Skip to main content
U.S. flag

An official website of the United States government

Public Trust and Information Technology Security Review

By Human Capital

 

To: All USGS Employees
From: Karen Siderelis, Geographic Information Officer and S. Kaye Cook, Chief, Office of Human Resources
Subject: Public Trust and Information Technology Security Review

 

Heightened national security awareness and increasing incidents of computer hacking and other malicious access to information technology (IT) systems have made it necessary to take precautions to safeguard Federal information assets from unlawful entry or compromise. Part of these precautions include making sure that individuals with whom we entrust important public service functions have had the appropriate background checks. Across the Federal Government, agencies have increased their emphasis on complying with established and emerging security guidelines. Within the Department of the Interior (DOI) steps are being taken to ensure compliance with the Federal Information Security Management Act and the public trust regulations issued by the Office of Human Resources Management (OPM) (see a description of public trust positions below). As a result, USGS must also ensure full compliance.

 

What Does This Means to Me?

To comply, employees in positions with public trust and IT security responsibilities must undergo the appropriate background investigation. While we anticipate that the majority of you have had the appropriate background investigation, employees who have not will be required to do so. New employees in positions with public trust and IT security responsibilities will be required to undergo the appropriate background investigation when placed in the job.

 

What Type of Positions Will be Covered by This Requirement?

All Federal positions are subject to some type of background investigation or clearance depending upon the duties and responsibilities of the position or the level of access to national security data or systems required to perform the work. The majority of USGS positions do not require access to national security data or systems and are considered Low Risk when compared to public trust or IT security risk criteria. For Low Risk positions, a National Agency Check and Inquiry (NACI) background investigation is required; and, the vast majority of employees receive this when first entering Federal service. The USGS positions that are considered Moderate or High Risk when compared to public trust and/or IT Security risk criteria—and are the primary focus of this review—include the following:

Public Trust

  • High and mid-level management positions (e.g., Senior Executive Service [SES] members, direct reports to SES positions, and similar high or mid-level positions).
  • Positions with major responsibilities for policy development and implementation (e.g., senior level positions typically found at the headquarters level).
  • Independent spokespersons for the bureau (e.g., positions with responsibility for representing the USGS with the media and before Congress).
  • Positions with responsibilities that demand public trust or confidence (e.g., senior level management positions, positions with access to proprietary and/or Privacy Act data, procurement and contract officers, etc.).
  • Positions that can authorize disbursement of Federal funds (e.g., positions with fiduciary responsibilities such as administrative officers, purchasing agents, etc.).

IT Security

  • Positions with significant IT security responsibilities (e.g., positions with advanced rights beyond that of a regular user to include database, network, mail and system administrators, programmers, IT security managers, system owners, information owners, and system program managers. In addition, positions that have programmatic and/or management control over system resources are also included.

 

Who Will Determine If I Need a Background Investigation and How Will I Find Out?

Bureau managers and IT system owners and/or security managers, in conjunction with the Human Resources Office (HRO), will review all bureau positions against the Public Trust and IT security risk criteria to determine the appropriate risk level for the position. In addition, the HRO will review the Official Personnel Folders (OPFs) for all covered employees to determine the level of background investigation that the employee has undergone. If it is determined that an employee needs a background investigation or a higher level of background investigation than what he or she currently possesses, the employee and his or her field center manager will receive a specific notice and instructions from the HRO.

 

Who Conducts the Investigation and Who Will Have Access to the Results?

OPM will conduct the investigations. Results are sent from OPM to specific staff members in the HRO who review and adjudicate the investigation. When completed, all supporting documentation is destroyed by the HRO and a copy of the approval is filed in the employee’s OPF. No one in the USGS, other than the HRO staff member, has access to the investigation results. If the results are negative or derogatory in nature and are of significant concern to the adjudicator, the supervisor will be consulted.

 

How Many Employees Will Be Impacted?

The exact number of employees who will be impacted cannot be determined until the review of positions and employees’ OPFs is complete. We estimate approximately 100-200 positions in the bureau will be designated as High Risk. However, we expect that many of the employees in those positions will already have the adequate level of investigation.

We estimate 800-1200 positions will be designated as Moderate Risk and that many of these employees will not have undergone the appropriate background investigation for the position. Most of these employees will be in positions that have IT security, policy, management, or fiduciary responsibilities and/or have access to proprietary or Privacy Act data.

 

Who Will Pay for the Background Investigation and What is the Cost?

Costs for background investigations are paid by the individual field centers. A Moderate Risk position requires a minimum background investigation that costs approximately $450 per person. A High Risk position requires a full background investigation that costs approximately $2,500. The USGS has requested approval from DOI for a modified approach for current employees in Moderate Risk positions requiring an investigation. We anticipate a response from DOI in the next several weeks. If approved, the cost would be approximately $50 per employee. In addition, the paperwork the employee would be required to complete for the modified approach would be significantly less. Employees in High Risk positions, who need to undergo a background investigation, will be required to have the full investigation.

 

How Can I Find More Information?

More information, questions and answers, and links to regulations and guidance can be found on the Personnel Suitability Guidance page. In addition, we will strive to keep you informed of the status of these activities.

 

When Will This Happen?

This will be a large project that will take several months to complete. We will begin immediately and focus on positions with IT security responsibilities in order to comply with FISMA. Thereafter, we will begin reviewing the rest of the positions in the bureau.

 

What Are The Next Steps?

USGS efforts will initially be aimed at FISMA compliance. DOI has determined that all employees with IT security responsibilities (defined by DOI as any employee with advanced level of access to an IT system beyond that of a regular user) must have those responsibilities outlined in their official position description and incorporated into their performance plan. To meet this requirement, the Bureau IT Security Manager (BITSM), Regional Geographic Information Officers, and IT System Owners/Security Managers, in conjunction with the HRO, have developed a list of all employees who meet this definition. Using this list, the HRO will amend the position descriptions of all covered employees with a generic duty statement. We anticipate that this initial effort will capture the majority of employees with IT security responsibilities, but not all. As we continue to refine the list we anticipate additional employees will be added.

If your position is identified as having IT security responsibilities, you will receive a position classification amendment that describes these responsibilities. You should retain the amendment with your copy of your current position description. In addition, your performance plan will be amended if the plan does not already include your IT security responsibilities in the critical elements. If amended, your supervisor will provide you with a copy of the amended performance plan and discuss the new performance expectations with you.

Concurrent with the above activity, IT System Owners/Security Managers, the BITSM, and HRO will review IT security positions in relation to the Public Trust and IT security criteria to determine the risk level of these positions. The results of this review will be made available to the respective supervisors and employees.

We appreciate your cooperation in this important effort to comply with government-wide Public Trust and IT security requirements. If you have any questions, please contact your human resources specialist.

 

« Return to Personnel Suitability Guidance Position Sensitivity and Public Trust Risk Level Determinations