 Ladies and gentlemen, welcome and thank you for joining today's webinar, the NISPAC meeting. Please note that all audience member lines on the phone will remain muted until the various Q&A portions of today's call. We will provide you with instructions on how you may ask a verbal question at that time. You are welcome to submit written questions throughout the presentation and these will be addressed during Q&A. If you are connected on the Web and would like to submit a written question, please locate the chat panel on the right side of your screen, select all panelists from the Send To drop-down menu. And if you require technical assistance, you may send a private note to the event producer. With that, I'll turn the call over to the director of ISU, Mr. Mark Bradley. Please go ahead. Thank you. Good morning everyone. As you can see, it's a different venue that we've had in the past. So a couple things we have. Mr. Bradley will give a lot of the administrative items. I would ask if you are a NISPAC member because we don't have a lot of microphones and we were aware of that, but the archives, believe it or not, this is what they had available. So these first two rows in the center, if you are, perhaps we already have all the NISPAC members that are present here. So it's ironic we did this because of safety concerns. Of course on a day like this, a lot of folks are calling in, but who knew? So I'll turn it back over to you now. Thank you. We decided because the government's still open to go ahead and do it. So again, we apologize for putting anybody at risk. It wasn't our intent. What I will guarantee you is we'll get you out of here on time. So with that, let's get started. Let me just go through the usual administrative comments. Welcome to the 60th meeting of the NISPAC. As you are aware, we've changed the venue for this meeting from the Archivist Reception Rooms in the Gallant Theater. As Greg said, we did that because of the fire codes. We were so popular that we were running out of space. Those of you who've been in the Archivist Reception Room know it's a beautiful room, but it is compact. If we did have a crisis, it could be a real crisis. I'll move it here. This takes a bit to get used to. I feel like I'm either under the interrogation of the KGB or in Las Vegas, but the lights are... I can just see orange now, so I'm not really looking at you. I'm looking at light. Anyway, we'd like to remind you that this is a public meeting. It is audio recorded. We are also using WebEx for the first time to expand our reach for enabling access to the meeting. You will notice this change throughout this meeting. So, again, don't be taken back by it. This is an experiment for us too. We're trying to, again, expand our reach. For those of you here in the room, please be mindful that we have people on the phone through teleconferencing capability. My guess is today we have more than usual people on the phone, so we need to be mindful of them. There are three microphones in the first two rows for members' use. Great. Can you identify where those are? Those are handed out? Yes. So, if you... There's... Carolina has one. Okay, got it. There's one on the table, and then Dennis Ariaga has another one. We have a couple on the ends. We have some ISOO folks that will help out if members that are not NISPAC members in the audience have a question. You can either move over to the sides at the point where we ask for questions, or we'll try to get one of our ISOO folks to get a microphone to you. All speakers must identify themselves before speaking. As you know, this is recorded and also transcribed. So, again, in order to make a clear transcript of what this is, we need to know who's speaking. And so, again, please identify yourself. And if I interrupt you again, it's not because I'm rude. It's because I'm trying to get an accurate transcript of who said what to whom and what the answers were. The presenters will address a variety of topics today. At the end of each presentation, we will have a small question and answer session in which people may ask questions as well as submit questions through WebEx. The way it will work is after a speaker has completed the presentation, I will ask for anyone in the audience, meaning those of you present in the room, if you have any questions. After answering those questions, I will then ask Tanya Jinji, our WebEx moderator, for the meeting, for this meeting, if any questions were submitted through the WebEx chat function. If there are Carolina, Caroline McClink of my staff will read the question so that everyone can hear it. Last, Tanya will unmute the phone lines and ask if anyone calling in has a question. Please remember that there will be a general question and answer session near the end of the meeting, and I will encourage you to take advantage of that. Presenters other than those sitting here at the table who don't have slides must use a podium that's part of the theater. Robert Tringale of my staff will assist those to use their presentations on the screen. Presenters will also have access to a remote where they can move the slides at their own leisure. So, again, whatever you all prefer. Some other additional administrative notes will have a 10-minute break during the middle of the meeting, the location of the restrooms, when you exit the theater, they will be on the left side once you enter the hallway, as is the Nara Cafe. Also, for those with mobility issues, to my right in front of the stage is a door that leads to an elevator which will transport you to the ground level. And, regrettably, food and drink are not allowed in the theater, despite what you're seeing here in front of me. Now, I'd like to welcome our newest NISPAC members and express our appreciation for our outgoing members. First, I'd like to recognize Quinton Wilkes, who will now serve as our NISPAC industry spokesman. Quinton has served in NISPAC in many capabilities for many years and has proved himself to be more than up to this new challenge. We know that he will continue to make great contributions to the NISPAC and thank him for serving as the industry spokesman. So, what a pleasure to have you. We also have two new members from industry. First, it is a great pleasure to introduce Ms. Roselle Boyle, who is the Senior Information Security Officer at NSCO Inc. It's also a great pleasure to introduce Ms. Cheryl Stone, who serves as the Director of Corporate Security for the Round Corporation. We are greatly looking forward to having you as members and sharing your thoughts and insights. Our newest government members are Christine Gunning, who I used to work with over at the Department of Justice. We welcome and thank you for your willingness to participate. Mike Scott, primary member of the Department of Homeland Security. We welcome you and thank you for your willingness to participate. Our outgoing members are Anna Harrison, primary member of the Department of Justice, now succeeded by Christine. I'm grateful for what Anna has done for us. Steve Lynch, Department of Homeland Security. Thanks, Steve. Heather McMahon, Department of Defense. We're grateful for her service. And we have here today as her alternate. Let's say back up, but that's not quite right. Now, beginning with the table, I'd like each person to introduce him or herself, followed by the NISPAC members in the first two rows. Next, remaining persons in the theater. And last, we will go to the ones on the phone. For those calling in, they will receive a prompt from Tania, and at that point, they will introduce themselves. In this way, we will be able to provide people calling in and identifying themselves at the same time. Also, we would like to ask those on the phone to follow up with a e-mail with Robert Tringale at robert.tringale. That's T-R-I-N-G-A-L-I at nara.gov. I'm Mark Bradley, Chair of the NISPAC. Go in, Rooks. Greg Pinoni, ISOO, and the designated federal official for the NISPAC. Valerie Heil, Department of Defense. Robbie Wonestor. Keith Miner, Defense Security Service. Carolina Klink, ISOO. Bob Harding, NISPAC. George Ladner, CIA. Dennis Keith, NISPAC. Dennis Ariaga, Industry. Kim Bogger, State Department. Christine Gunning, from the Department of Justice. Rosa Alburero, Orozi, NISPAC. Simon Casey, ISOO. Glen Clay, Navy. Fred Gortler, Defense Security Service. Excuse me, Bob. Scott. Could you grab the other microphone and show them all this NBIS? Patrick Hogan, DSS. Cheryl Stone, NISPAC. Steve DiMarco, DOD CAF. Carl Hellman, DSS. Steve Nates, DSS. Bob Ruligy, Industry. Tyler Hilberg, Industry. Mark Riddle, ISOO. Tim Irvin, DHS. Mike Scott, DHS. Justin Doubleday, inside defense. Jane Dingell, Industry. Sue Stike, Industry. Marlon Mattrick, Industry. April Abbott, Industry. Leander Motor, Industry. Jason Elder, DOD, OUSCI. Donna McLeod, MBIB. John Eskelson, MBIB. Guy Mackey, Industry. Caroline Diccati, Clearance Job. Lisa Reedy, Industry. Dick Weaver, Industry. Jason Hager, Public Services and Procurement Canada. Miles Simon, DSS. Chris Forrest, DSS. Andrew Parker, DSS. John Maxey, DSS. Dan Finucan, DSS. Amanda McLean, DOD. Jason Stiner, DSS. Fandy Day, MBIB. Welcome to the CIA. All the phone lines have been unmuted, so if you're on the phone, can you please identify yourself and your agency? First caller, please go ahead and identify your line. Carla Peters, Car, Industry. Diane Rayner, Industry. Shirley Brown, NSA. Steven Cicerelli, Industry. Katherine, please go ahead. Your line's unmuted. Okay. Cappy Thurston, Industry. Larry Piles, Defense Security Service. Larry Piles, DSS. Laura Agham, DSS. Allison Renzello, DSS. Rick Olmacher, Industry. Sharon, please go ahead. Your line's unmuted. Samaria Air Force. Jennifer Skelton, Air Force. And to the other speakers on the call, please go ahead. Your line's unmuted. Olga, please go ahead. Your line is unmuted. Olga Delgado, O-D-N-I. Patricia, please go ahead. Patricia Staggs, DSS. Ryan, please go ahead. Ryan Gologni, Defense Security Service. Sandy Legney, DMDC, Supporting Diff. And finally, Valerie, please go ahead. Valerie Curbin, O-D-N-I. All lines have been identified. Just confirming that all lines have been identified. Great. Kanoni now will address some administrative items and will cover the status of action items from the line 19, 2018. Ms. Spack made it quick. I'm not going to look up as much either because he's loud. So, all the presentations and handouts were sent electronically to all the members and to those who provided an RSVP to the invitation for the meeting. If you didn't receive any of these documents, all the materials, along with the final minutes and the official transcript of the meeting will be posted on the ISOO NISPAC website within approximately 30 days. And also, for your information, all NISPAC meeting announcements are posted in the Federal Register approximately 30 days prior to the meeting. So now I'm going to move into the action items, read off the action items from our last meeting that was July 19th. The first was involving industry meeting with DSS to see if they could get more clarity to some of the consultant and security services that continue to support small businesses. So, while there has been some informal discussion, the meeting between DSS and industry is still pending. Next was DSS and ISOO to discuss the directors and secretaries of Federal Executive Branch agencies responsible to implement CUI. We, ISOO and DSS, did have a meeting regarding the terms of what will be DSS's role in overseeing the implementation of the CUI program for the Depends Industrial Base did on behalf of DOD. As it was pending yesterday, DSS has a draft plan that will be very close to finalization. Next, NBIT was to provide information on companies that are going to participate in a pilot program. To put some context on this, if you were here when they recall from the last meeting, this concerned leveraging industry as a trusted information provider or TIP as appropriate. Some companies already have gathered vetting type information on their new employees, so they supplement the government's vetting program. Part of what is being considered is to establish baselines for what information is generally already being gathered by industry. Mr. Fallin will discuss, I believe, a little bit of this with his presentation update. Next, the Insider Threat Working Group was to meet before the next NISPAC meeting and ISOO also involved with that would pull NISPAC members to discuss ways to improve the Insider Threat programs. We did have that meeting on October 30th. It was a good meeting, productive, while ISOO didn't formally pull members some informal discussions at the meeting regarding program improvement were discussed, and I will be providing an update on the Insider Threat Working Group meeting later in this meeting. Next, industry requested a debrief from ISOO on the meeting held with the CSAs and other government activities on the processing of NIDS. Due to business extinguishes, the meeting was not held, but we will be doing that sometime in the next few months. Next, ISOO inquired about what the obstacle to obtaining sponsorship for EMAS training is and who is the authority for sponsorship. I believe yesterday some of this was discussed as well. DSS stated that if an industry partner is unable to access the EMAS training site after being sponsored for access by their local ISSP, they should report this to DSS at the following email address, dss.quantico.dss.mdx.emas.nail.mil. More detail on this will be addressed later during the NISA Working Group update that Carl Hellman will give. Next, I believe this is the last one, this one, the wording in the minutes is actually not quite right. This was about why some companies have been receiving notices that disestablishes their ATO's authorization to operate. DSS stated that denial of authorization to operate letters are used by DSS to inform industry of the removal of the ability to operate. These letters are produced for a variety of reasons, as you may know, could be expiration of the ATO, increased risk to classified information, not previously known, change of security staff, security violations, unable to meet NIST-R-MF standards, and others. Each DATO is an independent decision associated with the specific... So that's a readout on the old action items. Are there any questions? In fact, you, Mr. Chair. All right. Go to our reports and updates section of our program, the Post-Chair for National Ground Investigations. Head, Charlie Bayl. Charlie, please come on. You all can hear me here, and I now understand what you mean about the lights. I seem to recall earlier in my career I would have been on the other side of those lights. Anyway, we'll do what we can here. So thanks for the few minutes to chat with you all this morning. I went back and looked at what I had said when I was here with you all back in the spring, and wanted to get a sense of what promises I had made and how far we had come through some of those things. And one of the, essentially what I said is based on our inventory in the spring and the things we were doing, I had predicted that by Thanksgiving we'd be down about 15% in our inventory. I'll give you a little bit more numbers in a minute here, but as of Monday we were down 13%, and give you two more weeks after Thanksgiving. I hope to be able to tell you that 15% is actually accurate. In other news, and I mean that in all senses of it, there have been some media reports on both ends of the spectrum here. There was a couple of reports out last week that suggested that my inventory was extraordinarily high, much higher than it really is. At the same time, there was an article that reflected that the Principal Deputy Director of National Intelligence had predicted that I would have an extraordinarily low inventory by the springtime. So I've got a lot of people telling me what they would hope that I would do or what their numbers look like. Let me give you a real sense of what those numbers look like here. As of Monday, the reality is that our total inventory of investigations sits at about 630,000. That is, as I said before, 13,000, I'm sorry, 13%, almost 100,000 less than it was in the springtime. I think more importantly for this organization, particularly for this discussion, is the notion that in that population, how many of these folks are waiting in initial clearance, or in other words, may or may not be able to be working it. So let me just break down those numbers. In the Tier III population, the secret clearance population, the total number in our inventory of initials is 190,000. Of that number, 35,000 are in industry. Taking you to the next level of the Tier V investigations, we are showing 90,000 in our inventory. In the Tier V investigations initials, 90,000 and about 25,000 of those are in industry right now. So you add all those numbers up. That's about 280,000 initial investigations that we're processing right now in some part of that continuum. But that is not 280,000 people that are not working. Based on the numbers we have, at a minimum about 114,000 of that 280,000. We don't have insight into every agency's interim clearance process, but those are the ones we can document. 114,000 of that 280,000 are at work on an interim clearance. And so, that's not as bad a number as some other, but not there. It's still not where we want it to be, but it's not in... And specifically, the industry inventory itself we can show is itself down by 13% since just since Jim based on some things I'll talk about in a few minutes here. The other piece of this thing, which really is, the clue here is timely, how long it takes to do clearances. I see behind me is some numbers here that look extraordinarily unhappy. I am unhappy with the numbers as well. Two factoids here that may help a little bit. One is that what we are seeing in the range of those times for clearances, we don't count them until they're actually finished. What we are seeing is what was fairly narrow range that everything was coming in late. We're seeing a lot of stuff come in sooner, and a lot of old stuff, and so the averages come out still about the same. I expect that as we get moving down this inventory number that those timeliness numbers will go down. A leading indicator of this is an arcane number that we use in our production information called field man hours. I wouldn't worry too much about what that defines, but it essentially tells us how much field work is sitting out in our inventory, and field work you guys know is set in investigations. That number is down about 35% since last spring. That's a good leading indicator where we think these numbers are going to be growing here. Stay tuned. I hope to be able to come at our next session, which is January, maybe, and give you some better numbers here. March, okay. I should mention really good numbers by then. Okay. So what's getting us here? I've hashed this out before, and we rebuilt our investigative capacity. We're up to 8,800 people that are doing field investigations for us right now, in addition to all the other folks that are working by now. That population has gained experience over the last six months, and more importantly, we have put on top of that a lot of our business process re-engineering things, which are using these investigators far more effectively than we had been in the past. I'm just going to touch on one here that you all are probably familiar with and that is putting our investigators in hubbing situations geographically, so that we ask some of your companies to volunteer to be the footprint for us. We did this with the government a few times, government organizations, whether it was Department of Energy, the Air Force, the Navy, Department of Defense at Large, and some other organizations. It worked out pretty well. Our first two hubs with industry, which were pilots, the geographic location, one of you has hosted us, but every company in the area is welcome to allow us to spend less time administratively while the people that we are doing the investigations on and the references come and talk to us. In addition, we're giving these folks some technology that we can, if you guys are security officers, you know we're scared to death with things like VTCs. We're actually using this stuff and using it in a secure manner, and extending our reach considerably here. Some of the companies in the area are invited, and we'll make sure that we are working on that stuff. The couple of other pieces, I think either Valerie or Olga may talk about this when they get to the DNI stuff, but we are working on trusted workforce, the key element of trusted workforce 2.0, which is rewriting the policies that are driving how we do investigations. This is really picking up steam on the last three weeks. We've done an awful lot of energy into this thing with the executive steering group. We've been working off some of the early decisions from this, and that has also helped with our inventory reduction. So all this stuff working together has been helpful. Greg mentioned the trusted information provider program. It's sort of a no-brainer that I know a lot of you in the pre-employment portion of bringing people on board are gathering information that we can use later in an investigation. There's no point in us going back out of this information if we can trust that you have gotten it from a reliable source. We've been working with a number of your companies in a working group situation of we have put together a draft of how this would work. A lot of that comes from information provided by you. I have seen, we know there's enthusiasm within our security executive agents to both the suitability and security executive agents, I'm sorry, to both for changing the policy and allowing us to broaden this out considerably and the front end of this is, of course, doing some pilot work. We've got a lot of enthusiasm for that too, so I envision this will come mainstream pretty quick. So I'm pretty happy about that. Last topic here is changing t-shirts. Last spring, Michelle Seppin said after I talked about some of the things we're doing, are you going to share all these sort of cool things that you're doing with the Defense Security Service when they do the 7030s quid? And so the answer then was yes. The answer today is even better. It's we will be the OD in some period of time. And so, yes, we'll be sharing with ourselves. And just a quick highlight here. Back in June, the administration published the President's Management Agenda about the understanding that it made no sense to cut off the investigative organizations into pieces but to keep it intact and move it from the Office of Personnel Management into the Department of Defense. It's still the plan. We're waiting for the Executive Order. It will be imminent. I've been saying that for several months, but it will be coming out imminently. I've seen the last draft literally yesterday evening. We'll be really close on this. And we'll start with that Executive Order. And once that happens, we will work in earnest to get through that changing venue. But that said, we've been working very closely with the Department of Defense these days since last December on some version of the transition. And I would say the level of effort and engagement is both high and strong. It's pretty collegial, given the fact of all the stresses and pressures that have come into this stuff. We really are looking at this as we are. We'll be one team. And I hate speed bumps, but we're going to hire those things down as much as possible. And so with that, I leave it up for any questions. If you see your hand go off, that'll be exciting. Yes, sir. Dennis Keith, Ms. Pack. The decrease in the number of fieldwork hours, does that have anything, is there any correlation there between that and the increased use of CE? Not yet. The number of, we didn't go into a lot of details about using continuous evaluation to supplement some of the periodic investigation of the department is working on it, but the total number of investigations affected by that right now is maybe 10. And those are avoidance at this point, not taking things out of the inventory, things that were not put into the inventory. That said, because everybody's active out there, we are actually still, we are seeing consistently in the last few months a higher level of new work coming in than this time last year. So we're actually working against a higher level and still we're making some good headway against it. So I expect in the long run that the more wide use of continuous evaluation in as part of the periodic investigation program will have a much more dramatic impact. I'm going to get a microphone. Caroline to Daddy, clearance job. I was wondering, so if the number that Sue Gordon gave from ODNI that by the springtime the number would be around 300,000, what would you say might be a more accurate estimation? I would say probably closer to 500,000, but I'm pretty conservative. So I said 15% last year, so let's see what happens. But again, the key thing that I really need to make promises about is what will the timeliness look like? And I'm hoping that timeliness is dramatically improved. To Caroline and the audience. I do not, however, some people joined after the appendicitis, so I'm going to leave some really quick. You have Carlo Peters, Carr, David DeSosa, Venice Brady, Lindy Kaiser, Steven Cicciarelli, Katie Timmons, Diane Rainer, Jen Kirby, Elinor Moss. Thank you. Anyone on the phone have a question for Charlie? If anyone on the phone would like to ask a question, please press pound two on your telephone keypad at this time. We do have a few questions. Our first call of your line is unmuted. Hi, this is Leonard Moss. I just have a question for Charlie on the hub. Charlie, is there somewhere where you list those hubs, so if someone wanted to participate, they would know where to go? I don't know that we've published a list in the sense of putting out in the open, but where we are set up a hub, I believe and I will ensure that we are reaching out to all the industries that have locations within that hub area, all the companies that have locations within that area. Great. Thanks. Go ahead. Your line is unmuted. So, Mike, hey, it's Wendy Kaiser with Clinics Jobs. So, Charlie, you're talking about me and my awesome reporting on your numbers. So, why is the disparities between what you said today and what was in the Secret Act report that I got? So, I think your voice has come through kind of working up. I assume this is Lindy Kaiser? It's Lindy Kaiser, your number one fan. I'm wondering about the disparity between the numbers and you can follow up with me later because I want to make sure I get them right because I'm going to report, you know, I'm going to, I'm interested in the number that you reported today, but they're different than what was listed in the Secret Act report. So, Lindy, I appreciate that. So, I went back and read the Secret Act report again as well. So, the two things about those numbers. One is their numbers from June or July, I'm sorry, and not numbers from today. So, numbers are different anyway from today. The problem with that report is the way we were asked the questions by the legislation that said, please do this report caused us to write the answers the way you see them in the Secret Act. But not all those numbers are discrete. There is some cross-checking that goes on where you can get counted information in that report. And so, that said, we are going to, we actually have come due very soon. In the next quarter of the report on that, we're going to put a big caveat on there that says, it talks about the math problem with this thing because if you just look at it and add it up, you get a really high number. But these were cross-cutting it in different ways and slicing it in different ways. And it, again, the numbers that I talked today are the accurate numbers. We're going to actually suggest to the Hill that we find a different way to report, a way that is much more manageable. But we'll get, Lindy, we'll get back to you more directly and we can talk about that. Awesome. Thank you. Can I have another call? Yes. No further questions on the call. We just got our comments. I will talk to the speakers. Can speak closer to the microphone because the sound is faint. Because I had an email from NASA. Did I just have to, I had to get on and I had to get off and try to get back on. Is there some issue with getting back on? That one, please. Let's not hold up the meeting anymore. That is still trying to get back on. Thank you. Okay, thanks. I'll be here all day or at least until noon. Thanks. Yeah, you're right. All right. We're next going to hear from Ryan Deloni from DSS. Tell us about the National Industrial Security System and the deployment of the NIS. Good morning. This is Ryan Deloni. And you guys hear me okay? Ryan, your audio is coming through clearly. Okay, great. And I just saw the slides go forward. Great. Thank you very much. So I wanted to give an update on the National Industrial Security System. We've had great progress on the NIS effort since last time this group met. I want to note that NIS did successfully deploy on the 8th of October for industry and government users. I want to note that it is the system of record for DSS Industrial Security Oversight, so for the Department of Defense and those non-DOD signatories engaged with the DOD. ISFD and EFCL are two legacy systems that it replaced. Those are no longer available, so NIS is the system of record to use going forward. You can see some activity notes on there and following yesterday's meeting with industry. I went back and pulled some updated numbers, so I'm happy to share those as well. As of yesterday, we are sitting closer to 6,500 users, of which there are about 5,000 unique industry users, 800 government users, and still about 600 DSS users. A question came up about how many companies that represents. I identified that that represents actually about 5,500 unique cage codes, so there you'll see kind of what that number actually bigger than the industry users. There are some users who do represent multiple cage codes, either within their corporate family or they may be a multi-facility episode. Systems have been heavy in use, currently over actually 13,000 clearance verifications submitted, so a high volume of processing there, which is a good thing. There have been over 400 facility clearance sponsorships submitted, so if you are either a government sponsoring an initial or a prime industry partner sponsoring a sub, this is the system you want to do that. We've seen a lot of benefit with reduced rejection rates prior with our very manual process. You would see just with the paper form submitted by email missing documentation and issues that would cause a lag in the initiation of the FCL processing. The smart form in the system is reducing that, ensuring that we have a package that has everything we need up front, which has been beneficial. There were 500 change conditions reported, so industry has been actively using that as required. User feedback has been a lot of feedback. I will say that. We've received well over 1,000 comments, either through our mailbox, which you can see in the bottom right corner on this slide, as well as directly in-system. You can provide that messaging. So we've really seen three main areas. One is folks looking for more training or having questions or needing education. So we've been gathering that up, and as those most common questions arise, we've been developing job aids, which we've been sticking directly in-system. So on the screen here, you can kind of see a sample dashboard where kind of in that top area, there's the blue links to common functions, questions, we've been providing tooltips, things of that nature. We're also continuing to build and develop job aids based on user feedback. There have been many requests for enhancements, which is a good thing. And I'll talk about how we're going to rack and stack and engage with industry and government to prioritize those on the next chart in a moment. And then we have been receiving some bugs. So on the initial deployment month for a major system like this that was expected, the development team was in place, mitigated over 30 kind of critical issues up front, most of those same day. And a lot of those, again, came from that feedback. So our initial triage of the feedback was trying to see if any trends and issues that need to be immediately resolved. And that's been worked down to where we're seeing pretty steady system use. Looking forward on the training front, there is training available in STEP, the DSS Education Knowledge Portal. So if you go there, there is external training that is broken by user role. So if you are a sponsor, clearance verifier, on an industry security staff, you can just take those modules unique to you that gives you everything you need. In addition, as I mentioned already, for the in-system shorts and jabbies, those are available as well. Also on the screen here in the bottom right corner are external web page, dss.mil, slash is, slash ns.html. We're maintaining that with latest information, FAQs and resources just to keep pushing that education content available. Next slide. There's latency here. I haven't seen this slide push forward on my end, but I'll keep going just in the interest of time. So key capabilities, industry and government, we did deliver. As I mentioned, this is where you can submit and track your facility clearance request. That's been beneficial. You can see, is it under review at our facility clearance branch? Is it out with industry to submit the facility clearance package? That's very beneficial. You know, if you are the sponsor, either as a prime or a government agency, one of the things that can get your people cleared and working fastest is if you see that company's still waiting, pending to submit their required facility clearance documentation. The sooner that is submitted accurately, the sooner we can initiate all the other activities. The FOCAI assessment clearance initiation as required on-site surveys in order to get that company up and running. So that's beneficial. Clearance verification has been going very well. We've been seeing a lot of positive feedback on that. The system is much more proactive. It's been an easier form to submit those and as mentioned, well over 10,000 of those have been submitted. So that just goes to speak to that note as well. And then those automated notifications be it whether you're involved in the clearance process. So once your facility is cleared at the interim or final level, the sponsor and company do get emails, updates on that information, if you have clearance verifications running, if there are changes, you'll get emails along those lines. Industry, this is where they submit their facility clearance documentation as reference, change conditions, required annual self-inspection certifications, and they also have more transparency into the information in order to view their facility profile, DSS content available, that we kind of maintain the records on those companies. So making sure that that's transparent. We will be using this for the PSI Projections Survey that was prior done in EFCL, but with the system replacing that, that capability will be deployed out sometime early 2019. We are looking to update the system to further allow industry to provide updates for their profile and vulnerability mitigation. Again, getting off of our current email process. So as there are any issues with the information request, all those are just handled in system just to streamline and ensure accuracy. We'll also be looking at DSS and transition related functions. Some of those are currently done by out-of-system email and other capability spreadsheets. We want to automate and streamline as much of that as possible to improve it for everybody. We are looking at how we can enhance system reporting, reports or security violations both to receive better information up front about the who, where, when, why of those types of incidents, as well as be able to report more timely and rapid information both to the company and the data owner in the government. So we're working on building those out in FY19 as well. Key point as well, we're working to establish a NIS operational requirements committee. So as I mentioned, we are receiving a lot of feedback for enhancements. We've been doing some initial triage of that, but what we're really looking to do is gather participants from industry, from government, from DSS to take a look at that backlog, rack and stack and prioritize as a community, and then start delivering upon those capabilities which initial development with an agile methodology starting out in FY early calendar year 19, sometime in January is when we're looking to get that going. So we're currently finalizing that process. We'll be looking to gather participants in the month of December to then start those meetings to prioritize in January. So we look forward to participation, leveraging NCMS, NISPAC, and the government state corvus groups, leveraging those types of vehicles to gather participants for that organization. And with that, that does kind of run through the big summary. Some other questions that came up yesterday that I'll just go ahead and jump ahead of as far as if there are any access issues. So you do access the system through Incase, which is a separate application that DSS hosts. It's a single sign-on portal. If you're having any issues accessing that, call our call center, which is available, their numbers on the Incase page. They have a full OCIO trained team to provide that support for access. If there are any broader kind of agency-level access issues, I know we've been working a couple issues with non-DOD signatories ensuring that their certificates can work with Incase. We do have a process to escalate those up to direct to the Incase PM. So if there are any issues there, feel free to send an email to dss.NISPAC to work, escalate, and make sure those get resolved for the more systemic issues. If it's just one-off individual, our Knowledge Center has been providing great support. As far as turnaround time for accounts, the government side of the House should be quite rapid. Those go to our Knowledge Center, which has a full team reviewing. Those should be within a few days. On the industry side of the House, as mentioned yesterday, those do go to your industrial security representative. That can be out in an assessment or something like that. It may take a couple days. Always recommend you can send an email to your rep when you do submit that, just letting them know that that's there in their queue just to help remind and prompt and then we'll get that worked as well. The main technical issue we've seen currently that we're working is there's some system latency. So we've seen as people submit their sponsorship, a sale package, et cetera. It may spend a little while. That is our top priority to work in fix right now. We have dedicated teams really working full bore on that. So we have an enhancement for that coming out. We're testing that at the end of the month for deployment in mid-Sember and you should see much improvement on that front. And with that, I think that covered a lot of the questions that came up but I would be glad to take any additional questions on this that the group may have today. Is there anybody on the WebEx? No, but we found the issue of now since she's on the line via Taylor. And if anyone on the phone would like to ask a question please press pound two at this time. There are no questions on the phone. Okay, lovely. Thank you, Ryan. We appreciate it. Thank you. We're going to hear from Sandra Langley from DMDC who will now provide us with an update on the deployment of the defense information systems for security. Sandra is calling in. So Sandra, are you on the line? Yes, I am. Thank you very much. It's all yours. Thank you. So I want to provide an update on where we are with the deployment of this to industry, give you some information on user provisioning and ask for assistance in continuing the efforts for user provisioning and then to remind you that there will continue to be a need for access to both JPAC and DIST as we go through a phase deployment approach. So as of October we completed building DIST phase one, which means from an industry perspective industry users are being provisioned in DIST for use of DIST. At this time we have provisions, have actively provisioned just over 5,000 users. Just over 5,000 users have that were auto provisioned. We are reaching out to those that were not auto provisioned but within JPAC have an active account manager. We have contacted all but 8% of those users the 8%, we are still trying to find email addresses so that we can complete this effort. So just over 2,000 have been recently contacted and provided direction on how to submit the piece bar, the DD-29 62 for user provisioning. I must advise that we are encountering a large rejection rate. Only approximately one-third of those packages are approved. Request that users read the directions that are provided with them. Give the very detailed layout out of the piece bar what to do and to submit both training certificates required for user provisioning. DSS will put this information out also for industry doing a second campaign trying to assist in getting responses for user provisioning. We also have this large group of security management offices that did not have an active account manager in JPAG. Therefore, we are working with DSS on a campaign to contact those security management offices to forward users for provisioning and to do so at such a rate that we can effectively process those requests. So I am sure that DSS will provide more information as we continue our discussions today, but just wanted to advise that we really need assistance in making sure when we send out a campaign requesting user provisioning that the instructions thoroughly read if there's any questions to ask them up front so that the package will be successfully submitted and provisioned the first time versus actually going through multiple iterations. So in DSS today, DSS phase one is all about communication. It allows the security management office to communicate with DSS, the industry group for subject management. They can do higher within DSS, you can do hierarchy management, meaning you can define your hierarchy. Same, we'll have to continue to do that in both DSS and JPAS manage your security management office. You'll have to maintain a security management office in both DSS and JPAS and user provisioning. You'll have to make sure that users are provisioned correctly and maintain their access to both systems. We look forward to working with DSS to do an incremental phase transition from JPAS capabilities to DSS. Currently within DSS can claim the subject, make sure that they're associated with the security management office. I do update foreign relatives foreign travel and establish an owning and servicing relationship. Also communicating with the industry team. Security management officers can submit customer service requests. They can submit for communications with the industry team. Beyond that, there is still a need to continue to use JPAS. DSS will provide information as we transition capabilities, provide information on continuing use of eClip or when that will change. Incident management is one of the first things that we would like to transition from JPAS to DSS. More information will come out from DSS when we're ready to do that. We're not ready to do that immediately because we're looking down rage on interfaces and how we share any information across the department. As we have finalized our strategy and our plan for transition, more information will come from DSS. Until then, I understand that there will be a need to continue to access both JPAS and DSS for the foreseeable future. Any questions for me? This is Kim Roder from the State Department. I'd like to know what is there any plan in the future at any point in time that you're going to brief regarding government access to DSS for non-DOD agencies because you've only mentioned contractors at this point. And that was the last time through that DMDC didn't really address this either at the last meeting. Okay, so DSS and JPAS are still limiting who will gain access to the system based upon our current processes and the system of record notice. We do support access to the system. However, for dominant use for non-DOD agencies still is through the SII bridge with CVS. Now, you will hear Sheldon talking about our transition of DSS into the N-BISC construct and he may talk more about when we will add additional federal adopters and when additional federal adopters will gain access because of N-BISC initiatives. So I do look forward to continuing to partner with N-BISC on the ways forward for additional federal adopters. I do appreciate the State Department has requested access to the system and we continue to work with you offline. I wouldn't just be I mean, I know I'm State Department, but it really I feel like I'm the spokesperson for non-DOD agencies. So there's a lot of other agencies that have the same concerns that they've not really been included in this. So it's not just me, it's a lot of other agencies as well. And I do appreciate that and that's why I believe there's going to be more conversations under the N-BISC construct and this will be one of many systems, one of three systems currently supported by D-M-D-C that will transition to the N-BISC construct and we will be following their lead for federal adopters. I do expect that Sheldon will speak about federal adopters and I can tell you that we are working currently right now with the Security Administration for federal adoption. They recently published a SCORN in the Federal Register and identifying that our system will be used for adjudicative management and so we'll be working with them. I also expect that Sheldon will understand how that will support federal adopters in the future. Anyone else have questions? Sanchez, this is Quinton. Is it possible that you could set up a meeting in the future through the ICU office so that you can collaborate with all of those non-deal DA's? So the answer is yes. There is a campaign underway that asks for us to be reaching out to our federal partners to have discussions on shared services what they would like to take advantage of and getting to know the community better. So yes, we are doing that. I am just one of many partners in that campaign. This is Greg Pinoni from ISA. So who would like to... Excuse me. I think that is a positive but I'm not clear as to who takes the lead then on establishing such a... Patricia, can I get a phone line? Can I get in, please? Sure. I don't know who this... Oh, I'm sorry. Am I live on the phone? Yes. Great. So this is Patricia who is the Defense Vetting Director at DSS who will be assuming the National Background Investigation Mission as soon as that great executive order is signed. And so to answer the questions in the room the answer is we are the functional requirements lead and therefore all of these questions whether it be the one that Quentin answered whether it be the Department of State should be coming through the Defense Vetting Office, Enterprise Business Office that I will brief on in a few minutes here and I can give the points of contact and it can be provided to Robert in the minutes for this meeting so you know who to contact for all of these questions. But we shouldn't be going through the MDC, we shouldn't be going through the National Background Investigation System they're the IT provider. We should be going through the Business Office and that is the Defense Vetting Directorate. Thank you, Patricia, for the clarification. Any other questions? Kelly, is there anyone on the Web? Thanks for her. There are no chats on the Web. Okay, how about on the phones? If anyone on the phone would like to ask a question please press 2 at this time. No questions on the phone. Okay, thank you so much, Sandra. Thank you. I've been here from Mr. Chair, I've been asked to specifically up here that we speak a little louder into the microphone we're getting some response from those that are on the line with the WebEx. They can't hear us. Sure enough. And up at the podium as well, Robert. Yeah. Okay. Next speaker will be Sheldon Soltis who will give us an update on the National Background Investigation System. Sheldon Soltis, I'm from DISA and I work in the NBIS and PML-PEO. Thanks to Patricia for answering the question that was raised about where to go for information about access. As she pointed out, we're providing the IT not making policy decisions about who gets access or requirements per se. So a little background of NBIS about two years ago to replace the NBID legacy BI systems. And as Sandy pointed out, we are trying it about two years ago to use some of the VMDC systems that we're currently used for vetting inside DOD to give us a jump start moving forward. Those systems are Swift, Mirador and DISF. If you look at slide, these are the current product lines we currently have. In the PDT that NBID OPM has deployed, we also have what we call E-Application Subject, which is better known as EAP, which is a replacement for DISF-86. We have another application that we're calling NBIS Agency that pairs with that or replacing for EQUIP. Investigation Management, that will be replacing the current investigation system of that lawyers called TIPS. And we're moving away from metrics that we're calling Investigation Management versus Case Management. Then we have Fingerprint System, as I said, Swift is the primary DOD system we're adopting for that. And then one of the big things we're doing is on the record tracks, Mirador is our current system for that and we're enhancing that and moving that into the suite of NBIS. Adjudication, that's currently located in this and that includes ease adjudication which is another portion of the Mirador that we have adopted. NBIS is a little bit different than most DOD applications. We are part of the actual project inside DOD. We're a pilot and we did that for a couple of reasons. One, we want to use agile methodology to do the development for NBIS. We didn't feel that the current state of affairs inside the government with the BI program transition transfer that a waterfall methodology would work well we would probably end up as if you've ever done waterfall to spend about 18 to two years getting the requirements in the system this large hand it to a developer and then the developer gives you something about three years later and then the users tell you you basically built the wrong thing. We also use an OTA to get us on contract as soon as we could. It's part of the agile acquisition strategy that we're using. It's why we want agile and why we want the OTA. The channels we face, as I said, we have a very mobile and changing environment. We have TW 2.0 coming out. We have the transfer, the transition and a lot of movable parts. This is a federal system also. It's not just a DOD system. It's complex. It makes it more complex. We have to meet multiple stakeholders and multiple requirements so that we can meet the requirements for the prior federal government, not just and we also have a very large project. Currently, we chose SCRUM for our agile methodology. We have 10 teams working on the IM portion of it. We have a team working on the front-end EAP and we call them the S-Agency and we also have a team working on PDT. We had to come up with a way to manage that across the entire spectrum of all those teams and we chose the scaled agile framework to meet that requirement. As I said, agile is a methodology that produces software faster and direct to the user's needs versus building to documentation. We're really focusing on providing value to the owner and making sure that we can change and move more as we need to meet those requirements. This is a comparison of the additional practices of agile to waterfall other methods. As you see, the additional practices to be predictable. So you have class schedule performance. That's the iron triangle that most program managers will talk about. You can have two to three. You can have three to three. Agile tries to make that a little bit by making trade-offs about functionality and it's not the focus of agile. It's providing business value. So this gave us the ability to do what we needed to go. We also have a very aggressive schedule which is another reason why we went to agile. This is the full safe. This is how the safe construct works to manage across multiple teams. I'm not going to go into a lot of detail about it. It looks more complex than it is because really if you go up from the bottom it's basically replicating what's at the bottom but at a higher level and with more input from the entire stakeholders as you go up and more oversight by the management team at PMO. So the basis is SCREM at the bottom where we were doing it. We make sure the SCREM teams have users and sales matter experts in place so we can get what I consider real end user input requirements versus getting supervisors and or higher levels deciding how something's done versus how it's really done in the field or in the workplace. So we have program requirements where we decide what the next diagram is going to be and how we're going to build that out. We meet with our stakeholders and our requirements just so you know right now we've been focused primarily on the IAM capability and also the what I call the IAS agency which is the replacement for the agency portion that's used to initiate clearances inside the investigation process. So that's the people we've been talking to to get those requirements. The other thing we did with this, this is a big change for DISA. We're going to what we call dev ops or in our case dev step ops. It's integration of the development security and operation environment so we can deploy to releases to directly into the system and it moves to an automated process what we call pipeline to reduce the software code that we need and we can pull it and get immediate feedback from the end user. We have the setup in an environment. We're moving forward into going into the cloud environment with it and I'll talk about that a little bit more later. But this is important for us being able to meet our schedule and to meet the requirements changes that we get based on changing priorities from our stakeholders and functional owners. This is the roadmap we're going on. We're going into the cloud environment. We are hoping to get into the environment in March of next year which will give us the dev step ops environment that we need to operate and one of the big changes that we have is that choice to move into the cloud earlier versus later and I'll talk more about that in this slide. This slide, just so everybody knows, this slide is still on the discussion. This is not set in stone. It's likely going to change based on requirements, changing priorities but this is what we believe is the best way to go forward for NBIS. As I said, we have a release in March in a couple of other functionalities and the major release would be in June based on this for tier one that I said this slide may or may not hold depending on what kind of requirements we get and what kind of priorities change particularly as you move forward with any ECs coming out initiatives and or how the year was signed and when it all affects the release schedule. That's basically what I have for NBIS. Any questions? I don't have any questions in the chat. Okay. Any questions for Sheldon on the phone? If anyone on the phone would like to ask a question, please press pound two. I like this. Hi, this is Patricia Stokes again. Can everybody hear me? Yes. Thank you. Just one kind of clarification from what Sheldon just said on the June tier one delivery. We are working diligently to that desired goal but I think we have a lot of work to do with the business office, with the all the components of being able to deploy this. So I just want to go on record and say the roadmap and the true capability and delivery schedule is under development. Thank you. Sheldon, many thanks. Thank you. Okay, we're next slide here from Beverly Hile, Associate Director of Industrial Security OUSDI, Department of Defense. We have an update as the NISP Executive Agent. Thank you. Good morning, everyone. Several items to update you on. Department of Defense is establishing a personal vetting transformation office. The acronym for it, as we do in DOD the PVTO will support planning and enable execution both for transferring background investigations to defense security service and reforming the personnel vetting enterprise. The PVTO will assist in coordinating and aligning resources between the transfer and ongoing security clients reform efforts or vetting efforts. The PVTO's planning support will leverage merger and acquisition best practices and data analysis. Second item, the FY 19 National Defense Authorization Act included a section A22 citing that by October 2020 the Secretary of Defense would no longer require would have to require national interest determinations for access to prescribed information which is top secret SCISAP, ComSec and restricted data for US clear companies operating under special security agreements where the ownership came from what are referred to as national technology and industrial based companies. When you look then at the supporting legislation about what is in a national and NTIB company those would be companies owned in the US, Canada, Australia, US companies owned by Canada, Australia or the UK. So right now the Department of Defense is evaluating the legislation and how we would implement it in DOD policy and consultation with ISU and the other four NISP, Cognizant Security agencies. The third item, the NISPOM reissuance and as some of you know we worked informally with the NISPAC for several years on that. The draft reissuance is currently in DOD coordination. Once we complete the DOD coordination then we must receive concurrence from the other four NISP, Cognizant Security agencies to the version. We will then and it's been confirmed to us recently that it will then have to go through the federal rule making process and become a federal rule. So in that context general estimate would be that we are probably at least a year or at least two years away from publication because at this point in time Department of Defense does not publish would not publish the NISPOM unless the companion federal rule was also approved at the same time. And the last item I have is we have talked about a NISPOM change three to incorporate the reporting requirements of the Security Executive Agent Directive number three. We did provide some months ago a draft industrial security letter to the NISPAC for comment. We appreciate those comments that were received. We are still evaluating how to proceed with the industrial security letter for the DOD contractors and those non-DOD agencies for which we have industrial security agreements. The issue that we are grappling with is how to handle the foreign travel reporting. We will keep you in the loop. It's still something we want to do. We just have some challenges in working through the details. And with that are there any questions? Valery during the stakeholders meeting with DSS yesterday there was some discussion about the newly established department critical technology protection task force. I would like to ask if there is a way to clarify what industry's engagement with that task force might be. Yes, there is a critical technology protection task force that has been established at DOD under the direction of the DOD secretary. I know that question came up yesterday about industry involvement. I will have to take it back. I'm not sure. I know it's just relatively new as far as being stood up and how that will work. I will take it back and provide some feedback about what the task force considers about how it will interact. I think I understood yesterday that there was some indication that there might be some periodic progress going to be the case. Okay, thank you. And the second question is also from yesterday with regards to new deforestation requirements that might be under consideration for the delivery of uncompromised initiative. If there's a way to advise industry as to the path for consultation on what those deforestation requirements might look like. I will take that back to our acquisition colleagues who handle our process for deforestation clauses. I'm not sure where things might stand with any process for that at this time. Stop harding this back. Valerie, back to the task force. Has there been any movement as the task force is being stood up or whatever as far as how to kind of rein in some of the variations to the theme that are coming out of the Navy or the Air Force or whatever on kind of deforestation plus X and things of that as there's kind of a lot of reaction on how to handle the cyber threats and those kind of activities. Is that part of the task force mission is to kind of get that so there's something consistent across DOD and then what is being pushed out into industry as new requirements. I would have to say that the task force is still relatively new so some of what you're asking, I don't have exact details other than the initial Tasker memo that was sent out across the department and they are filling the billets as far as the task force members. I can take that back also to one of my colleagues who's been detailed to have any other detail at this point. Anyone else have any questions for Valerie? Anyone on the WebEx? Anyone have questions for Valerie on the telephone? Okay, thank you so much. Questions? Spokes? Industry spokesman, new industry spokesman. How about it? Good morning. We have two new industry NISPA members, Rosie Guerrero and Cheryl Stone. We want to welcome them. We have one change on the MOU. Kai Hansen is now the chair. With the vast amount of changes in security policy and procedures, the implementation of these changes in industry expertise is leveraged collaboratively in the process. Industry is interested in learning more on the delivery on compromised initiatives and the possible impacts for industry. We want to thank the ISU for facilitating dialogues with Director Avanina to discuss information sharing and collaboration on SEC EAA policies. We're still working with collaboratively with the working groups, but we are we do feel that it's continued upon an enhanced understanding of the threat and vulnerability which is not supported by the current information sharing infrastructure. We're concerned about variances in implementation from one field office to the next, and we're still unclear as to the cooperation between DSAs and concerned about the impacts of introducing vulnerability information to the GCA outside the scope of the contract. We're interested in how CUI governance will be distinguished from under DSS and CUI. We're interested in how CUI governance will be distinguished from this government. Industry continues to be experiencing assessments to describe the CDI on unclassified networks. Under new business for NDA as DOB Investigations Transition from NB IB to DSS, we're looking forward to learning more about trusted workforce 2.0 as industry engages in the trusted workforce working groups. When it comes to small businesses with all the changes industry is concerned about small businesses and the impact on supply chain. We're still waiting for comments from DSS on the NCMS security consultant white paper concerning use of security services providers. There's a lot of new systems out there seems like they all hit us at the same time, and industry is concerned with the ability to obtain access to these systems in a timely manner. It seems that with certain systems we're applying and it's taking weeks to get access to these systems. We're still concerned when it comes to lax training for this. Next slide. Industry is still waiting for implementation information regarding travel reporting under C3. That was already talked about earlier. We're receiving 7 and 8 drafts under coordination and have requested the ability to provide input, but we're still waiting for a response. Next slide. Industry is waiting for clarification on information of the advisory committee on industrial security and industrial waste policy. We're also waiting for the slide. Maybe waiting a while. The last slide is on the legislation watch and industry is waiting more clarification on information of the advisory committee on industrial security and industrial waste policy. We're also waiting for further information on the defense policy and industry. Next slide. Industry is still waiting on a lot of things. I've been chairing Al for almost two years and I've been hearing the same things over and over again. We do your estimation to actually do something about this. Instead of having these quarterly meetings where I keep hearing the same thing. Do we need more working groups? Speaking with the government, once we leave the meetings, we need them to come back with the answers. We have the meetings and tell them what we need or what we want. We're trying to collaborate with them to help us, but we give them the information that we don't get it with the exact return. Greg, maybe what we ought to do is start holding some meetings ourselves and maybe just pick a topic and try to have a meeting about it. Sorry, I was hearing the same stuff. I agree and I appreciate as Quinn alluded to. There is a lot of different things going on in terms of a lot of systems and what have you. At the same time, it is troubling that things are, I'm not sure what the right word is, percolating but not resolved. So, yeah, it is but that seems reasonable. I mean, this is a partnership so I'm not trying to throw anyone under the bus but I've said this so many times and I think most people agree there's so much expertise on both sides, industry and government and that's where the real value I think lies in a committee like this is not just hearing about that expertise but then putting it to good use, putting it into practice. So, you know, I think so if that's the direction we need to take. I think that's right. I mean, we actually need to do something. Again, I understand too. I mean, you all, particularly DOD, take on a challenging task here with this background investigation. I mean, it's a time of enormous transition and uncertainty. I mean, if this committee can't resolve things then I wonder what the point of it is. So, I think that we need to do a better job actually getting some answers. And again, it may be answers you don't like but at least to get you an answer. I mean, something, hey, exactly. So, let's see if we can do a better job on that. I would say on behalf of the executive agent, this is Valerie Howell, that DOD does because there have been a number of speakers today from DOD and it's yourself and there will be an additional speaker. So, what do we do to the utmost of our ability and the information and the processes that are ongoing provide as up-to-date information as we can? All I can say again is we're a team and we need to work together because obviously, why are we here? It's the security of the United States. I mean, we're on the same side. So, we just need to do a better job, I think, about at least voicing what you need and then hearing what legitimate concerns are on both sides. So, we'll reach out and kind of call it a program resolution meeting because that's the point where we've got a lot of things that are on the table and I think we need at least more clarity definition as to, you know, if we can't, like you said, some things, Mr. Chair, we can't resolve in a way that industry may find favorable but they deserve a response. I know there's some things out there about this, for example, I mentioned in the beginning, the use of the consultants and for the small businesses. So, we'll frame it as a resolution type meeting and see where we can go with that if you agree. I think that would be a healthy thing to do. Okay. And as long as it's done collaboratively and obviously collegially. Okay. Anyone have any questions for... Anyone on the WebEx? No questions in the chat. Anybody on the phone for Quentin? And once again, on the phones, please press Pound 2 on your telephone keypad if you wish to ask a question. Okay. No one on the phone for Quentin. Quentin, thank you. I'm going to hear from Keith Minard from the DSS who gives an update on their initiatives and then we'll take our 10-minute break. Welcome, Keith. I guess I'm holding for breaks, though. Mr. Chair, in part of the discussion previous there, I think what we have to do is prioritize actions and look at accurate expectations on timelines to accomplish certain things. Some things do take a little bit longer with 12,200 clear facilities and 900,000 cleared employees as we work these processes. That being said, first welcome to Quentin as the new Industry Chair and also the new members of NISPAC. So first is we'll talk about NISP contract classification system. It's been a slow roll, but we're moving forward now in a hopefully decent pace. And that's thanks to our service partners out there, Army Air Force and Navy. We're really looking at getting some implementation in place. It is a flow-down system. So as we talk to industry, keep in mind that this all starts with the prime contract 254. So bear with us as we move through the process and we want to make sure that we get the effective capability in place to ensure that the optimal use of the system is there for industry. Speaking of industry, one thing I'd like to note for the smaller companies out there that unless you're subbing contracts and NCCS, down to a sub as a prime, the system itself will generate 254 from your prime and send it to you by email. So not all of industry will actually have to have NCCS as we deploy out. Quentin, in regards to help desk and information, we do have the DLA help desk that does support contract account management and CAM services for your contract account managers. Either you can go there directly and get information on our website or you can actually do the DSS Knowledge Center be referred there. We do have an email address on our website to help address operational issues outside of what DLA provides. What we really need to know, Quentin, is what's the services that we don't have right now available and what's the issues that we need to address in the future through a help desk or knowledge center to make sure we're providing the right services to the cleared industry partners and also government industry. The process of working nominees for both government and industry, primary and alternate, it's a little bit of a process that we have to go through for approvals and nominations to bear with us. We're tentatively scheduled to have a, again, I'll say tentatively scheduled to have a first advisory committee meeting in late second quarter. Actually today, Chris Forrest is actually the deputy and federal official for the committee. He's here, he's your president in this pack. So as we go along, one thing I would like to note is actually over the last couple of missed packs, we've been working with our operations inside of the house and also field personnel on the issues addressed in the NCMS White Paper. It took us a while to find out what from the field's perspective, what our issues were from our side to make sure we can have a collaborative effort with industries move along. I understand that our operations side of the house is planning an early December meeting with Michelle Sutton and about 12 industry partners on issues for small businesses, security consultants and security services. Just as a note, you may have seen it in public comment, the SF-328 certificate pertaining to foreign interest was out for comment. The fundamental changes of the document, just 10 questions didn't change. The form was updated to provide its use for the Defense Enhanced Security Program, as well as DHS as a Cognizant Security Agency for their classified critical infrastructure protection program. Again, just no questions, no change to the questions, just for its use. You heard Greg mentioned earlier about CUI, I'll just give a quick update. We're in the final stages of the recommendations and plan and plan of action that will go to the USDI based on the May 2018 memo. We're working with our government partners right now, and as we move along and once we get ahead and on and approval on the recommendations, we'll begin the process of engaging industry. The point of the industry is that this is about 10% of the entire defense industrial base for which this puts DFS as a functional manager for and a lead. So keep in mind when we start reaching out for CUI and industry as partners, the NIS will be a component of that, but we must have another 90% that we have to manage into the integration process to make sure that we're engaging the entire community. We see that over the next probably 30 to 60 days we'll have an opportunity to start looking for the right industry partners as we work through this process. We have had very good success working with our service partners and acquisitions and the DOD-CIO in this process, and we look forward to engaging over the next period of time as we implement these processes in DOD. And the last I have for you before you break is reminder, UFA learning is a transition from step. It's out there. CDSE posts new training all the time. Take a look at the CDSE website to see what's available for training. So I'll use your questions. Anyone on the phone for Keith? No questions on the phone. Thank you so much. Let's take a 10-minute break. The rest rooms are over here to the left. If you please be back in 10 minutes, we'll be at 11.45. 11.45, we can wrap it up. Okay, our next speaker will be Patricia Stokes from DVS who will update us on the transfer of investigations to DSS. Thank you. Patricia? Yes, can you hear me? Yes, ma'am. Okay, so as I mentioned earlier, I am the director of the Defense Bedding Directorate of the Defense Security Service. I updated your forum last time and as Charlie suggested I went back and looked at the notes and so I'm here to bring you up to speed on where we've been since then. As Mr. Nguyen indicated, we are all anxiously awaiting the incoming executive order, which we expect to be imminent. But that has not deterred us in any fashion on moving forward with our planning, with our NBIB partners. We are engaged daily on many facets of the transfer and I think you could probably imagine there are a myriad of them. But I can tell you that the Defense Security Service Defense Bedding Directorate team is really focused on the transformation aspects of the transition and the other heavy lifting of the acquisitions and the people, the HR components and the facilities and all of that the sundry of important things are being handled by our headquarters with the joint team with NBIB and certainly with support of the personnel vetting transformation office that Ms. Heil briefed you on earlier. The other thing that the Defense Bedding Directorate is doing in all the transfer activities this includes, and I don't want to leave this out, the transfer of the Department of Defense Consolidated Judication Facility small portions of the Defense Manpower Data Center few of their people and certainly all of the systems that support the Bedding Enterprise and then finally the Defense Information Systems Agency program executive office for the National Background Investigation System all of those entities will be transferring to the Defense Security Service soon to be renamed the Defense Security Counterintelligence Agency or Defense Counterintelligence Security Agency let me make sure I get the acronym right. So progress since the last meeting is we are also, we're working very very closely in the DVD Directorate with our National Background Investigation System partners and also the personnel transformation office again that Valerie mentioned. We're very very much aligned and supporting and participating in the trustee point O because that is defining our future. We sit on the Executive Steering Group Committee that meets monthly that will culminate at the end of this year with the presidential, a draft presidential directive and many other artifacts revisions to the Federal Investigative Standards, revision to the Adjudicative Guidelines and a myriad of other reforms. The heavy lifting on all of this work has been completed by the PAC PMO, the Performance Accountability Council Program Management Office. They have done an extraordinary job. I believe maybe the DNI may address some of this when they have the podium next. But everything that they are doing we expect to be documented and we'll get some actually relief early next year in another executive correspondence as we all know in this town it takes a while for presidential directors and executive orders and policy to be amended but that is not stopping the leadership of the PAC in reforming efforts and giving us some immediate early next year through another executive correspondence much like the three that they've previously issued to get started on some of these reform changes. The Defense DVD is ready and replaced to start executing those changes in the executive correspondence that is anticipated again early next year and what we have done since I spoke with you last is we've established something that I mentioned earlier when I cut in on the phone call. We've established our Enterprise Business Support Office. What that is for simplification for the group is really the support office the customer support office and the system development on the business side support office that will sit side by side in the Azure acquisition framework that Sheldon described in his briefing with our developmental operational counterparts. So it's really the subject matter experts that I bring to the table with the DevOps to actually build capability provide the requirements build the capabilities as the developers build the capability test out the capability at the same time we have we'll have business units that are attached to that that address the other parts of the things of deploying enterprise capabilities such as this and that will be a strategic communications team that will be able to communicate to our customers early before these deployments what's coming what to expect building the training that's necessary to understand how to execute when the capabilities are deployed in small increments addressing the policy issues with the policy makers whether it be the SECEA, the CDA or our own policy makers within the Department of Defense as we assume this mission and making sure the policies are aligning to allow us to execute these new capabilities and these new deployments and then certainly a performance in metric shops that will be measuring our every action to make sure that we are making progress in the right direction that we are executing data driven decisions and that we stay in a continuous improvement mode. Secondly we've been working on very diligently on the execution of the last executive correspondence which has provided a significant activity and I would say relief and what that did is it allowed us to defer our clean periodically investigations and put them directly into continuous evaluation program. To date we have deferred over 35,000 cases. We started this on July 31st. This is a very good news story. Why? Because we are not adding to Mr. Phelan's backlog or inventory and it's also allowing us to really kick the tires and test reform in realistic ways. So we continue to refine those business rules. We learn every week our stats keep growing. We are working with the executive agent, the security executive to refine our business rules so we can increase our deferment thresholds and our rate of cases that we're putting in deferment by sending into the inventory. And I would like to remind everybody in the room right now because this question always comes up and invariably I'll get asked is that the executive correspondence that was issued that allowed us to do this said that these cases will be reciprocally accepted by all agencies. I understand that the system of record doesn't reflect that and that's a challenge but we are not going to hold up this very, very important authorization and ability to not add to inventory and start testing our transformation and reform waiting on a system change. Perhaps Ms. Langley could give us as a group some further fidelity as to when that system change will be realized and it will be reflected in the system of record but in the meantime and I know industry is struggling greatly with this because they support multiple customers. I can tell you that the best course of action would be to touch base with your government sponsor when you get pushed back or call the vetting risk operations center industry division probably previously known to most of you as the office so we can do up to them so we can provide some assistance. That's my update. Any questions? I just have a quick question from the State Department. Identify yourself, yes, please. I did. Thank you. I just want to make sure from a user agency standpoint I don't really know who to call anymore on issues. Are you saying that you kind of think we're supposed to call you? You have the policies, you have all this stuff. Whatever that we're supposed to contact with questions or concerns. For the background investigation mission, if that's what your question is, yes, I am the kitten for the background investigation mission. What we are going to do and this call and your questions enlightens me to A, we need to put a presence on the website and we also probably need to quickly establish a enterprise business office, support office box where we can actually entertain your questions and then get back to you. I would not take responsibility for the critical technology program or the counterintelligence program but anything from the background investigation and vetting mission, yes, I am going to ask you a question. So then policy stuff is still key. I guess I'd like an org chart of DSS right now. The org chart for DSS is under development and it is with our director and once our director gets approved through the department of defense, I'm sure it will be shared. Thank you. Another question? Yes. Do we have a timeline when that guidance is going to come out for us as an agency so we can use that to help our partners and ourselves for people transition? Well, Mike, I'm going to take that for action. All right. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. I'm going to take that for action. All right. I think, I don't want to say, I think I have members from the VROC there who might be able to address what is on the website for them right now but we certainly need to get the message out. Do I have a VROC member in the audience who might be able to address what's on the site for industry and I know you're kind of in security Mike. Yes. This is Patrick Hogan with VROC. So we do have information on our website. We posted a kind of frequently asked questions related to the deferment and on there there's an email address for those kind of questions about enrollment and especially for the government customers looking to have a verification while we wait for that technical solution to catch up. Okay. Any questions on the telephone? No questions on the phone. Thank you so much. Keep in mind your defense security service. So over the next period of time you're going to see, you know, we're going from a few mission space to a large multi-mission agency so there will be a wide range of changes that go along and I'm sure as we go along those changes will be formalized as we think about the CDSE mission, the NIST mission and some kind of intelligence services post the previous background investigation mission now with a wide range of CUICTP NIST background investigation as we grow we will have to evolve and get the right organization structure out to everybody to make sure it's understanding that we no longer have what used to be single points of contact in to the NIST. Thank you so much. Our next speaker will be Valerie Curbin, ODNI. She will provide a security executive agent directive SEED policy update. Valerie on the phone? Yes. Good morning. Can you hear me? Yep. Okay. Good morning. Thank you, Mr. Chair. And on behalf of the security adjudication has been signed by the DNI as of November 9th. So at this point it's being prepared for distribution to executive departments and agencies and of course our websites will be updated shortly thereafter. There will also be a push to our security executive agent advisory committee members. So it will be forthcoming to you all for your information and for implementation within your agencies. Okay. And for an update on security executive agent directive 8, the temporary eligibility, it is still in draft and we have received our comments back from all of the agencies and it's finishing up in the adjudication process. We received many comments which we are considering a lot of those in the revisions and we are hopefully going to have it submitted to OMB for formal interagency review by the end of the year. That is our goal. And I know Charlie and Trisha spoke a little bit on trusted workforce 2.0, but for those of you unfamiliar the effort will lead to an overhaul of the security clearance process and the security and the executive steering group does include ODNI, OPM, OMB, DOD, MBIB, DHS, FBI, the IC and industry partners. They are all engaged and meeting frequently. The first step is of course to take those substantial steps to address the backlog investigation and Phase 2 which is what we're working on now is to revamp the fundamental approach and supporting policy framework to ensure it's aligned and we're overhauling the business process plans to improve timeliness, quality and effectiveness of the process to help further reduce the inventory and we're modernizing or plans to modernize the information technology architecture to expedite the migration of continuous vetting model. So these are the things that are being worked on from the executive steering group and also the PAC which has the lead on ensuring all of these decisions are brought forward by the executive steering group. And that is all I have to provide. Okay. Do you have any questions for Valerie? Yes. Greg Pinoni. Thank you, Valerie. A lot of good progress. Appreciate that. And as you may know many of us were at the AIA-NDIA conference in San Antonio last month and we had the opportunity, Bill Evinina for all the industry folks and I was two. So we had good discussion. I would characterize it as far as the back and forth flow of exchange of information. One of the items you mentioned on the trusted workforce 2.0 and that there are industry members on that group and I understand there are two. I believe it's Doug Thomas and Hilibrand. But evidently from what I've heard from my industry colleagues is that they're not allowed to participate in the working group. So I'd ask that you take that back to Mr. Evinina to see if there's something we can do here to large the aperture just a little bit. You know, we're only talking about the AT&T NISPAC industry members as far as being able to share and utilize their expertise to have more input from industry on that group. I will take that back. I just also want to caution you that a lot of the information is pre-deliverative and they're making decisions. So some information is not even being shared outside of this group at this point. But there will be the opportunities for some stakeholder input. So I'll let the PAC know and also Mr. Evinina that you're addressing that. Thank you. Mr. Evinina, that you're addressing that concern. Yeah, Bob Harding, NISPAC. Valerie on the kind of in the same vein as Greg's question but with the seed that is about to be published since industry had no view into that at all or ability to input, is there any language in there regarding CE and reciprocity and for seed aid now that it's in kind of its infant stages is there any chance as Bill had alluded to to having the NISPAC be able to have some level of review and comment on that through the approval process. Bob, in regard to seed 7 it does talk about different ways of accepting reciprocity and you all will be seeing that. I don't want to get into all the specifics. But for seed 8 we're just at the process now it's going to be ready for OMB and as far as I know OMB only goes out to agencies for formal comment. So we're still looking at ways to possibly share it with you through the process but at this point we're still moving ahead to get it to OMB. Still in draft. Any other questions for Valerie? Elena, is it? No questions. Anyone have questions for Valerie on the telephone? A reminder to those on the phone if you wish to ask a verbal question at any time please press pound 2 on your phone. No questions on the phone at this time. Thank you Valerie. Well next year from Mark Riddle of my office on the implementation of the control on classified information program. Hopefully everybody can hear me. This is going to be a pretty short update I think so this will be refreshing. So generally right now of course we're in the middle of agency implementation and agency reporting on their efforts to implement the program. The majority of the agencies in the executive branch have reported to us on their status and already a number of agencies are asserting full compliance with the CY program. This means that they have policy training that they've transitioned their physical environment systems to the standards of the program which is great. Now is going to start the work of validation of what we love to hear of inspection. So I sue over sites in our role in regard to the CY program so we are going to be going out and evaluating and assessing every agency that asserts full completion of all of our milestones related to implementation or also if any agency out there has a complete policy training module you're going to see stepping out into the executive branch and validating and making whatever course corrections are necessary to ensure that there is alignment with the program stand. Of course the results of the annual report submissions from agencies will be detailed in our annual report to the president. Generally based on what I'm seeing compared to fiscal year 17 we have seen a lot of movement largely because money has been flowing from agency sources in the way of implementation of the CY program so as a result we've seen a lot of movement among a lot of agencies. We've also been out of two years so they got some momentum but what you can expect in what we're predicting is that once agencies issue that agency level implementing policy everything seems to follow pretty aggressively. System transition, physical environments we'll have to come on that of course. Now the CY registry is what we protect in the CY program. If you haven't been there yet I highly recommend that you do a visit to the CY registry page. It lists all the categories of CY along with guidance documents that we issue to help agencies and other stakeholders industry, state local tribal academic institutions who are subject to the requirements of the program. Guidance to help them understand the program as best they can. Also what you'll notice it's been a while since we've been out here ISOO has developed a number of training modules to assist agencies and stakeholders train the workforce on the standards of the program. These training videos are posted on our page and also hosted off of YouTube. They're free for all to use. A number of cabinet level agencies are also using these to satisfy the training requirements of the program. We highly recommend that you take a look. You don't have to use them but they will save you on the development of these training modules. We address everything to document marketing and of course the concepts of law for government purpose and of course our relationship to the Freedom of Information Act. In regard to notices one of the things that you'll notice about the CY program is that we issue how this program is structured or how it should be implemented. Over the next let's say 30 days you're going to see a number of new notices hit the streets that are going to assist agencies in the program. Document destruction to provisional categories to even the process and control markings. Moving quickly to my third bullet here about the Federal Acquisition Regulation what this is going to do for the government once it officially takes hold is it's going to standardize the way that executive branch agencies convey safeguard and guidance to non-federal entities. Right now there is some inconsistencies of course as you know whenever an agency enters into an agreement with a non-federal entity they're often times referencing their policies and procedures and their naming conventions associated with sensitive information. Once the FAR hits the streets right now it should be sometime in the summer that message will be consistent. Everybody in the room is familiar with the DD-254 which is that form that agencies use right now to convey the safeguarding requirements related to classified information. The CUI FAR will have a similar type of form accompanying where agencies when they issue a contract that for CUIs involved they will be required to complete this form where the categories of information regarding standards, dissemination controls will all be conveyed. One of the goals that you'll see, one of our goals of course is to make things better and we believe that the federal acquisition regulation will make that process and bring a lot of clarity to how agencies convey that safeguarding guide. One of the things you can expect of course is that the public will get an opportunity and industry will get an opportunity to comment on the federal acquisition regulation. Right now we project that the FAR will be out for public comment sometime near the end of January of 2019. If you subscribe to the CUI broad you'll get an update about when that regulation is out there for public consumption. I encourage everybody to take a peek at it and provide some comments to make it better. Like the regulatory process, the more hands that we have in that process the better the product will be and what it's going to affect you. For sure, I would highly recommend you take a look and provide those comments. My fourth bill here speaks to our regular update that we perform to stakeholders. Every quarter, of course, the CUI program has a webinar for all stakeholders of the CUI program. This is eight state local tribal everybody tunes in and asks questions in regard to the program. It's also a way for us just to convey about the federal acquisition regulation, new training modules that we've developed, awareness products, but it's also just a great form for Q&A or even just for us to solicit suggestions from the stakeholders of the CUI program. Initiatives that we have underway in the CUI program that eventually manifest themselves notice come from the stakeholder discussion. If you haven't participated and tuned into those things, you do also as the executive agent for the program, we have a very open door as far as communication goes. Anybody can contact us through our inbox or ask a question, offer a suggestion. I guarantee you every one of those will be reviewed and you will get a response. Due to the volume it does take us some time to get back to everybody, but somebody will get back to you and incorporate those things. Stay close to briefing. The next one will be February 14th, 1 to 3. Of course, that would be available on our CUI blog. Also, lastly to close out, on December 10th, we're planning a CUI industry day and that is exactly what it sounds like where we're two years into implementation. A number of industry folks and agencies want to form where they can get out there to talk about the products and services that they've developed to assist agencies and other stakeholders as they implement the program. It's a free event. The schedule of all the vendors and also the presenters are posted to the CUI blog. We encourage you to kind of spread the word. If you want to attend, of course, just through a quick email to CUIatNara.gov, let us know that you're planning to come and that you're planning to bring a full turnout, which it already looks like we're going to. We'll probably do this again for summer. So keep that in mind. Everything that we do in regard to industry day is first come first served, meaning that as soon as we drop the notice to our CUI blog that we're having this thing, we get flooded with requests to be a presenter or to even have a booth at the event. Our only criteria is that whatever you're presenting or whatever you're presenting as something to do with CUI, and I think that industry really provided a really great agenda for us. We have folks who are talking about automated marketing tools for the electronic environment, of course. Destruction requirements. Folks are out there who are companies and agencies with compliance to the standards of the CUI program for the electronic environment. That's the SP853 for the government folks. Really good stuff. Just a word of caution and we have to say this is that of course I see we have not evaluated any of these products and services. Agencies already are using some of these and they've conducted the evaluation. So we always say, you know, buy with caution. Always do your own evaluation before you start signing out those checks. And I think at this time I'll open it up for questions for everybody on the WebEx and the call in the room. We're going to make a comment. I want to, I assume responsibility for CUI end of July and I really want to commend Mark Riddle in particular and the entire CUI team in general. They've done a fantastic job. Probably many of you know it's been an uneven process getting this CUI program implemented. We're seeing some good, really good progress and a lot of that goes to Mark and the team. I'll put this out. I did check with the boss. It just occurred to me we have a CUI advisory council which is all government right now. We'll check the charter and bylaws but I don't believe there's any reason why we couldn't extend at least an observer role to a non-federal entity on that advisory council that meets about monthly. So we're going to look at that and put that out. You don't have to keep it just to the mist because it's much bigger than that. One of the great things of course is that we chair the CUI advisory council which is comprised of about 26 agencies, cabinet agencies and also some of the suspects that you would expect to see there. This is something that we'll definitely raise at our next council meeting which is December 13th and possibly open it up for industry. Right now of course some things that we talk about at the CUI advisory council that would be appropriate for industry to be there because we're talking about changing the market and some standards and we don't want to get absolutely I think that when we need in probably as early as January we might open that one up. We always have a pretty open phone line and we have to have you RSVP but keep an eye out for that if you do open something up at the next council meeting we'll probably post it to the blog that's really great. Are there any other questions? Comments? And as a reminder to our virtual audience if you wish to ask a verbal question please press pound two on your phone and your line will be unmuted or if you prefer to submit a written chat please use the chat panel and send questions to all panelists to be read out loud. Sounds like you have no questions so I'll take them off. We're going to move rapidly into our next slide, you're going to start with the insider threatening. Carl Hellman will give this one on this update. Thank you Mr. Chair. I'll try to be quick. Insider Threat Working Group we did convene a meeting on October 30th purpose was to evaluate the process the government will use to evaluate the effectiveness of contractor insider threat programs and in general to provide a forum to discuss ways to improve the program. The government received excuse me the group received two briefings one on the DOD ITP policy and foundational documents and one from DSS which was an overview on insider threat effectiveness. The primary principles for the program for effectiveness, program effectiveness conveyed where program management awareness training information systems protection collection and integration and analysis and response. Each of these principles have associated ITP requirements and corresponding assessment products excuse me factors for determining the effectiveness of their implementation. Other points in evaluating effectiveness discussed including consideration of the whole program as well as the size and complexity of compliance not necessarily determining effectiveness and an ineffective program may impact the overall security rating. In sum there are three steps to evaluation of ITP effectiveness review program requirements assess program implementation and determine effectiveness. The group plans to meet again sometime in mid-January or early February we encourage in particular the other CSAs DOD was terrific they were well represented as a say and these briefings came from them but we would ask that the other CSAs come join us and discuss their approach to evaluating the effectiveness of the insider threat. Are there any questions? Anyone on the phone for the insider working group? No questions on the phone. Carl? Step up. I'll give us the latest comment. I still have one comment that I just got out here they say they have 10 minutes left on the call so 10 minutes left. Carl go ahead. Thank you Mr. Chairman moving rather quickly just one to update on what the NISA working group is working on and what the NISA is working on. Since our last meeting one of the things that we were talking about is our transition to E-MAS is our system of record for assessment and authorization of classified systems. We had initially been looking at a launch date of that a transition date of that of October 1 we ran into an issue with the access to the training site which is maintained by DISA so DISA, NDIA and ACNS we delayed our transition DISA was able to fix the issues with access and so we now have some dates for our transition to E-MAS as the system of record. March 18, 2019 will be our transition date. We will also have a new version of our process manual available in mid-Debruary so we want to read it and comprehend it. We used the NISA working group as a point of reference for industry to get feedback on the process manual we had already completed that because we were scheduling to do that in October so probably in late December early January we will use the working group to send out what is going to be the final draft for one last comment from industry some of our government stakeholders and as always any information we have on the NIST risk management framework process and our E-MAS process falls under our dss.nl slash rms one of the proposals that I don't know if we can go down and see one of the things that we are working on within the working group is a proposal systems initiative we had a lot of feedback from industry on the ability to get proposal systems authorized and up and running quickly to work with the speed of business so we have asked our industry partners we have loaded out a couple of different items there are ways that we can look at expedite this and I think the industry owes us feedback by the end of this month through the working group we have been working with the other CSAs on this also certainly we have been working with the staff CIO on this effort we have been working with CIA their industrial security folks have a very good proposal system template so we are not going to try to reinvent the wheel we are going to try to take the best efforts that people have already done and come up with a more consistent way of having those be submitted throughout from industry throughout all the folks who do accreditation so that we can get those done on a little quicker basis so that is one of our big hot topics from the working group maybe we will go maybe we won't so my last slide is to talk about the metrics for those of you from industry who were around at the industry stakeholders just a little bit about the DSS metrics we are measuring workload and resources currently for our senior leadership both in the field and at headquarters the idea being that where we and we are doing it by regions is to figure out where we have the most workload where we have the most impact and direct resources to that currently on a rolling 12 month basis we received about 450 FST submissions for classified systems and we are currently producing about 350 authorizations to operate from those systems about 15% of the submissions we received we return back to industry for corrections of the plan whether it is lacking some sort of detail or some sort of information and just a little under 10% of the overall systems that we receive are either denied by DSS straight away or cancelled by industry so that kind of affects some of but one of the things that if that's why we're moving forward I could have showed you is that we see bubbles and we see attempts to leverage bandwidth in the northern region we had a bubble of workload and in the capital region of DSS we had some availability of resources and we are in the middle of a 12 week effort of sending folks in the capital region to the northern region to work down that bubble so we are using our current inventory of plans that we're reviewing and we're also looking at what's coming to do what things are aspiring in the next 90 and 180 days so we can do some workforce planning. Is there a subject to your questions? Any questions on the phone for Carl? No questions on the phone. Thank you so much. Sir, I'll go cede my time because it's really a summation of everything that's been talked about already from the seeds to the other things so in the interest of getting the stats and what not I suggest we move forward. I accept that. Moving to the statistics part now on the personal security clearance performance methods. We'll start with Olga Delgada Hi, can you hear me? Wonderful. Hi, I'm Olga Delgada. I'm just going to provide an overview of where we stand with the ICs and the SS's security clearances at this time. So the data and the stack next slide we're on slide two really identifies security clearance processing for contractor cases the data for industry for DOD is provided by OPM and IC contract data is provided by the following agencies CIA, BIA, FBI and GA, NRO, NSA and the Department of State and the timeline of data is being provided to really report the length of time that contractor cases take not contractor performance. We don't account for pre and post work. And unless otherwise specified in the DAC initial secret data is a combination of legacy investigative types to align with the FIS. So also the tier three investigations. Next slide. This slide three highlights the timeliness methodology and evolution. So you could see how this has transformed since 2004 we're currently in the process of evaluating what elements should or should not be changed and modified and this is a part of the trusted workforce 2.0 effort. Next slide. Slide four highlights by quarter the average days of the fastest 90% of reported clearance decisions made for the IC and DSS. So in comparing FY 18 quarter three which is the orange bar and the FY quarter four which is the purple bar if you take a look across the spectrum you'll see for secret confidential cases there was a slight increase in time. If you take a look at the top secret cases you'll see a slight decrease between quarters three and four and then of course for PRs you'll see a slight increase as well. And I do have a little caveat here on this slide. This data is all inclusive however we've only included a submission up to quarter three we are still missing a few submissions from agencies to complete quarter four so that you can get back to that item highlighted there. Slide five speaks to secret clients for the IC and VOZ. If you take a look at that as well between quarters one and quarters four you'll note several differences. If you take a look at quarter one it took 31 days to initiate an investigation and currently in quarter four it's taking 39 days. So to get after this we are encouraging both industry and executive branch departments and agencies to assist with that process to include to ensure an efficient investigation. And for those that have been contacted we thank you for your support in getting after that process and come to find those efficiencies. Also if you take a look at quarter one and quarter three you'll see a slight reduction in days. Next slide. Slide six. Here we have the highlight which speaks to top secret clients. Slide nine. Again if you take a look down for quarters one and four the initiation dates were doing better for top secret clients in five few days but on the top end you'll see a slight reduction of days as well in terms of processing. So we're hopeful that we'll continue to see that decline. Moving on to slide seven one and four. Quarter one, four initiations it took 62 days to initiate a PR and now we're down to 42 days so again different strikes have been taken to reduce these days and to find those efficiencies upfront to ensure the complete submission of these PRs as well for those that are required for work. And of course this might increase in days overall. Next slide. If you have any questions feel free to send us an email at techiea.dmi.gov. That's all I have. Any questions for Olga? Patrick Hogan, DOD. DSS. I just provide you guys with a kind of year review for FY 18. We don't have the numbers up on display so I'll go ahead and just read those through to you. Our continued budget challenges of course DSS was metering investigations at the end of the year reaching a high of 23,855 cases in August of 2018. We did receive end of year budget reprogramming which enabled us to significantly reduce the equip front end inventory and end of the year with our smallest inventory on record of 2,980 cases. Our FY 18 metrics included more than 163,000 industry safety metals 95,000 interim determinations processed averaging 20 days and 108,000 knowledge center calls. FY 19 is looking positive and we continue to drive towards a steady state of equip submissions customer service request and incident report processing. Questions? Steve DiMarco, DOD. I will be giving you the status of the CAF's inventory for industry cases right now. As you can see from the slide here the inventory has doubled since the end of the third quarter. That's due to a number of factors. The factors are MBIB has put additional resources in processing their investigating their cases. That has caused a surge in the number of cases we're getting in. They have also implemented some additional measures to close their cases out and again that's also causing a surge. That's one reason we've had ingest issues as far as communications between MBIB and DMBC and making sure we're getting all the cases in. They do the reconciliations and they find large numbers of cases that were not adjusted the way they were supposed to. Work with DMBC and MBIB we get those cases and they put them in large blocks. It could be tens of thousands of cases. So they're not coming in in a consistent level as well. Probably the longest pull in the tent is network issues or actually application issues. DSS or DISS I should say is not operating optimally for us. There's a lot of challenges with the workflows in DISS. We are seeing a reduced capacity than putting cases through the system. We are working with DMBC every day for change requests to try and get those workflows to be optimized. They're extremely rigid and we just can't process cases as quickly. While we work with DMBC on those change requests we are also looking internally as well. We are looking to optimize our own internal processes. We are looking at potentially restructuring where divisions are set up. We are going through and trying to change our processes to work with the system instead of having the system work for us. That's kind of backwards but that's where we are and that's what we're doing to try and change the situation. Fortunately the trains you're seeing here are going to continue for fiscal year 2022. We expect our backlog to grow tremendously over the next few years. We are programming for additional resources but as usual resources take time to get. We have to program for them, we have to get approved, we have to go out and hire them and then to train a fully functioning processes for two years. We have a lot of obstacles. We are working to overcome them every day but that impacts our inventory which will go up, our backlogs will go up and our timelines are going to grow. You can see here in September we were still while we were above the mandated timelines we were actually not doing so bad. The other good news is the industry portfolio is the healthiest portfolio right now within the industry. That's a good news story at least for industry but that story is going to progressively get a little as we get more work in. Some of the key takeaways are when we shut down the legacy disco tax we had some issues with the document migration those have been fixed. So now we can request those documents. We have latency again either network latency or application latency. We do not have access to legacy cats any longer so any time we do have missing documents we have to put a request in. It is a button and DMVC has been pretty good about getting those in within 24 hours. Again we continue to work in partnership with USCI, DVD, and VIB and we are trying to set up successfully to work these challenges and to work through the Simmons audience. But we will work on it. We will continue to get reports to let you know where we are on this. That does not. I'm just going to open up questions to see if everybody has anything. You're made for your candid no matter how depressing. It's a story, not necessarily a good news story. While you're at the story. I appreciate that. I believe that the truth. All right. Terry Russell. Hunter Doha. Okay. Good morning. Thank you very much. This is actually a brief good news story because Doha does not have a backlog. The Defense Office of Hearing and Appeals obviously is the authority for denials or revocations in industry. Right now we have less than 900 active cases and included among those are the roughly 130 cases here current in legal reviews and current in getting cases hearing. We recognize that as over the summer there was authority for granting the ability to close cases short and with the introduction of much larger populations into new evaluation. It is likely that the workload hitting the DOD cap is going to, as Steve says, continue to increase. The good news for us at Doha is one, we're ready for whatever increases coming at us because we do not have a backlog. The other good news is that historically over the last 30 years the number of denials and revocations that have come out of either the claims application process or background investigations has been less than 100%. As I've often said, the purpose of the personnel security process is to look for the needle in the haystack that after who either is an insider threat or is somebody who should not have accessibility for access to classified information. As long as we don't make the haystack bigger the number of needles that we're catching is going to remain relatively constant. I'm optimistic especially we're working with the DOD cap and whatever problems you've heard about with DISS, they are not affecting us at Doha because we work with the cap to work around all of our new process cases directly from the cap immediately to the cap and with no chance of end cases. In that regard, industry is not only the healthiest portfolio at the cap but Doha is healthy in how we're working with the cap to handle it. Any questions for Karen? Do you foresee in your process the 2020 the cap is not going to be out of trouble until 2020? Well, Doha receives what we receive so I would say it would be impossible for it to not have some effect but as of right now because of the way we're working directly with the cap on getting the statements and again the statements of reason get a legal review at Doha so we have sort of an early warning system there because we can see when we see an uptake in graph statements of reasons that tells us that we're going to be seeing more during cases done and while some number of people after they get their statement of reasons may decide to not go forward with the process it's still a good early indicator of reasons are like the canary in the coal mine and so we have not yet seen a major uptake in that but when we do we'll know that we need to get up for what's coming next. Anyone else for Karen? Thank you very much. Thank you. Okay, now we move into our open forum discussion which is my favorite part of the show so anyway I mean please grab the mic and say what you want to say. I'll put in a quick plug December 6th right here in this room, ISU is having a 40th anniversary half day celebration the primary focus of course is information security we'll have all the living ISU directors present for a panel as well as a keynote speaker so you're all invited you can go to the www.archives.gov forward slash ISU email alecra at nara.gov if you would like to attend it will be in the morning we'll have some cake and coffee and a bunch afterwards so it should be a good show. Keith. Dennis Keith in this pack. I want to go back to just quickly a comment that you made earlier before we broke with regards to the relative utility of this group. I feel pretty strongly that this group has a very important function to perform for industry and US government and the primary purpose of that function is transparency. We have a governance problem right now with regards to how efficiently we tackle the issues but the most important thing we do when we get together quarterly is to be transparent with each other all solutions that are beneficial both for the government and for industry. To the degree that we're not doing that right now we can fix that. That's our choice to fix that. I want to just attest to the leadership we have at the table there and their ability to address these issues collaboratively and productively for industry. Well said. I agree. There's no point in keeping us here on a snowy day. I don't know. First in this pack meeting for 2019, tentatively the date is March 13th here at the National Archives we're going to try to acquire this theater in July and November and expect to have base lined up in the next two weeks. You can imagine the reservations on this theater are tough. As mentioned earlier, announcements are made in the Federal Register about a month before each meeting so that's where you can always turn to. Without that, any further comment? Just one thing. We have a few hiccups today so we appreciate your feedback. We would like to be more efficient to do this as best possible. Feel free to send me an e-mail or Robert Tringale or Carolina Clink. Thanks. Please drive safely on your way out of here. Meeting adjourned. Nicely done. Thank you to all those who joined today's session. The session has completed and you may disconnect.