure is that we have jurisdiction. If an individual is not employed by a contractor who requires the individual to have access to classified information or needs some other kind of eligibility, like for example, TAC eligibility, then we do not have jurisdiction to proceed with the case. So it is important for us to be able to reach out to the FSO to at least ensure that the individual is there and is performing the work that they were put in for the clearance eligibility. So that is a great question because it touches on both Privacy Act and jurisdiction, which are two things that we are constantly trying to make sure that we are getting right. Because it is very important that we, but we obviously cannot give a clearance to somebody just because they want to clearance. There is one exception by the way to that jurisdiction rule, which is if an individual is suspended by the Director of the Defense Security Service, which is a very rare instance. We do it in only the most serious cases. When that happens, the individual may often lose their job and at that point they can write in and still seek due process because they have had an action taken against them but they haven't had the opportunity for due process. That is one of the reasons a lot of people ask me why the industry process is different. One of the reasons is, so getting the FSO out of the middle, we did that on passports. C4 is a great example of clearance reform where the derivative guidelines improved dramatically for the collateral world when we started to do what we knew was the right thing to do for SDI and had been national policy from ODNI and ICPG 7 of 4.2 nine years and FSO stopped becoming passport libraries. So that was a good thing. This is something where I suspect the FSO role will continue for reasons of privacy and eligibility. I can promise my future answers will be shorter. All right, thank you very much. Okay, we're going to move into the last segment which is the open forum. So anybody has anything to say about anything? Dr. Chance. Mr. Chairman, I'm Stan Borgia from Rolls Royce. I'd like to thank you very much for what you do in hosting this. The only thing I would offer is on the national interest determination waivers which coincidentally came out this week. I'd like to thank yourself and DSS, Jess Binniger, Brett Gortler, countless others who've been following this and pushing it through. I know that it's just one small segment of the National Defense Optimization Act section 842 and we're very anxious to help you in the effort to go forward and address those other parts of the act with regards to waivers or anything else that would help address that. I know that a lot of things have been done with regards to other entities. I know that the Under Secretary has invited the DNI and DOE to join in this and I think that there are many of us who would like to be able to help in that. I myself, as a former or retired, now FBI Special Agent who also worked at the Department of Energy and the IN-1 had a lot of experience in dealing with especially the NTIB countries and I think I could be able to help and if you do set up future meetings of your subcommittees on this I would welcome the opportunity to help offer some clarification that would help move some of those issues forward. So thank you, Mr. Chairman. Appreciate it. Anyone else? No, 35. We've done actually pretty well. Two last things. The next, in this path, again this is tentatively because let's pray the government hasn't shut down again if we have debt ceilings and budget issues looming here but if things work it'll be Wednesday, November 20th here. National Archives. Lastly, if those of you who did not sign in if you would be kind enough to do that when you leave we'd appreciate it so we can keep a tally on who was here. All right, again I appreciate you all coming down on such a hot day. Have a safe trip back to where you're coming from. All right, adjourned. Thank you guys. Thank you for using AT&T Event Conferencing Enhanced. This conference is now concluded and you may disconnect.