DOD Needs IT Support for Security Clearance Background Investigations Program


The Defense Counterintelligence and Security Agency took over management of the background investigations process but does not own all of the related IT systems—yet.

With less than one year left to prepare to take responsibility for the IT systems supporting the nation’s background investigations for security clearances, the Defense Department office managing the program put out a notice searching for an IT support vendor.

The Defense Counterintelligence and Security Agency, or DCSA, formerly the Defense Security Service, took over management of the National Background Investigations Service in October 2019. Before the move, background checks on prospective and current federal employees were conducted by the Office of Personnel Management’s National Background Investigations Bureau, an outfit created in the wake of the 2015 security breach that exposed the personal information of tens of millions of Americans.

After a few years of building up the NBIB—and managing through a subsequent backlog of investigations that reached a height of 725,000 in April 2018—Congress opted to move the program wholesale to DOD.

While the entire background investigations team moved from OPM to DOD in October 2019, the former still owns and operates much of the IT infrastructure.

A recent OPM inspector general report noted that while DCSA took over responsibility for conducting background checks, the agency was not prepared to take ownership of the mainframe system that manages the process. Under the current timeline, DCSA is set to take full ownership of that system by October 2021.

As DCSA prepares to take on the full security clearance IT stack, the office is looking for an IT support vendor to help manage it all. The agency issued a sources sought notice this week to identify whether a small business would be suitable.  

“These services include requirements analysis, software engineering and development, systems integration and interoperability, data engineering and management, test, deployment, development/security/operations—DevSecOps—cloud, infrastructure engineering and transitioning systems to operations,” the notice states.

The contract will be split into multiple parts, including two mandatory tasks focused on developing a contract management plan and issuing monthly reports and managing development and deployment services.

Under development and deployment, the contract will focus on software engineering, including creating a software development guide, performing software assurance, managing source code and developing capacity and security plans, among other deliverables.

The performance work statement outlines five optional subtasks, including systems integration and interoperability, data engineering and management, testing, architectural cloud services, and system administration. The PWS document has additional details on each subtask.

Along with the main two deliverables, the contract also includes three optional task areas: 

  • Infrastructure and engineering services, including managing network operations and a NBIS dashboard; tier II and III help desks; software, application and firmware maintenance; asset, configuration, change and knowledge management; and cybersecurity services.
  • Cybersecurity packages support, including repository file management.
  • Managed cloud services, including developing a cloud concept of operations document, white papers and engineering and technical documents.

Responses to the RFI are due Nov. 30.

The new support contract is set to begin Feb. 1, 2021, with a one-year base period and four three-month add-on options.