How a Continuous Evaluation Program Strengthens Security Against Internal Threats


Organizational leader making the switch to a continuous evaluation program to increase securityUntil recently, Department of Defense (DoD) security clearance holders were investigated every five to 10 years to determine if they continued to meet the requirements for their clearance level. Now, the DoD is implementing continuous vetting (CV) using continuous evaluation (CE). A continuous evaluation program offers more continuous monitoring and security. This automated process modernizes security practices to alert agencies to changes in personnel status in a timely fashion.

Continuous vetting means looking at an individual’s background to see if it continues to meet the initial application requirements. Continuous evaluation is the process used to provide the data for continuous vetting. For example, suppose a security clearance holder receives a driving citation. With a continuous evaluation program, or CE program, that citation will be reported the next day. If the individual has had multiple citations within a matter of months, the individual may be flagged for further evaluation.

What Is Continuous Evaluation?

The CE program is an automated system that checks records according to established rules that align with the Federal Investigative Standards. The automated system performs these checks 24/7/365. The system checks criminal records, suspicious financial transactions, travel records, various databases, and public records for activities that disqualify an individual from having a security clearance.

This real-time evaluation of data points allows the DoD to identify immediate risks instead of waiting for a five-year review. For example, suppose an employee with a high-security clearance performs several financial transactions that are out of character three days after the security clearance is renewed. Under the old system, the organization might not re-evaluate the individual’s activities for at least five years. That’s plenty of time for the individual to become a serious insider threat.

What Is Continuous Vetting?

Although the existing vetting process continues alongside the CE program, the goal is to reduce or eliminate the cyclical vetting process. The system will continuously monitor individuals with security clearances for activities that violate security requirements. The continuous vetting process will flag any suspicious actions. Investigative resources beyond the CE process are used to determine if the clearance holder is a security risk.

Using the financial example from before, vetting would include looking at the specific transactions and deposits to determine the income source. For example, increased cash withdrawals might indicate activities that make employees vulnerable to compromise. The goal of the program is to identify and remove the risk before (rather than after) a security breach.

How Does the CE Program Work?

The DoD has already moved to the CE program, and other government agencies have adopted the same process. Anyone working with or for the executive branch, for example, has a CE security clearance. For DoD personnel, anyone having access to classified or sensitive information falls under the CE program.

As part of receiving an initial security clearance, everyone signs a release. The form gives the United States government the right to conduct background investigations, reinvestigations, and continuous evaluation for the purpose of attaining and retaining a security clearance. The automation of that process does not invalidate the release.

The continuous evaluation program feeds into the DoD’s national initiative to focus on internal threats and extremist affiliations. Continuous monitoring can identify questionable activities that might be a threat to national security long before they would appear on a standard five- to ten-year review. However, the alert is only a notification that additional evaluation should be performed to determine the associated risk. It is up to the investigative resources to decide if the reported violation is worth pursuing. 

Whether it is through cybersecurity gaps, internal threats, or other nation-states, the risk to national security continues to grow. Every individual or organization in the supply chain that supports the nation’s infrastructure represents a potential vulnerability. With the DoD’s CE program, government agencies are addressing internal security risks. If your organization is concerned with its security processes, contact us. We have the experience to help.