Continuous Evaluation vs. Continuous Vetting
We have heard a lot about Continuous Evaluation (CE) and Continuous Vetting (CV) and many get confused with the terminology, mistakenly using them interchangeably. However, CE and CV are not the same thing and have key differences. CE is the vetting process that reviews the background of individuals who hold a security clearance or to work in a sensitive position. CE is a process that relies on automated record checks and business rules to continually assess an individual’s clearance eligibility and is just one component of the greater continuous vetting efforts. In accordance with security clearance reform efforts, CE will evolve into the CV model.
CV is a more robust, real-time review of a person’s background to determine if an individual continues to meet applicable requirements. CV is a combination of automated records checks, self-reporting, agency specific reporting, insider threat reporting, and other analytical processes that are executed continuously to determine if a cleared person can remain a trusted insider. The Office of the Director of National Security (ODNI) published guidance in June 2018 deferring periodic reinvestigations (PR) and I fully expect CV will entirely replace the five and 10-year PRs’ with real-time automated checks to evaluate and determine whether security risks exist.
Security clearance holders should keep in mind, regardless of whether you are enrolled in CE, reporting requirements are still hold true. CE is a mechanism to identify unreported information that most likely should have been self-reported to a security manager. Many incident reports are closed out within a matter of days. For those incidents that require further investigation or adjudication, additional reviews of the case are required but ultimately the intent is to mitigate the issue — not to revoke a clearance.