This is the accessible text file for GAO report number GAO-09-351 entitled 'Contingency Contract Management: DOD Needs to Develop and Finalize Background Screening and Other Standards for Private Security Contractors' which was released on July 31, 2009. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Committees: United States Government Accountability Office: GAO: July 2009: Contingency Contract Management: DOD Needs to Develop and Finalize Background Screening and Other Standards for Private Security Contractors: GAO-09-351: GAO Highlights: Highlights of GAO-09-351, a report to congressional committees. Why GAO Did This Study: Currently in Iraq, there are thousands of private security contractor (PSC) personnel supporting DOD and State, many of whom are foreign nationals. Congressional concerns about the selection, training, equipping, and conduct of personnel performing private security functions in Iraq are reflected in a provision in the fiscal year 2008 National Defense Authorization Act (NDAA) that directs DOD to develop guidance on PSCs. This report examines the extent (1) that DOD and State have developed and implemented policies and procedures to ensure that the backgrounds of PSC employees have been screened and (2) that DOD has developed guidance to implement the provisions of the NDAA and (3) that DOD and State have addressed measures on other issues related to PSC employees in Iraq. To address these objectives, GAO reviewed DOD and State guidance, policies, and contract oversight documentation and interviewed agency and private security industry officials. What GAO Found: State and DOD have developed policies and procedures to conduct background screenings of PSC personnel working in Iraq who are U.S. citizens, but only State has done so for foreign nationals. Homeland Security Presidential Directive 12 (HSPD-12) directs U.S. government agencies to establish minimum background screening requirements in order to issue access credentials. But DOD has not developed departmentwide procedures for conducting background screenings of its foreign national PSC personnel. Disagreements among the various DOD offices responsible for developing and implementing these policies and procedures hindered timely execution of the HSPD-12 requirements, and the completion of this development and implementation has been hampered by the lack of a focal point to resolve these disagreements. For example, officials at the Office of the Under Secretary of Defense for Intelligence interpret HSPD-12 as requiring a government screening process for foreign national contractor personnel that is equivalent to the National Agency Check with Written Inquiries (NACI) currently used for U.S. citizen contractor personnel. But officials at the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics maintain that a NACI-equivalent screening for foreign nationals would not be feasible, given the inherent difficulty of screening foreign nationals and the inconsistent quality of criminal and employment records from one country to another, and further, such an approach would will severely limit the numbers of foreign national contractor personnel DOD could use. The offices also differ as to who should approve background screenings, known as adjudication. The Commander of Multi-National Forces-Iraq has established a screening process for PSCs, but GAO has identified several shortcomings that limit the effectiveness of this process. For example, the process directs contractors to obtain background screening for entities that will not provide data to contractors. While DOD has acknowledged the inherent force protection risk it assumes when using contractor employees, without the timely development of standardized policies and procedures, DOD lacks full assurance that all its PSCs are properly screened. While DOD is developing guidance to meet the requirements of the 2008 National Defense Authorization Act, the draft guidance does not meet all of the requirements of that act. For example, the draft guidance does not address the requirement for establishing minimum standards for background screening of PSCs. Instead it directs the combatant commanders to establish standards for their respective areas of responsibility, though it does not establish time frames within which they should do so. Without addressing these concerns, DOD’s draft guidance only partially meets the requirements of the 2008 National Defense Authorization Act. DOD and State have taken actions on other issues related to PSCs in Iraq. For example, they have implemented similar processes to ensure that PSC personnel are trained, and to account for PSC weapons. Both agencies have also developed policies related to alcohol use by PSCs. What GAO Recommends: GAO recommends that the Secretary of Defense designate a focal point to ensure that the appropriate DOD offices coordinate, develop, and implement policies on background screenings and that DOD establish standards to meet the requirements of the 2008 NDAA and inform Congress as to when the guidance will be completed. DOD concurred with two recommendations and partially concurred with three. View [hyperlink, http://www.gao.gov/products/GAO-09-351] or key components. For more information, contact William M. Solis, (202) 512- 8365, solisw@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: State and DOD Have Developed Procedures to Conduct Background Screenings of U.S. Citizens; Only State Has Developed Departmentwide Procedures to Screen Foreign and Local National Personnel: Draft DOD Regulation Does Not Fully Meet the Legislative Requirements of Section 862 of the National Defense Authorization Act for Fiscal Year 2008: State and DOD Have Developed Policies and Processes on Other Private Security Issues Including Training, Weapons Accountability, and Alcohol: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: Objectives, Scope, and Methodology: Appendix II: Comments from the Department of Defense: Related GAO Products: Abbreviations: AT&L: Under Secretary of Defense for Acquisition, Technology, and Logistics: DCMA: Defense Contract Management Agency: DOD: Department of Defense: HSPD-12: Homeland Security Presidential Directive 12: JCC-I/A: Joint Contracting Command-Iraq/Afghanistan: MNC-I: Multi-National Corps-Iraq: MNF-I: Multi-National Force-Iraq: NACI: National Agency Check with Written Inquiries: NDAA: National Defense Authorization Act: PSC: private security contractor: USD-I: Under Secretary of Defense for Intelligence: [End of section] United States Government Accountability Office: Washington, DC 20548: July 31, 2009: Congressional Committees: In Iraq, security concerns have led both the Department of Defense (DOD) and Department of State (State) to rely upon armed private security contractors to perform a variety of important security functions. These functions include providing static security for the United States--that is, controlling buildings and facilities, providing security for high-ranking U.S. officials, and escorting supply convoys. According to a June 2009 report by the Commission on Wartime Contracting in Iraq and Afghanistan[Footnote 1], DOD and State estimate that more than 16,263 armed private security personnel (12,942 with DOD, 3,321 with State) are working in Iraq under contracts with the U.S. government. [Footnote 2] According to these estimates 77 percent of private security contractor personnel are foreign nationals, 11 percent are Iraq nationals, and 12 percent are U.S. citizens or citizens of coalition countries, such as those from the United Kingdom and Australia. DOD and State private security contractors subject prospective employees to background screenings that typically include searches of past criminal activity and a credit check. However, our past work and the work of others have raised concerns about the approaches taken by the U.S. government to ensure that background screenings are complete and thorough. For example, in 2006 we reported that DOD and private security contractors had difficulty conducting comprehensive background screening for U.S. and foreign nationals because of inaccurate, missing, or inaccessible data.[Footnote 3] Additionally, we reported that military commanders and other military officials were concerned about the risks that contractor personnel, particularly foreign and local nationals, posed to U.S. forces due to limitations in the background screening process. Furthermore, there have been congressional concerns about the selection, training, equipping, and conduct of personnel performing private security functions in Iraq. These concerns are reflected in Section 862 of the National Defense Authorization Act for fiscal year 2008 which directs the Secretary of Defense, in coordination with the Secretary of State, to prescribe regulations by May 2008 for the use of private security contractors in an area of combat operations. In July 2008, we reported that DOD and State had improved oversight and coordination over private security contractors in Iraq but we also raised concerns about the ability to sustain the oversight needed and indicated that we would issue a follow-on report on other private security contractor issues related to selection, training, and weapons accountability as well as DOD's implementation of provisions of Section 862 of the National Defense Authorization Act for fiscal year 2008. [Footnote 4] This report addresses those issues and expands upon the extent to which DOD and State have taken measures to ensure that private security contractor personnel have been screened. Due to broad congressional interest, we have conducted this engagement under the authority of the Comptroller General to conduct evaluations at his own initiative. Specifically, our objectives were to determine (1) the extent to which DOD and State have developed and implemented policies and procedures to ensure that the backgrounds of private security contractor personnel have been screened, (2) the extent to which DOD has developed guidance to address the elements of Section 862 of the National Defense Authorization Act for fiscal year 2008, and (3) the measures the two agencies have taken to ensure that private security contractor personnel are trained, the steps taken to account for private security contractor weapons, and the development of policies to govern alcohol use among private security contractor personnel in Iraq. To address these objectives we reviewed DOD and State documentation, including contract materials, government policies, and records of government reviews and inspections. We interviewed officials from various DOD and State offices, including the offices of the Under Secretary of Defense for Personnel and Readiness, the Under Secretary of Defense for Acquisitions, Technology, and Logistics, the Under Secretary of Defense for Intelligence, and State's Bureau of Diplomatic Security. In Iraq we met with DOD officials, including contracting officials at the Joint Contracting Command-Iraq/Afghanistan and the Defense Contract Management Agency, as well as officials within Multi- National Forces-Iraq. We also met with State Department officials in Iraq responsible for oversight of the State's Worldwide Personal Protective Services contract, including the Regional Security Officer. To obtain the industry's perspective on these issues, we interviewed officials from two private security industry associations and officials from 11 private security firms who currently provide or have recently provided private security services in Iraq. To corroborate statements about training by DOD and State officials and private security firms, we reviewed 215 compliance audit checklists from DOD inspections that were conducted from March 2008 to January 2009. Similarly, we obtained and reviewed the two most recent inspection reports for each of State's three Worldwide Personal Protective Services contractors. We did not evaluate the quality of training provided by DOD and State. We conducted this performance audit from August 2008 through June 2009, in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. A detailed description of our scope and methodology is included in appendix I of this report. Results in Brief: The Departments of State and Defense have both developed policies and procedures to conduct background screenings of private security contractor personnel working in Iraq who are U.S. citizens; however, only State has developed and implemented standardized policies and procedures to screen foreign national personnel, including those employed by private security contractors. Homeland Security Presidential Directive 12 (HSPD-12) directs U.S. government agencies to establish minimum background screening requirements to be met before employees and contractors can be issued an access credential. State has developed a procedure for conducting background investigations of its contractor personnel, U.S. citizens, and foreign and local nationals which, according to State officials, meets the requirements of HSPD-12. By contrast, DOD has not, as of June 2009, developed departmentwide procedures for conducting background screenings of its foreign and local national private security contractor personnel. The completion of minimum standards and background screening procedures has been hampered by a lack of a focal point to resolve disagreements among the various DOD offices responsible for developing and implementing background screening policy and procedures. These disagreements have hindered timely execution of the HSPD-12 requirements, as illustrated by the following. * With regard to the screening process, officials within the Under Secretary of Defense for Intelligence (USD-I) have interpreted HSPD-12 as requiring a government screening process for foreign national contractor personnel (including local national contractor employees) that would be equivalent to the background screening conducted for U.S. citizen contractor personnel. Officials within another DOD office, the Under Secretary of Defense for Acquisition, Technology, and Logistics (AT&L), maintain that this approach is unrealistic and will severely limit the numbers of foreign national contractor personnel the department could use to support U.S. forces in contingency operations. AT&L noted that conducting an equivalent screening for foreign nationals would not be feasible, given the inherent difficulty of screening foreign nationals and the inconsistent quality of criminal and employment records from one country to another. As we reported in 2006, commanders are responsible for the safety and security of their installations.[Footnote 5] AT&L believes that processes established by combatant commanders to screen contractors, such as those in Iraq, in conjunction with contractor-led background screenings, provides reasonable assurance that the security risk posed by foreign national contractor personnel is minimal. * With regard to the process of approving background screenings, known as adjudication, AT&L officials stated that U.S. government employees serving as contracting officer's representatives are the final adjudicators of background screening results. USD-I officials, however, disagree with AT&L contending that DOD policy prohibits the contracting officer representatives from being final adjudicators and noting that contracting officer representatives lack the necessary training and time to do so. In Iraq, the Commander, Multi-National Forces-Iraq (MNF-I), has established a process aimed at ensuring that all private security contractors, including U.S. citizens, Iraqi nationals, and other foreign nationals have been screened. However, we identified several shortcomings that limit the effectiveness of this process. For example, contractors do not have access to many of the data sources they are required to use to screen employees, such as databases maintained by the Federal Bureau of Investigation (FBI) and the Central Intelligence Agency (CIA). Additionally, as we have previously reported, contractors have access to a limited range of criminal records data, and there may be limited data on foreign national contractor personnel who may have spent minimal if any time in the United States. [Footnote 6] Furthermore, officials we spoke to from the office in Iraq responsible for approving private security contractor requests to carry weapons did not have a full understanding of how contractors conducted their background screenings. Without the timely development and implementation of standardized policy and guidance that is compliant with overall U.S. government policy, and without greater understanding at the contracting officer representative and combatant command level of what a proper background screening and adjudication should entail, DOD lacks full assurance that all of its private security contractor personnel have been properly screened. While DOD has developed a draft interim final rule intended to meet the requirements of Section 862 of the National Defense Authorization Act of Fiscal Year 2008, hereafter referred to as Section 862 of the FY2008 NDAA, our analysis of a May 2009 version of the draft regulation indicates that it does not address all of the requirements of the law. For example, the draft delegates the responsibility of developing specific private security contractor guidance and procedures to the geographic combatant commanders without fully establishing all of the minimum processes as required under Section 862. The law directs DOD to develop requirements for the screening and security of private security contractor personnel and the draft instructs geographic combatant commanders to develop procedures consistent with principles established in existing DOD instructions and directives. However, while the draft makes reference to existing DOD regulations about these areas, neither the draft nor the referenced documents articulate a process or requirements that geographic combatant commanders can use to ensure that all private security contractor personnel meet screening and security requirements. In addition, while the law instructs that DOD develop minimum processes and requirements for private security contractor personnel operating in an area of combat operations, which by definition includes both Iraq and Afghanistan, the draft regulation only points to an agreement between DOD and State that is specific to Iraq and directs it be used as a framework for the development of guidance and procedures regardless of location. Moreover, the draft instruction does not establish time frames for the combatant commanders to develop such guidance and procedures. Without developing minimum departmentwide processes in a timely manner to assist commanders in developing theaterwide standards and a timeline for completion, DOD will not be able to ensure that its policies related to private security contractors are consistent across the geographic combatant commands and available at the onset of a combat operation. Additionally, the delay in publishing draft guidance to meet Section 862 of the FY2008 NDAA has affected the completion of other requirements contained in the Act. For example, because the guidance has not been finalized, the Federal Acquisition Regulation has not been revised to require the insertion into each covered contract or task order a contract clause addressing the selection, training, equipping, and conduct of personnel performing private security functions under contracts. The Departments of State and Defense have also taken actions on other issues related to private security contractors in Iraq. For example, State and DOD have implemented similar processes to determine if private security contractor personnel have been trained. These processes include periodic reviews of contractor training records and site visits to contractor training facilities in Iraq. The departments have also developed and implemented processes to account for private security contractor weapons that include periodic weapons inventories. In addition, private security contractors indicated that the government of Iraq also conducts periodic inventories of weapons. State, DOD, and private security contractors have also developed and implemented policies related to the use of alcohol by private security contractor personnel. We are making five recommendations to DOD to establish a focal point to ensure that the appropriate offices in DOD coordinate, develop, and implement policies and procedures to conduct and adjudicate background screenings in a timely manner; establish minimum processes and requirements for the selection, accountability, training, equipping, and conduct of personnel performing private security functions; direct the geographic combatant commanders to develop and publish regulations, orders, directives, instructions, and procedures for private security contractors operating during a contingency operation within their area of responsibility; provide a report to Congress with the timelines for completing the minimum processes discussed in the recommendation above; and revise the Federal Acquisition Regulation to require the insertion into each covered contract a clause addressing the selection, training, equipping, and conduct of personnel performing private security functions under these contracts. In commenting on a draft of this report, DOD concurred with two of the five recommendations and partially concurred with three. DOD partially concurred with our recommendation that a focal point be established, our recommendation that minimum process and requirements be developed regarding private security contractor personnel, and our recommendation that DOD direct the geographic combatant commanders to develop and publish procedures for private security contractors operating within their area of responsibility. DOD commented that they have already or are in the process of implementing aspects of our recommendations. However, we do not believe that DOD's response thoroughly addressed the intent of our recommendations and believe that all of our recommendations remain valid. The full text of DOD's written comments is reprinted in appendix II. Background: Private security contractors are defined as private companies, or personnel, that provide physical security for persons, places, buildings, facilities, supplies, or means of transportation. These contractors provide security services for a variety of U.S. government agencies in Iraq; however, they are principally hired by DOD and State. DOD private security services contracts include a contract to provide security for DOD--controlled facilities in Iraq, known as the Theater Wide Internal Security Services contract. According to DOD officials, four contractors employing more than 8,000 guards, supervisors, and operations personnel are performing task orders issued under their contracts. The State Department's private security services contracts include a contract to provide security and support, known as the Worldwide Personal Protective Services contract, a contract to provide security for the U.S. Embassy Baghdad, and a security contract managed by State's Bureau of International Narcotics and Law Enforcement Affairs. In August 2004, the President issued HSPD-12 to require that United States government agencies (including DOD and State) collaborate to develop a federal standard for secure and reliable forms of identification for all U.S. government employees and contractors needing regular physical access to federal facilities. In February 2005, to comply with HSPD-12, the Department of Commerce's National Institute of Standards and Technology issued implementing guidance; the Federal Information Processing Standards 201-1, which define a governmentwide personal identification verification system. HSPD-12 requires that all U.S. government agencies mandate the use of the standard identification credential for all employees and contractors-- U.S. citizens and foreign nationals alike--who need regular physical access to federal facilities, including U.S. military installations abroad. As part of this process, all U.S. government employees and contractors who are issued an approved credential are to undergo a National Agency Check with Written Inquiries (NACI)[Footnote 7], or, at minimum, an FBI National Criminal History Check (a fingerprint check against a FBI database). We have previously reported on the challenges associated with applying a similar process to foreign nationals, including the limited applicability of U.S.-based databases of the names of criminals to foreign nationals.[Footnote 8] Federal Information Processing Standard 201-1 applies to foreign nationals working for the U.S. government overseas and requires a process for registration and approval using a State Bureau of Diplomatic Security approved method, except in the case of employees under the command of a U.S. area military commander. However, the standards do not offer any guidance as to what process should be used overseas. In addition to the HSPD-12 requirements, DOD and State have been instructed to comply with other requirements intended to protect the safety of property and personnel. For example, DOD policy makes military commanders responsible for enforcing security measures intended to ensure that property and personnel are protected.[Footnote 9] Likewise, the Omnibus Diplomatic Security and Antiterrorism Act of 1986 requires the Secretary of State to develop and implement policies and programs, including funding levels and standards, to provide for the security of U.S. government diplomatic operations abroad.[Footnote 10] Section 862 of the FY2008 NDAA[Footnote 11] requires that the Secretary of Defense, in coordination with the Secretary of State, prescribe regulations on the selection, training, equipping, and conduct of personnel performing private security functions under a covered contract[Footnote 12] in an area of combat operations. Section 862 of the FY2008 NDAA states that the regulations shall, at a minimum, establish processes to be used in an area of combat operations for the following: * registering, processing, accounting for, and keeping appropriate records of personnel performing private security functions; * authorizing and accounting for weapons to be carried by, or available to be used by, personnel performing private security; and: * registration and identification of armored vehicles, helicopters, and other military vehicles operated by contractors performing private security functions. In addition, the regulations shall establish requirements for qualification, training, screening (including, if practicable, through background checks), and security for personnel performing private security functions in an area of combat operations. Section 862 of the FY2008 NDAA also states that the regulations must establish a process by which to report the following incidents: (1) a weapon is discharged by personnel performing private security functions in an area of combat operations; (2) personnel performing private security functions in an area of combat operations are killed or injured; (3) persons are killed or injured, or property is destroyed, as a result of conduct by contractor personnel; (4) a weapon is discharged against personnel performing private security functions in an area of combat operations; or (5) active, non-lethal countermeasures are employed by the personnel performing private security functions in an area of combat operations in response to a perceived immediate threat to these personnel. In addition, the regulations must establish a process for the independent review and, if practicable, investigation of these incidents and incidents of alleged misconduct by personnel performing private security functions in an area of combat operations. The regulations are also to include guidance to the combatant commanders on the issuance of (1) orders, directives, and instructions to private security contractors regarding, for example, security and equipment; (2) predeployment training requirements; and (3) rules on the use of force. Fragmentary orders also establish guidance and requirements governing private security contractors in Iraq. In December 2007, MNF-I issued Fragmentary Order 07-428 to consolidate what previously had been between 40 and 50 separate fragmentary orders relating to regulations applicable to private security contractors in Iraq. The fragmentary order establishes authorities, responsibilities and coordination requirements for MNC-I to provide oversight for all armed DOD contractors and civilians in Iraq including private security contractors. In March 2009, MNF-I superseded this order by issuing Fragmentary Order 09-109. This Fragmentary Order contains information related to the roles and responsibilities of contract oversight personnel and required contract clauses including clauses related to background screening, training, and weapons accountability. One such clause requires that all contractors working in the Iraq theater of operations shall comply with and shall ensure that their personnel supporting MNF-I forces are familiar with and comply with all applicable orders, directives, and instructions issued by the MNF-I Commander relating to force protection and safety. State and DOD Have Developed Procedures to Conduct Background Screenings of U.S. Citizens; Only State Has Developed Departmentwide Procedures to Screen Foreign and Local National Personnel: State Has Developed a Background Screening Process for Private Security Contractor Personnel, Including Foreign and Local National Personnel: State has developed a process for conducting background screenings of its private security contractor personnel, U.S. citizens, and foreign and local nationals alike, which, according to State officials, meets the requirements of HSPD-12. Initially, private security contractors submit the resumes of all prospective employees to be reviewed by a State Department contracting officer representative. After this prescreening, the Worldwide Personal Protective Services contract requires firms to screen employees using a screening process approved by State's Bureau of Diplomatic Security. The process includes examining a prospective employee's past work history, police records, prior military service, and a credit check. The contractor is responsible for reviewing the results of the initial screening and, based on the results, forwards a list of the candidates to the contracting officer representative. Then, State's Bureau of Diplomatic Security conducts and adjudicates its own background investigation of prospective employees. All personnel performing work on the contract must possess a security clearance, a determination of eligibility for moderate or high-risk public trust positions, or have had an investigative check conducted by regional security officers of local or foreign nationals equivalent to the public trust determination required for the position. According to State Department officials, the department requires that foreign national private security contractor personnel have a Moderate Risk Public Trust determination, which is equivalent to a Secret clearance, but it does not grant access to classified information. The Moderate Risk Public Trust determination includes checking a prospective contractor employee's name against both local and national data sources. These data sources include the consular name-check database that is used by U.S. embassies to access information used to approve or deny visa applications. The system contains records provided by numerous U.S. agencies and includes information on persons with visa refusals, immigration violations, criminal histories, and terrorism concerns. In addition, prospective employees are screened by Regional Security Officers in the U.S. embassy in their home countries and if necessary, the Regional Security Officers may interview prospective employees. For example, when State Department officials in Uganda uncovered prospective employees using false documentation, the certificates were not granted to Ugandans until the Regional Security Officer had completed a personal interview. Moreover, in Iraq, prospective Iraqi employees sometimes undergo polygraph examinations. State Department officials told us that this process was HSPD-12-compliant based on their interpretation of an Office of Management and Budget memorandum that states that investigations related to making a public trust determination can be sufficient to meet HSPD-12 requirements. DOD Has Developed Procedures to Conduct Background Screenings of Private Security Contractor Personnel Who Are U.S. Citizens but Has Not Developed Procedures to Screen Foreign and Local Nationals: Federal Information Processing Standards 201-1 require that contractor personnel, including private security contractors in Iraq, undergo a National Agency Check with Written Inquiries investigation or its equivalent prior to being issued an access credential. While DOD has established procedures to apply this requirement to private security contractor personnel who are U.S. citizens, it has not, as of June 2009, developed a process and procedures to apply this requirement to foreign and local nationals. According to DOD Instruction 3020.41, the comprehensive policy document on the management of contractors authorized to accompany the Armed Forces, USD-I is responsible for developing and implementing procedures for conducting background screenings of contractor personnel authorized to accompany the U.S. Armed Forces. The instruction, which was issued in October 2005 by the Under Secretary of Defense for Acquisition, Technology, and Logistics (AT&L), also directs USD-I to coordinate with AT&L, to develop these procedures, and to draft appropriate contract clauses. In November 2008, DOD issued a Directive-Type Memorandum to begin the process of bringing DOD policy into alignment with HSPD-12. [Footnote 13] However, while the memorandum directs USD-I to coordinate with AT&L and the Office of the Under Secretary of Defense for Personnel and Readiness (P&R) to develop the department's policy for conducting background screenings of contractor personnel, it does not provide specifics on what the policy should contain. P&R, the office responsible for DOD's HSPD-12 compliance, is currently drafting a DOD Instruction that includes standards for conducting background screenings of U.S. citizens, but does not yet include standards for screening foreign nationals because according to officials from P&R, they have not received input from USD-I. As of May 2009, USD-I officials were unable to provide an estimate of when the foreign national screening standards would be complete. The lack of a focal point to resolve disagreements among the offices responsible for developing and implementing DOD's background screening policies and procedures has hindered timely execution of the HSPD-12 requirements. For example, officials from USD-I have interpreted HSPD- 12 as requiring a government screening and adjudication process for foreign nationals that would be equivalent to the National Agency Check with Written Inquiries investigation used for U.S. citizens. Officials within AT&L maintain that this approach is unrealistic and would severely limit the numbers of foreign national contractor personnel the department could use to support U.S. forces in contingency operations. According to AT&L officials a National Agency Check with Written Inquiries equivalent screening for foreign nationals would not be feasible, given the difficulty of screening foreign nationals and the inconsistent quality of criminal and employment records from one country to another. As previously noted, private security contractors currently conduct their own background screenings of prospective employees. Based on these results, firms make final hiring decisions. AT&L officials believe that contractor-led background screenings, in conjunction with processes established by combatant commanders to screen contractors, such as those in place in Iraq, provides reasonable assurance that the security risk posed by foreign national contractor personnel is minimal. As we reported in 2006, commanders are responsible for the safety and security of their installations. [Footnote 14] Additionally, AT&L officials maintain that U.S. government employees serving as contracting officer representatives are the final adjudicators of background screening results. However, USD(I) officials disagree and have stated that DOD policy prohibits contracting officer representatives from being final adjudicators, and note that they lack the necessary training and time to do so. As early as 2004 we noted that DOD had a lack of personnel available to provide oversight. [Footnote 15] Most recently we noted in our 2008 report that DOD was strained to provide a sufficient number of contract oversight personnel and military personnel needed better training on their responsibilities to provide contract oversight over private security contractors. [Footnote 16] An April 2009 report by the Special Inspector General for Iraq Reconstruction found similar concerns, noting that contracting officer representatives received limited training and had insufficient available time to devote to their oversight responsibilities.[Footnote 17] As a result of these disagreements, DOD has not developed minimum background screening standards as required by DOD Instruction 3020.41 and HSPD-12. While DOD has acknowledged the inherent force protection risk it assumes when using contractor personnel, without the development and implementation of departmentwide background screening procedures that apply to all private security contractor personnel, including foreign nationals, DOD does not have full assurance that all of its private security contractor personnel have been properly screened. In Iraq, MNF-I Has Established a Background Screening Process for DOD Private Security Contractors, but the Existing Process Has Several Shortcomings: By direction of the MNF-I commander, MNF-I, the U.S.-led military organization responsible for conducting the war in Iraq, has established a process in Iraq aimed at ensuring that all private security contractors, U.S. citizens, Iraqi nationals, and other foreign nationals providing security services to DOD have been screened. According to MNF-I guidance, which shall be incorporated into all contracts and solicitations where arming of contracted employees is contemplated in Iraq, private security contractors and subcontractors in Iraq are required to: * conduct background screenings of employees; * verify with the MNC-I[Footnote 18] Provost Marshal that no employee has been barred by any commander within Iraq; and: * certify after completing all checks that all persons armed under the contract are not prohibited under U.S. law from possessing a weapon or ammunition.[Footnote 19] In addition, in Iraq DOD has developed background screening measures that are intended to act as an additional safeguard after contractor- conducted screening procedures. For example, MNC-I officials told us that every private security contractor employee serving in Iraq also must receive a badge issued by MNF-I. According to officials, as part of the badge process, host and foreign national personnel are subjected to a background screening using several U.S. government automated systems and undergo an interview conducted by MNF-I intelligence officials. In addition, MNF-I guidance establishing minimum requirements for access to MNF-I installations throughout the Iraq Theater of Operations states that all host and foreign national private security contractor personnel are subjected to screening using an automated system unique to Iraq that collects biometric information such as photographs, fingerprints, and iris scans. While force protection officials we spoke with in Iraq were generally satisfied with the current background screening process and felt that it sufficiently accounted for the security of U.S. installations, our work identifies several shortcomings that limit the effectiveness of this process. For example, we found that some of the current background screening requirements established by MNF-I were unrealistic because they directed contractors to use data sources that were not readily available to private firms. According to MNF-I guidance, which shall be incorporated into all contracts and solicitations where arming of contracted employees is contemplated in Iraq, private security contractors should, to the extent possible, use FBI, Country of Origin Criminal Records, Country of Origin US Embassy Information Request, CIA records and/or any other equivalent records systems as sources. However, as we noted in our past work, contractors may not have access to certain data sources, such as FBI databases. Moreover, these data sources provide only limited data on foreign national contractor personnel who may have spent minimal if any time in the United States. [Footnote 20] While private companies may have access to other sources of background screening information, these data sources have similar limitations when applied to prospective foreign national personnel. As a result, contractors have adopted their own methods, such as obtaining Interpol-issued Certificates of Good Conduct, which one private security contractor official told us his company requires as a prerequisite to an interview. We reviewed a copy of one such certificate and observed that the certificate signifies that the bearer has never been the subject of a police inquiry. However, according to the official these certificates are not available in every country. Further, only the individual, and not the company, may obtain this certificate. Therefore, there may be incentives for prospective employees to forge or alter the certificates in order to gain employment. In addition, MNF-I officials we spoke to who were responsible for contractor oversight did not have a full understanding of the screening process, the process' limitations, or of how contractors conducted their background screenings. For example, MNF-I officials told us that the office responsible for approving civilian arming requests--known as the arming authority--reviewed background screening results prior to approving arming requests. However, officials from the arming authority stated that they did not see the results of the background screenings and did not interpret or adjudicate based on the results. Officials were also unaware of what the background screening entailed, and stated background screening was the private security contractor's responsibility. According to MNF-I officials, contracting officer representatives are responsible for ensuring that private security personnel files contain all of the necessary information, including background screening results. However, officials responsible for providing contract oversight in Iraq stated that contracting officers and contracting officer representatives only check to ensure that the correct documentation is maintained; they do not try to interpret or adjudicate the background screening results. Officials added that they are not trained to interpret or adjudicate the results. Moreover, while some of the name-checks and biometric data collection associated with issuing badges and requests for arming authority use data collected in Iraq, such as information collected from suspected insurgents, the current screenings rely primarily upon U.S.-based databases of criminal and terrorist information. As we have previously reported, background checks that are reliant upon U.S.-based databases, such as the automated process, described above, may not be effective in screening foreign nationals who have not lived or traveled to the United States. [Footnote 21] Without training to ensure that military commanders and contracting officials understand the department's policies and procedures for background screening as well as their roles and responsibilities, DOD will not have reasonable assurance that contractor personnel have been screened. The existing MNF-I process also does not provide contractors with standards on what the background screening should entail and how the results should be interpreted, particularly for foreign national personnel. According to MNF-I guidance, which shall be incorporated into all contracts and solicitations where arming of contracted employees is contemplated in Iraq, DOD private security contractors are required to develop a background screening plan and submit the results of the background screening to their contract's contracting officer representative upon completion. The Theater Wide Internal Security Services contract also requires that private security contractors conduct the appropriate criminal and financial background screenings identified in chapters 2 and 3 of Army Regulation 190-56.[Footnote 22] For example, the regulation requires that the contractor conduct a security screening check of applicants for security guard positions, to include a check of arrest and criminal history records of the state in which the prospective employee has resided during the most recent 5 years. It also requires that prospective security contractor employees be subjected to a National Agency Check with Written Inquiries. However, the regulation does not provide instructions on how to apply these screenings to non-U.S. citizens. [Footnote 23] Our review of the background screening plans submitted by the four Theater Wide Internal Security Services contractors found that the processes the plans described were not consistent in their approach to screen personnel, particularly for foreign national personnel. Our review of the plans found that they did not provide specific details as to how the company would go about screening foreign nationals. For example, while one plan states that all prospective foreign national employees are subjected to a criminal record check, it does not explain what records will be checked, the time period examined, or how the company intends to evaluate derogatory information. Furthermore, one of the plans we reviewed failed to address screening foreign national personnel at all. The plans were generally more specific in their descriptions of how they intended to screen U.S. national personnel. However, as we have previously reported, contractors have access to a limited range of criminal records data, and particularly in foreign countries these data can be of questionable quality.[Footnote 24] Furthermore, while DOD officials in Iraq stated that they were comfortable that the screening process was sound because contractors' screening processes were part of the evaluation criteria used to award the contracts, as previously noted officials responsible for evaluating these plans have not been trained to do so. Without minimum standards screening firms will use varying techniques to screen personnel and DOD will not have reasonable assurance that a minimum level of safety and protection has been met. Draft DOD Regulation Does Not Fully Meet the Legislative Requirements of Section 862 of the National Defense Authorization Act for Fiscal Year 2008: Section 862 of the FY2008 NDAA directed the Secretary of Defense, in coordination with the Secretary of State, to develop regulations on the selection, training, equipping, and conduct of private security contractor personnel under a covered contract in an area of combat operations. The public law lists a number of minimum processes and requirements, which the regulations are to establish. While DOD has drafted an interim final rule[Footnote 25],which is intended to meet the requirements of the public law, our analysis of a May 2009 version of the draft regulation indicates that it does not address all of the requirements of the law. The draft delegates the responsibility of developing specific private security contractor guidance and procedures to the geographic combatant commanders without fully establishing all of the minimum processes as required under Section 862.[Footnote 26] For example, the law directs DOD to develop requirements for the screening and security of private security contractor personnel. The draft instructs geographic combatant commanders to develop procedures consistent with principles established in existing DOD instructions and directives.[Footnote 27] However, while the draft makes reference to existing DOD regulations regarding these areas, neither the draft nor the referenced documents articulate a process or requirements that geographic combatant commanders can use to ensure that all private security contractor personnel meet screening and security requirements.[Footnote 28] The draft regulation also establishes that all incidents listed in Section 862 (a)(2)(D)[Footnote 29] shall be reported, documented, and independently reviewed or investigated. However, the regulation does not specify who should report or document incidents, what information should be recorded, how the incident should be investigated, or to whom the incident report should be sent. Furthermore, it leaves the implementation of procedures for reporting, reviewing, and investigating incidents to the combatant commanders. In addition, while the law instructs that DOD develop minimum processes and requirements for private security contractor personnel operating in an area of combat operations[Footnote 30],the draft regulation only points to an agreement between DOD and State that is specific to Iraq and directs it be used as a framework for the development of guidance and procedures regardless of location.[Footnote 31] Specifically, the draft references a December 2007 Memorandum of Agreement between DOD and State, which provides that private security contractor personnel who wish to possess and carry firearms in Iraq, must fulfill the core standards of background checks, security clearances, training with annual refreshers on topics such as the rules for the use of force, weapons qualification consistent with U.S. Army standards, and use of weapon types authorized by DOD and State. [Footnote 32] As noted in our discussion on background screenings, absent minimum departmentwide processes, combatant commanders may develop less comprehensive guidance and procedures and the guidance and procedures developed may widely vary from theater-to-theater. Moreover, the draft regulation does not establish a time frame for combatant commanders to develop and issue the implementing guidance and procedures. Without developing minimum departmentwide processes in a timely manner to assist commanders in developing theaterwide standards and a timeline for completion, DOD will not be able to ensure that its policies related to private security contractors are consistent across the geographic combatant commands and available at the onset of a combat operation. Our review of a May 2009 version of the draft regulation found that it does establish some processes. For example, the draft regulation establishes a process for requesting permission to arm private security contractor personnel. This process includes written acknowledgment by the security contractor and its individual personnel that such personnel are not prohibited under U.S. law to possess firearms and requires documentation of individual training that includes weapons qualification and training on the rules of the use of force. The draft also states that individual training and qualification standards must meet, at a minimum, one of the military department's established standards. With regard to the registration, processing, and accounting of private security contractor personnel, the draft regulation references a draft update to DOD Instruction 3020.41, which designates the Synchronized Predeployment and Operational Tracker (SPOT) as the joint Web-based database to maintain contractor accountability and visibility of DOD-funded contracts supporting contingency operations. [Footnote 33] The draft regulation also identifies SPOT as the repository for registering and identifying military vehicles operated by private security contractor personnel. DOD officials stated that they interpreted Section 862's vehicle identification requirements as the need to register vehicles in a database using a unique identifier as opposed to identifying vehicles with a visual identifier such as a placard. Officials stated identifying vehicles using a visual identifier would expose private security contractors to enemy attacks. However, during our trip to Iraq in 2008, we observed that many DOD private security contractors affixed readable numbers on their vehicles.[Footnote 34] While DOD was required to develop this guidance by July 2008, as of June 2009 the guidance has not been finalized. According to DOD officials, promulgation of the guidance has taken considerable time due to coordination efforts with State and the federal rule-making process, which requires a draft rule be published for public comment in the Federal Register when it has an impact beyond the agency's internal operations. Because of this delay, the Federal Acquisition Regulation (FAR) has not been revised to require that covered contracts and task orders contain a contract clause to address the selection, training, equipping and conduct of personnel performing private security functions. According to DOD officials, the FAR will not be revised to implement the regulation until the regulation has been finalized. State and DOD Have Developed Policies and Processes on Other Private Security Issues Including Training, Weapons Accountability, and Alcohol: State Has Developed Detailed Private Security Contractor Training Requirements and an Inspection Process: According to officials in State's Bureau of Diplomatic Security, contractors performing under State's Worldwide Personal Protective Services contract are required to provide 164 hours of personal protective security training. The training curriculum includes topics such as the organization of a protective detail, firearms proficiency, driver training, and defensive tactics. According to officials in State's Bureau of Diplomatic Security, this training curriculum was reviewed and approved by State's Diplomatic Security Training Center. In addition, officials in the Bureau of Diplomatic Security approve the course instructors after reviewing the instructors' resumes and other qualifications. Our review of State's Worldwide Personal Protective Services contract found that it contained detailed training requirements for private security contractor personnel. For example, the contract identified very detailed weapons qualification training requirements. These requirements include establishing a minimum number of hours of weapons training, the acceptable venues for conducting the training, and the materials the contractor must furnish. The contract also determines the specific topics to be covered in the weapons training including procedures on safe weapon handling, proper marksmanship techniques, and firing positions. The requirements also establish the minimum number of rounds that must be fired per each weapon being used for training. To determine if private security contractor personnel are trained, officials from State's Diplomatic Security Training Center and the Office of Protective Operations periodically visit contractor training facilities to monitor training. According to State officials, during these inspections officials review the certifications of training instructors, observe individual training modules, and review individual student training records. According to State officials, the department is also in the process of conducting a comprehensive review of all three Worldwide Personal Protective Services contractor training programs. Officials stated that this is the first comprehensive review under the Worldwide Personal Protective Services contract and as part of this review officials are reviewing a full training curriculum at each contractor's training location. Officials stated that these reviews will result in recommendations for immediate improvements to each company's training program and may result in changes to the overall high-threat curriculum. To confirm that State conducted training inspections, we reviewed the two most recent inspection reports of each of the three private security contractors providing services under State's largest security contract, Worldwide Personal Protective Services. Our review of the records confirmed that State had inspected each contractor and that the reviews were conducted by State subject matter experts. For example, one inspection report we reviewed included a State firearms expert observing the firearms proficiency portion of the training. In each inspection report we reviewed, State concluded that the contractors met training requirements. We also observed that each inspection included suggestions for improvement even when training requirements were met. Officials also stated that in Iraq, Regional Security Officers provide daily oversight and as part of this oversight they are responsible for ensuring that the training standards are met. DOD Has Established Broad Training Requirements for Private Security Contractor Personnel and Employs a Two-Step Process to Determine If Private Security Contractor Personnel Have Been Trained: Much like State, DOD has established contractual training requirements for private security contractor personnel. However, DOD's training requirements are generally broader than State's. For example, while State's training requirements establish a detailed training curriculum that includes a minimum number of hours of training, DOD private security training requirements are more broadly defined. For example, Annex A of Fragmentary Order 09-109 which identifies requirements that must be included in DOD contracts where private security contractors will be armed, establishes that documentation should be maintained to attest that each armed private security contractor employee has been successfully familiarized with and met qualification requirements established by any DOD or other U.S. government agency for each weapon they are authorized to possess. Similarly, the order requires that employees be trained on the law of armed conflict and the rules for the use of force but does not provide specifics to be included in the training. Contracts also contain provisions to ensure that training does not lapse. For example, DOD contracts performed in Iraq or Afghanistan must provide that if the contractor fails to retrain an armed employee within 12 months of the last training date the employee will lose authorization to possess and carry a weapon in Iraq. Individual task orders may reiterate employee training requirements. Fragmentary Order 09-109 makes contracting officer representatives responsible for monitoring the contractor's performance and compliance with contractual requirements, including compliance with all applicable laws, regulations, orders, and directives. These representatives are co- located on the contractor site to facilitate day-to-day contract oversight. According to DOD officials, contracting officer representatives periodically review individual private security contractor personnel training records to ensure that the training requirements have been met. Additionally, the Defense Contract Management Agency (DCMA) conducts reviews to ensure that contracting officer representatives are providing proper oversight. In February 2008, DCMA began to use a series of checklists developed by DCMA to guide inspections of contracting officer representatives and confirm that these representatives are maintaining the appropriate documentation and providing sufficient contractor oversight. According to DCMA officials, these checklists were developed by taking contract requirements and other DOD guidance and translating them into a tool that could be used for an objective evaluation. These checklists may vary by contract and have been tailored for specific areas of contract performance. For example, while aspects of training may be found on multiple checklists, DCMA has developed a specific training checklist. Among the items checked are that contractors determined that personnel had been trained on the required subjects, that a training plan had been submitted for approval, and that training remained current. To confirm that these inspections covered training, we reviewed 215 completed checklists. While each checklist varied in length and scope, our review of the checklists found that they contained 7 to 54 total items and among those items were several training-related items. For example, one checklist asked if the contractor ensured that all guard force personnel were trained and authorized to be armed before beginning their duties. Another checklist we reviewed asked if the contractor's training records validated training, certifications, and recertification. Of the checklists we reviewed, the checklists generally documented no concerns about training. However, 7 of the checklists contained observations that raised concerns about the training of personnel. Four checklists contained observations that indicated that personnel were qualified with a different weapon than the one they were assigned. Another checklist indicated that personnel deployed with little to no training noting that personnel learned everything about their posts once they were deployed. Two checklists observed that personnel were not trained in all of the required training subjects. Additionally, according to DOD officials, the department conducts periodic site visits of private security contractors' Iraq-based training facilities. However, because DOD personnel responsible for providing oversight of DOD's private security contracts in Iraq are based in Iraq and not elsewhere, such as the United States, these inspections do not regularly include facilities located outside of Iraq, such as contractors' U.S. training facilities. For example, an official at one private security firm we visited indicated that no one from DOD had ever inspected the firm's U.S.-based training facility. Unlike State, which maintains personnel in Iraq and in the U.S. to provide contract oversight, DOD's contracts are administered by the Joint Contracting Command for Iraq and Afghanistan and its personnel responsible for private security contract oversight are all located in Iraq. State and DOD Have Developed a Process to Account for Weapons Held by Private Security Contractors: According to State officials, the Worldwide Personal Protective Services contract requires a quarterly inventory of all U.S. government- and contractor-furnished property, including weapons. According to State officials, all operational weapons are government furnished and are issued to the private security contractors by the regional security officer. The regional security officer conducts an annual sight inventory, which is corroborated with the contractors' quarterly inventories and records from the State Department branch that acquired the weapons. In addition, officials stated that the quarterly inventories are tracked by officials in State's high-threat protection office and verifies this during periodic program management reviews. In Iraq, DOD has established a process that includes granting arming authority to private security contractor personnel, and conducting reviews of weapons inventories and inspections of private security contractor armories. DCMA also conducts reviews to ensure that private security contractor personnel are properly authorized to carry weapons. In addition, DOD antiterrorism/force protection officials conduct yearly assessments of every MNF-I installation or forward operating base with over 300 personnel, known as vulnerability assessments. During these assessments officials check physical security measures and verify that armed contractors, including private security contractor personnel, are carrying the required arming authorization letter and meeting the requirements to be compliant with the arming authority requirements. Officials stated that ultimately contracting officer representatives are responsible for ensuring that DOD's private security contractors adhere to the arming regulations. Officials felt that while there were many good contracting officer representatives, there were some that would benefit from additional training on their responsibilities, instead of learning these things on the job. Recent audits by State's Office of the Inspector General and the Special Inspector General for Iraq Reconstruction found that weapons were properly accounted for. In April 2009, State's Office of the Inspector General published results of a performance audit of security contractor Triple Canopy and concluded that the firm established sound inventory controls at the two facilities State inspected in Iraq. [Footnote 35] To reach this conclusion, the office conducted an inventory of weapons and reviewed inventory documents maintained by the contractor and by the Regional Security Officer. In June 2009, a joint audit of security firm Blackwater, by State's Office of Inspector General and the Special Inspector General for Iraq Reconstruction, reached similar conclusions. [Footnote 36] The audit team was able to verify all weapons randomly selected from weapons assigned to Blackwater personnel. The report attributed their ability to verify the weapons to the level of State oversight through quarterly physical inventories and other periodic reconciliations by State personnel. Additionally, a January 2009 audit of security firm Aegis (a private security contractor) by the Special Inspector General for Iraq Reconstruction observed weapons inventory tests at four locations in Iraq and determined that all items were accounted for.[Footnote 37] State and DOD have Developed and Implemented Alcohol Policies for Private Security Contractor Personnel in Iraq: State, DOD, and private security contractors have developed and implemented policies related to the use of alcohol by private security contractor personnel. State has established policies that govern when private security contractors can consume alcohol. For example, State's Worldwide Personal Protective Services contract prohibits private security contractor personnel from consuming alcohol while on duty and within 6 hours prior to going on duty. Although State does not prohibit alcohol consumption by private security contractor personnel, private security contractors with State told us that they have established policies to govern employee alcohol consumption. Private security contractors with DOD contracts told us that their employees were subject to General Order #1 and thus were prohibited from possessing or consuming alcohol while in Iraq. General Order #1, which was established by the Commanding General of MNC-I, prohibits military personnel or contractors employed by or accompanying U.S. forces from the introduction, purchase, possession, sale, transfer, manufacture or consumption of any alcoholic beverage within MNC-I's area of responsibility. However, General Order #1 does not apply to private security contractors who support the State Department. Private security contractors we spoke with told us that personnel who violate the established alcohol policies are subject to disciplinary actions and depending on the severity of the use may have their employment terminated. When asked how often individuals have been let go due to alcohol, the contractors indicated that it is not very often. For example, one firm stated that out of an average staffing level of more than 650 non-Iraqi personnel, it has only terminated 7 employees due to violations of the alcohol policy. Conclusions: Homeland Security Presidential Directive 12 and its implementing guidance intend to create a consistent, federalwide approach to ensure that federal employees and contractors with regular access to federal facilities and installations are sufficiently screened for security risk. As we reported in 2006, military commanders and other officials are aware of the risks that contractors pose to U.S. forces in part because of the difficulties in screening employees, particularly foreign and host country nationals. While State and DOD have developed policies and procedures to ensure that U.S. citizen personnel and contractors are screened, only the State Department has developed departmentwide procedures to screen foreign national personnel. Efforts within DOD have been stalled by disagreement over how to develop and implement policies and procedures that comply with HSPD-12 while fulfilling DOD's need to provide private security contractor personnel to fulfill security requirements in Iraq. While we acknowledge the difficulties of conducting background screenings of foreign national personnel, the armed nature of private security contractor personnel presents the need for assurance that all reasonable steps have been taken to provide for their thorough vetting and minimize the risk they present. Without a coordinated DOD-wide effort to develop and implement standardized policies and procedures to ensure that contractor personnel, particularly foreign national private security contractor personnel, have been screened, DOD cannot provide this assurance. Even with established policies and procedures in place, there are inherent risks involved with employing foreign national personnel, making it critical that military commanders and contracting officials understand the risks and limitations associated with background screenings of foreign national personnel. Additionally, until DOD expands and finalizes guidance related to private security contractors, including the development of timelines for combatant commanders, it will not have fully responded to the congressional concerns which led to the development of Section 862 of the National Defense Authorization Act of Fiscal Year 2008. Recommendations for Executive Action: We recommend the five following actions to help ensure that DOD develops a departmentwide approach to properly screening private security contractor personnel, including non-United States citizens. We recommend that the Secretary of Defense appoint a focal point, at a sufficiently senior level and with the necessary authority to ensure that the appropriate offices in DOD coordinate, develop, and implement policies and procedures to conduct and adjudicate background screenings in a timely manner. More specifically the focal point should: * direct the Office of the Under Secretary of Defense for Intelligence, in consultation with the Under Secretary of Defense for Personnel and Readiness and the Under Secretary of Defense for Acquisition, Technology, and Logistics, to develop departmentwide procedures for conducting and adjudicating background screenings of foreign national contractor personnel and establish a time frame for implementation; * develop an effective means to communicate to MNF-I the new procedures so that MNF-I officials can adjust their existing background screening policies and procedures, if necessary, to comport with the procedures; and: * develop a training program to ensure that military commanders and contracting officials, including contracting officers and contracting officers' representatives, understand the department's policies and procedures for background screening as well as their roles and responsibilities. To ensure that DOD fully meets the requirements of Section 862 of the 2008 National Defense Authorization Act we recommend that the Secretary of Defense direct the Under Secretary of Defense for Acquisition, Technology, and Logistics to: * establish minimum processes and requirements for the selection, accountability, training, equipping, and conduct of personnel performing private security functions under a covered contract during a combat operation; * direct the geographic combatant commanders, through the Chairman of the Joint Chiefs of Staff, to develop and publish the regulations, orders, directives, instructions, and procedures for private security contractors operating during a contingency operation within their area of responsibility; * provide a report to Congress with the timelines for completing the minimum processes discussed in the recommendation above; and: * revise the Federal Acquisition Regulation to require the insertion into each covered contract a clause addressing the selection, training, equipping, and conduct of personnel performing private security functions under such, contract. Agency Comments and Our Evaluation: In commenting on a draft of this report, DOD concurred with two of the five recommendations and partially concurred with three. DOD partially concurred with our recommendation that the Secretary of Defense appoint a focal point at a sufficiently senior level and with the necessary authority to ensure that the appropriate DOD offices coordinate, develop and implement policies and procedures to conduct and adjudicate background screenings in a timely manner. In DOD's response, the department noted that the Assistant Deputy Under Secretary of Defense for Program Support has been designated to be responsible for monitoring the registration, processing, and accounting of private security contractor personnel in an area of contingency operations. As we noted in this report, the Office of the Under Secretary of Defense for Intelligence (USD-I) is responsible for developing DOD's background screening policy in conjunction with the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics (AT&L) and the Office of the Under Secretary of Defense for Personnel and Readiness (P&R). While we don't dispute the role that the Assistant Deputy Under Secretary of Defense for Program Support has to monitor the registration, processing, and accounting of private security contractor personnel, we do not believe that this office is the correct office to resolve disagreements among the offices responsible for developing DOD's background screening policy. DOD also noted that it is in the process of institutionalizing the Operational Contract Support Functional Capabilities Integrations Board. According to DOD, the board will provide the senior level oversight to provide cross-component alternatives and recommendations on current and future capability needs, policies, and investments. Since the board has not yet been established, we were unable to determine if the board would have sufficient authority to implement our recommendation or if USD-I will be included on the board. Unless the board is given the authority to resolve the policy differences between the USD-I and AT&L and direct the development of background screening polices, the disagreements that have hampered the development of screening policies and procedures will continue. In addition, DOD stated that it does not conduct its own background investigations on foreign nationals and lacks the infrastructure to do so. The department stated that it depends on the Office of Personnel Management (OPM) to conduct its background investigations. While this may be true for background investigations that lead to the granting of security clearances, our report was focused on background screenings that do not lead to the granting of security clearances. As we noted in this report, contractors are responsible for conducting background screenings for their foreign national employees using standards, processes, and procedures developed by the contractors themselves or as in Iraq, developed by the military. In addition, in Iraq, MNF-I has developed their own background screening process to supplement contractor-led screening of private security contractor personnel. However, as we noted, the process used in Iraq has several shortcomings. We believe that in order to meet the intent of this recommendation, the department needs to develop departmentwide standards and procedures for conducting and adjudicating background screenings to assure itself that screenings are providing as much background information as possible and that the department has a common understanding of what information is or is not included in a contractor- conducted background screening. Without this information, military commanders may be unaware of the risks foreign national private security contractor personnel may pose. Regarding the department's comment that it will ensure that the Defense Federal Acquisition Regulation is modified, it is unclear how the clause can be modified until standards are developed to include in the clause. DOD also partially concurred with our recommendation that the Secretary of Defense direct the Under Secretary of Defense for Acquisition, Technology, and Logistics to establish minimum processes and requirements for the selection, accountability, training, equipping, and conduct of personnel performing private security functions under a covered contract during a combat operation. As we noted, Section 862 of the fiscal year 2008 NDAA directed the Secretary of Defense, in coordination with the Secretary of State, to develop regulations on the selection, training, equipping, and conduct of private security contractor personnel under a covered contract in an area of combat operations. DOD responded that the Interim Final Rule published in the July 17, 2009, issue of the Federal Register meets the requirements of Section 862 of the fiscal year 2008 NDAA and that the department was also soliciting input from the geographical combatant commanders on this subject. While the Interim Final Rule published in the Federal Register on July 17TH contains some minor variations from the May 2009 draft Interim Final Rule we reviewed for the purposes of this report, our criticisms of the draft Interim Final Rule continue to be applicable to the Interim Final Rule published in the Federal Register. As we noted in our report, the Interim Final Rule directs geographic combatant commanders to develop procedures consistent with principles established in existing DOD instructions and directives and makes reference to existing DOD regulations regarding these areas. However, neither the draft nor the referenced documents articulate a process or requirements that geographic combatant commanders can use to ensure that all private security contractor personnel meet screening and security requirements. The Interim Final Rule published in the Federal Register on July 17TH contains these same shortcomings. We continue to believe that DOD should establish minimum processes and requirements for the selection, accountability, training, equipping, and conduct of private security contractor personnel to meet the intent of our recommendation. These processes and requirements could be strengthened, if necessary, by the geographic combatant commanders. As we noted, without these minimum standards DOD will not have reasonable assurance that a minimum level of safety and protection has been met. In the past, DOD has taken a similar approach. In December 2006, DOD updated the department's antiterrorism instruction. [Footnote 38] The instruction established minimum DOD antiterrorism measures, while providing military commanders and civilians with the flexibility and adaptability to develop measures that are more stringent if conditions warrant. In addition, DOD partially concurred with our recommendation that the Secretary of Defense direct the Under Secretary of Defense for Acquisition, Technology, and Logistics to direct the geographic combatant commanders to develop and publish the regulations, orders, directives, instructions, and procedures for private security contractors operating during a contingency operation within their area of responsibility. DOD stated that this had already been accomplished in large part through the issuance of Multi-National Forces-Iraq Operations Order 09-01in Iraq and OPORD 09-03 in Afghanistan. However, the orders cited by DOD are specific to Iraq and Afghanistan and are not applicable to other geographic commands. Therefore, we believe additional guidance should be developed for other geographic commands. DOD concurred with the remainder of our recommendations. However, DOD did not indicate what, if any, specific actions it would take to address the intent of our recommendations. Therefore, we believe DOD needs to more clearly identify what steps it will take to implement these recommendations. The full text of DOD's written comments is reprinted in appendix II. The Department of State did not provide formal written comments on a draft of this report. We are sending copies of this report to other interested congressional committees, the Secretary of Defense, and the Secretary of State. In addition, this report will be available at no charge on GAO's Web site at [hyperlink, http://www.gao.gov]. If you or your staff have any questions on the matters discussed in this report, please contact me at (202) 512-8365. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. Key contributors to this report were Carole Coffey, Assistant Director; Johana Ayers, Assistant Director, Acquisitions and Sourcing Management; Vincent Balloon; Laura Czohara; Robert Grace; Jason Pogacnik; Karen Thornton; Cheryl Weissman; and Natasha Wilder. Signed by: William M. Solis: Director, Defense Capabilities and Management: List of Committees: The Honorable Carl Levin: Chairman: The Honorable John McCain: Ranking Member: Committee on Armed Services: United States Senate: The Honorable John F. Kerry: Chairman: The Honorable Richard G. Lugar: Ranking Member: Committee on Foreign Relations: United States Senate: The Honorable Joseph I. Lieberman: Chairman: The Honorable Susan M. Collins: Ranking Member: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Daniel K. Inouye: Chairman: Subcommittee on Defense: Committee on Appropriations: United States Senate: The Honorable Daniel K. Akaka: Chairman: The Honorable George V. Voinovich: Ranking Member: Subcommittee on Oversight of Government Management, the Federal Workforce, and the District of Columbia: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Ike Skelton: Chairman: The Honorable Howard P. "Buck" McKeon: Ranking Member: Committee on Armed Services: House of Representatives: The Honorable Howard L. Berman: Chairman: The Honorable Ileana Ros-Lehtinen: Ranking Member: Committee on Foreign Affairs: House of Representatives: The Honorable Edolphus Towns: Chairman: The Honorable Darrell Issa: Ranking Member: Committee on Oversight and Government Reform: House of Representatives: The Honorable John P. Murtha: Chairman: Subcommittee on Defense: Committee on Appropriations: House of Representatives: The Honorable John Tierney: Chairman: The Honorable Jeff Flake: Ranking Member: Subcommittee on National Security and Foreign Affairs: Committee on Oversight and Government Reform: House of Representatives: The Honorable Robert Andrews: House of Representatives: The Honorable David Price: House of Representatives: [End of section] Appendix I: Objectives, Scope, and Methodology: Our scope was limited to contracts and contractors with a direct contractual relationship with either the Department of Defense (DOD)or the Department of State. For DOD, our analysis of contract materials was limited to contractors performing under DOD's largest security contract in terms of employment, the Theater Wide Internal Security Services contract. Similarly for State, our contract analysis was limited to contractors performing under the agency's largest contract for security services in terms of employment, the Worldwide Personal Protective Services contract. Because contractor personnel requiring security clearances are subject to a standard government-led and adjudicated screening process, for reporting purposes, our scope in assessing background screening policies and procedures is limited to those covering private security contractor personnel who do not require a security clearance. To determine the extent to which DOD and State have developed and implemented policies and procedures to ensure that the backgrounds of private security contractor personnel have been screened, we obtained and reviewed government-wide and DOD documents including Homeland Security Presidential Directive 12 and DOD regulations related to vetting, background screening, and operational contract support such as DOD Instruction 3020.41 dealing with operational contract support, Army Regulation 196.56 on vetting and screening of security guards, and DOD Iraq-theater-specific private security contractor guidance including Fragmentary Order 07-428, Fragmentary Order 08-605, and Fragmentary Order 09-109. Additionally, we obtained and reviewed State documentation related to the processes used to conduct background screening including the Foreign Affairs Handbook. We also interviewed officials from various DOD and State offices who were responsible for developing and implementing policies and procedures related to the background screening of private security contractor personnel including officials from the offices of the Under Secretary of Defense for Personnel and Readiness, the Under Secretary of Defense for Acquisitions, Technology and Logistics, the Under Secretary of Defense for Intelligence, and State's Bureau of Diplomatic Security. In Iraq we met with officials from the Defense Contract Management Agency, the DOD agency tasked with administering DOD security contracts, several contracting officers' representatives who provide day to day oversight of security contracts, officials from Multi-National Force-Iraq, and State Department officials responsible for oversight of the agency's Worldwide Personal Protective Services contract, including the Regional Security Officer. Additionally, we obtained and reviewed contracts for security services awarded by both DOD and State to determine what screening requirements were included in the contracts and obtained copies of contractor background screening plans to determine how contractors intended to screen foreign national employees. To determine the extent to which DOD has developed regulations to address the elements of Section 862 of the National Defense Authorization Act for Fiscal Year 2008, we obtained and reviewed the Act. We also obtained and reviewed DOD's draft regulation--DOD Instruction 3020.pp--being developed by officials in the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics (AT&L). We also met with officials from AT&L to discuss the progress made in developing this regulation. Our assessment of the extent to which DOD's draft policy meets the requirements of Section 862 of the National Defense Authorization Act for Fiscal Year 2008 is based on our review of the draft regulation as it was written on May 2009. We did not evaluate the effectiveness of the draft regulation because it has not yet been finalized and is subject to change. To determine the extent to which DOD and State have implemented processes to ensure that private security contractor personnel in Iraq are trained, we reviewed DOD and State contracts for security services in Iraq and interviewed DOD and State officials responsible for ensuring that these requirements have been met. To corroborate statements made by DOD, State, and private security firm officials, we also obtained and reviewed compliance audit checklists from inspections conducted on Theater Wide Internal Security Services contractors by the Defense Contract Management Agency. We selected completed checklists from inspections of the two Theater Wide Internal Security Services contractors we interviewed through the course of our audit. From the full list of completed checklists from the two contractors, we then eliminated checklists related to inspections that were not relevant to our audit, including checklists related to trafficking-in-persons and life support. In total, we reviewed 215 compliance audit checklists from inspections that were conducted from March 2008 through January 2009. Similarly, to ensure that State conducted training inspections of its Worldwide Personal Protective Services contractors, we obtained and reviewed the two most recent inspection reports for each of its three Worldwide Personal Protective Services contractors. We did not evaluate the quality of training provided by DOD and State. To examine the measures the two departments have taken to account for weapons used by private security contractors in Iraq, we obtained and reviewed DOD and State arming guidance and policies. This guidance includes Fragmentary Order 07-428 and Fragmentary Order 09-109. We also interviewed DOD and State officials responsible for providing arming authority for private security contractor personnel including officials in MNC-I's arming office and officials in the office of the U.S. Embassy Baghdad's Regional Security Officer. We also met with officials from 11 private security firms who currently provide or have recently provided private security services in Iraq. Finally we reviewed recent reports from various audit agencies such as the State Department's Office of the Inspector General and the Special Inspector General for Iraq Reconstruction related to weapons accountability. To determine what policies DOD and State had developed to govern alcohol use among private security contractor personnel in Iraq, we reviewed DOD and State contracts for security services to determine if the contracts included any statements on the use of alcohol, obtained copies of department policies such as U.S. Central Command's General Order 1, which governs the conduct of contractors in Iraq. We also discussed alcohol policies with officials from 8 private security firms who currently provide or have recently provided private security services in Iraq. To obtain the industry's perspective on background screening, training, and other issues, we interviewed officials from three private security industry associations and officials from 11 private security firms who currently provide or have recently provided private security services in Iraq. We selected firms that represented the variety of security services and approaches used in Iraq. For example, we selected firms that provided both high-and low-visibility security services. We also selected firms with large contracts and firms with small contracts. In addition, to ensure that our discussions with DOD and State private security contractors about background screening were applicable to a wide range of nationalities, we selected firms that recruited employees from a variety of nationalities, including those from the United States, United Kingdom, Peru, and Uganda. Of the 11 firms, we met with 9 who currently provide or had recently provided security services to DOD. Of those 9, we met with 3 of the 5 firms who provide security services under the Theater Wide Internal Security Services contract. For State, we met with all 3 of the department's Worldwide Personal Protective Services contractors. To achieve our objectives we also reviewed various reviews conducted by DOD and State including those released by DOD's Office of the Inspector General and State's Office of the Inspector General. We also examined recent reports issued by the Special Inspector General for Iraq Reconstruction. These reports dealt with issues related to contract management and oversight, weapons accountability, and training. We conducted this performance audit from August 2008 through June 2009 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. We visited or contacted the following organizations during our review: The Department of Defense: * Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics, Washington, D.C. * Office of the Under Secretary of Defense for Intelligence, Arlington, Va. * Office of the Under Secretary of Defense for Personnel and Readiness, Washington, D.C. * Office of General Counsel, Washington, D.C. * Office of the J4, Washington, D.C. * U.S. Central Command, Tampa, Fla. * Defense Contract Management Agency, Baghdad, Iraq: * Multi-National Forces-Iraq, Baghdad, Iraq: * Multi-National Corps-Iraq, Baghdad, Iraq: * Multi-National Division-Baghdad, Baghdad, Iraq: * Joint Contracting Command Iraq/Afghanistan, Baghdad, Iraq: Department of the Army: * Army Corps of Engineers Gulf Regional Division, Baghdad, Iraq: * Army Corps of Engineers, Logistics Movement Coordination Center, Baghdad, Iraq: Department of State: * Bureau of Diplomatic Security, Washington, D.C. * Office of Acquisitions Management, Arlington, Va. * Office of the Legal Adviser, Arlington, Va, Baghdad, Iraq: * Secretary of State's Panel on Personal Protective Services in Iraq, Washington, D.C. * US Embassy Iraq, Baghdad, Iraq: Department of Justice: * Criminal Division, Washington, D.C. * Federal Bureau of Investigation, Washington, D.C. Other agencies and offices: * U.S. Agency for International Development (USAID), Washington, D.C. * Foreign & Commonwealth Office, London, United Kingdom: Industry associations and background screening firms: * Private Security Contractor Association of Iraq, Baghdad, Iraq: * International Peace Operations Association, Washington, D.C. * British Association of Private Security Companies, London, United Kingdom: * employeescreenIQ, Cleveland, Ohio: Private Security Contractors: * Aegis, London, United Kingdom: * Armor Group, London, United Kingdom: * Blackwater (now known as Xe), Baghdad, Iraq; Moyock, N.C. * Blue Hackle, Baghdad, Iraq: * Control Risks Group, London, United Kingdom: * Dyncorps International, West Falls Church, Va. * Erinys International, London, United Kingdom: * Olive Group, Baghdad, Iraq: * Raymond Associates, Clifton Park, N.Y. * SOC-SMG, Minden, Nev. * Triple Canopy Inc., Herndon, Va. [End of section] Appendix II: Comments from the Department of Defense: Office Of The Under Secretary Of Defense: Acquisition, Technology And Logistics: 3000 Defense Pentagon: Washington, DC 20301-3000: Mr. William M. Solis: Director, Defense Capabilities and Management: U.S. Government Accountability Office: 441 G Street, N.W. Washington, DC 20548: July 24, 2009: Dear Mr. Solis: This is the Department of Defense (DoD) response to the GAO draft report, GAO09-315, `Contingency Contract Management: DoD Needs to Develop and Finalize Background Screening and Other Standards for Private Security Contractors,' dated June 24, 2009 (GAO Code 351083). Detailed comments on the report are enclosed. Sincerely, Signed by: Illegible, for: Gary J. Motsek: Assistant Deputy Under Secretary of Defense (Program Support): Enclosures: As stated: [End of letter] GAO Draft Report - Dated June 24, 2009: GAO Code 351083/GAO-09-315: "Contingency Contract Management: DoD Needs to Develop and Finalize Background Screening and Other Standards for Private Security Contractors" Department Of Defense Comments To The Recommendations: Recommendation 1: The GAO recommends that the Secretary of Defense appoint a focal point, at a sufficiently senior level and with the necessary authority, to ensure that the appropriate offices in DoD coordinate, develop, and implement policies and procedures to conduct and adjudicate background screenings in a timely manner. More specifically the focal point should: A. direct the Under Secretary of Defense for Intelligence, in consultation with the Under Secretary of Defense for Personnel and Readiness and the Under Secretary of Defense for Acquisitions, Technology and Logistics, to develop department-wide procedures for conducting and adjudicating background screenings of foreign national contractor personnel and establish a time frame for implementation; B. develop an effective means to communicate to Multi National Forces- Iraq (MNF-I) the new procedures so that MNF-I officials can adjust their existing background screening policies and procedures, if necessary, to comport with the procedures; and, C. develop a training program to ensure that military commanders and contracting officials, including contracting officers and contracting officers' representatives. understand the department's policies and procedures for background screening as well as their roles and responsibilities. DOD Response: Partially concur. The Assistant Deputy Under Secretary of Defense for Program Support, under the authority, direction, and control of the Deputy Under Secretary of Defense for Logistics and Materiel Readiness, has been designated to be responsible for monitoring the registration, processing, and accounting of Private Security Contractor (PSC) personnel in an area of contingency operations. The DoD is in the process of institutionalizing the `Operational Contract Support Functional Capabilities Integrations Board' in accordance with DoDD 7045.0 Capability Portfolio Management (CPM), dated September 25, 2008, and Section 854 of the John Warner National Defense Authorization Act (NDAA) of 2007 (Public Law 109-364), `Joint Policies on Requirements Definition, Contingency Program Management, and Contingency Contracting'. This board represents senior level oversight designed to advise and support the Capability Portfolio Management process which includes integrating, synchronizing, and coordinating portfolio content to ensure alignment to strategic priorities and capability demands of the Department. This board provides cross component alternatives and recommendations on current and future capability needs, policies and investments. Recommendation 1A: Direct Under Secretary of Defense for Intelligence in consultation with Under Secretary of Defense for Personnel and Readiness and Under Secretary of Defense for Acquisition, Technology and Logistics to develop departmentwide procedures for conducting and adjudicating background screenings of foreign national contractor personnel and establish a time frame for implementation. DOD Response: Partially-concur. DoD does not conduct its own investigations and has no infrastructure in place to conduct investigations on foreign nationals or to process such cases through the Department of State (DoS). DoD is wholly reliant upon the Office of Personnel Management (OPM), its investigative service provider, to conduct all investigative leads. The Under Secretary of Defense for Intelligence has in the past and will continue to encourage OPM to coordinate with the DoS to develop procedures to conduct National Agency Check with Inquiries equivalent investigations outside of the United States. The Functional Capabilities Integrations Board will ensure the appropriate modifications to Defense Federal Acquisition Regulation 52.225-19 `Contractor Personnel in a Designated Operational Area or Supporting a Diplomatic or Consular Mission Outside the United States' which will a) adequately reflect the intent of congress, b) realistically consider theater dependant vetting capabilities, and c) balances the Counter Insurgence Operations requirements of the field commanders. Recommendation 1B: Develop an effective means to communicate to Multi National Forces-Iraq (MNF-I) the new procedures so that MNF-I officials can adjust their existing background screening policies and procedures, if necessary, to comport with the procedures. DOD Response: Concur. See response to IA. Recommendation 1C: Develop a training program to ensure that military commanders and contracting officials, including contracting officer representatives (COR) and contracting officer technical representatives (COTR), understand the department's policies and procedures for background screening as well as their roles and responsibilities. DOD Response: Concur. This requirement needs to be clearly enunciated in the Federal Acquisition Regulation/Defense Federal Acquisition Regulation for our contracting officials, and incorporated as a key element into our existing training programs for our military, civilian and contracting representatives. Recommendation 2: The GAO recommends that the Secretary of Defense direct the Under Secretary of Defense for Acquisition, Technology, and Logistics to establish minimum process and requirements for the selection, accountability, training, equipping, and conduct of personnel performing private security functions under a covered contract during a combat operation. DoD Response: Partially concur. Section 862 of the FY 2008 National Defense Authorization Act clearly identifies Congressional intent on this issue. To meet the statutory requirements, DoD in conjunction with Department of State (DoS) authored a new directive entitled 'Private Security Contractors (PSCs) Operating in Contingency Operations.' This interagency document was just published in the July 17, 2009 issue of the Federal Register as an Interim Final Rule. After the period of public review expires, an enhanced edition of this document will be published as a DoD directive. In the interim, Office of the Department is coordinating the required Federal Acquisition Regulation and Defense Federal Acquisition Regulation clauses needed to implement the congressional intent outline in the `Private Security Contractors (PSCs) Operating in Contingency Operations' document. Recognizing there is no one size tits all solution to vetting PSC, the Department is also soliciting input from the Geographical Commanders on this subject. DoD Regulation 5200.8, "Security of DoD Installations and Resources". requires DoD Components to develop training, qualification, and suitability requirements for dedicated security forces (including contracted security forces where employed). The Operational Contract Support Capabilities Integrations Board will develop enchantments to the processes, procedures, and requirements for selection, accountability, training, equipping, and conduct of personnel performing private security functions under a covered contract during a combat operations should be worked via the Operational Contract Support Functional Capabilities Integrations Board in concert with Under Secretary of Defense for Acquisition, Technology and Logistics, Under Secretary of Defense for Intelligence, Under Secretary of Defense for Personnel and Readiness, and DoD components. Recommendation 3: The GAO recommends that the Secretary of Defense direct the Under Secretary of Defense for Acquisition, Technology, and Logistics to direct the geographic combat commander to develop and publish the regulations, orders, directives, instructions and procedures for private security contractors operating during a contingency operation within their area of responsibility. DoD Response: Partially concur. DoD has accomplished this task, in large part, through to the publication of Multi National Forces-Iraq Operations Order 09-01 "Requirements, Communications, Procedures, and Responsibilities for Control, Coordination, Management and Oversight of Armed Contractors/DoD Civilians and Private Security companies (PSC)" in Iraq and OPORD 09-03 "Department of Defense (DoD) Armed Contractors and PSCs (AC/PSCs) in Afghanistan. These dynamic documents are updated as conditions dictate. Recommendation 4: The GAO recommends that the Secretary of Defense direct the Under Secretary of Defense for Acquisitions, Technology and Logistics to provide a report to Congress with the timelines for completing the minimum processes discussed in the recommendation above. DOD Response: Concur. Recommendation 5: The GAO recommends that the Secretary of Defense direct the Under Secretary of Defense for Acquisitions, Technology and Logistics to revise the Federal Acquisition Regulation to require the insertion into each covered contract a clause addressing the selection, training, equipping, and conduct of personnel performing private security functions under such contract. DOD Response: Concur. DoD requirements are already included in the Defense Federal Acquisition Regulation 52.225-19 `Contractor Personnel in a Designated Operational Area or Supporting a Diplomatic or Consular Mission Outside the United States.' Interagency requirements will be addressed in the forth coming Federal Acquisition Regulation requirements directed by the newly published Interim Final Report. [End of section] Related GAO Products: Rebuilding Iraq: DOD and State Department Have Improved Oversight and Coordination of Private Security Contractors in Iraq, but Further Actions Are Needed to Sustain Improvements. [hyperlink, http://www.gao.gov/products/GAO-08-966]. Washington, D.C.: July 31, 2008. Military Operations: Implementation of Existing Guidance and Other Actions Needed to Improve DOD's Oversight and Management of Contractors in Future Operations. [hyperlink, http://www.gao.gov/products/GAO-08-436T]. Washington, D.C.: January 24, 2008. Military Operations: Background Screenings of Contractor Employees Supporting Deployed Forces May Lack Critical Information, but U.S. Forces Take Steps to Mitigate the Risk Contractors May Pose. [hyperlink, http://www.gao.gov/products/GAO-06-999R]. Washington, D.C.: September 22, 2006. Rebuilding Iraq: Actions Still Needed to Improve the Use of Private Security Providers. [hyperlink, http://www.gao.gov/products/GAO-06-865T]. Washington, D.C.: June 13, 2006. Military Operations: High-Level DOD Action Needed to Address Long- standing Problems with Management and Oversight of Contractors Supporting Deployed Forces. [hyperlink, http://www.gao.gov/products/GAO-07-145]. Washington, D.C.: December 18, 2006. Electronic Government: Agencies Face Challenges in Implementing New Federal Employee Identification Standard. [hyperlink, http://www.gao.gov/products/GAO-06-178]. Washington, D.C.: February 1, 2006. [End of section] Footnotes: [1] The Commission on Wartime Contracting in Iraq and Afghanistan, At What Cost? Contingency Contracting in Iraq and Afghanistan, June 2009. [2] DOD estimates are as of March 31, 2009, and State estimates are as of February 28, 2009. [3] GAO, Military Operations: Background Screenings of Contractor Employees Supporting Deployed Forces May Lack Critical Information, but U.S. Forces Take Steps to Mitigate the Risk Contractors May Pose, [hyperlink, http://www.gao.gov/products/GAO-06-999R] (Washington, D.C.: Sept. 22, 2006). [4] GAO, Rebuilding Iraq: DOD and State Department Have Improved Oversight and Coordination of Private Security Contractors in Iraq, but Further Actions Are Needed to Sustain Improvements, [hyperlink, http://www.gao.gov/products/GAO-08-966] (Washington, D.C.: July 31, 2008). [5] GAO, Military Operations: Background Screenings of Contractor Employees Supporting Deployed Forces May Lack Critical Information, but U.S. Forces Take Steps to Mitigate the Risk Contractors May Pose, [hyperlink, http://www.gao.gov/products/GAO-06-999R] (Washington, D.C.: Sept. 22, 2006). [6] [hyperlink, http://www.gao.gov/products/GAO-06-999R]. [7] A NACI consists of searches of the Office of Personnel Management Security/Suitability Investigations Index, the Defense Clearance and Investigations Index, the Federal Bureau of Investigation Identification Division's name and fingerprint files, and other files or indexes when necessary. It also includes written inquiries and searches of records covering specific areas of an individual's background during the past 5 years (inquiries sent to current and past employers, schools attended, references, and local law enforcement authorities). [8] [hyperlink, http://www.gao.gov/products/GAO-06-999R]. [9] DOD Instruction 5200.08, Security of DOD Installations and Resources, December 10, 2005. [10] Pub. L. No. 99-399 (1986). [11] As amended by Section 853 of the Duncan Hunter National Defense Authorization Act for Fiscal Year 2009. [12] Section 864 of the FY2008 NDAA defines a "covered contract" as (a) a contract of a federal agency for the performance of services in an area of combat operations; (b) a subcontract at any tier under such a contract; or (c) a task order or delivery order issued under such a contract or subcontract. [13] The Directive-Type Memoranda became effective November 26, 2008, and states that it shall be converted to a new DOD Instruction within 180 days. [14] [hyperlink, http://www.gao.gov/products/GAO-06-999R]. [15] GAO, Contract Management: Contracting for Iraq Reconstruction and for Global Logistics Support, [hyperlink, http://www.gao.gov/products/GAO-04-869T] (Washington, D.C.: June 15, 2004). [16] GAO, Rebuilding Iraq: DOD and State Department Have Improved Oversight and Coordination of Private Security Contractors in Iraq, but Further Actions Are Needed to Sustain Improvements, [hyperlink, http://www.gao.gov/products/GAO-08-966] (Washington, D.C.: July 31, 2008). [17] Special Inspector General for Iraq Reconstruction, Need to Enhance Oversight of Theater Wide Internal Security Services Contracts, SIGIR- 09-017 (Arlington, Va.: Apr. 24, 2009). [18] MNC-I, part of MNF-I, is the tactical unit responsible for the command and control of operations throughout Iraq. [19] This requirement was established to ensure compliance with the Lautenberg Amendment to the Gun Control Act of 1968 (Pub. L. No. 90- 168). For example, pursuant to section 922 (g)(9) of Title 18 of the U.S. Code it is unlawful for any person who has been convicted in any court of a misdemeanor crime of domestic violence to possess any firearm or ammunition. [20] [hyperlink, http://www.gao.gov/products/GAO-06-999R]. [21] GAO, Electronic Government: Agencies Face Challenges in Implementing New Federal Employee Identification Standard, [hyperlink, http://www.gao.gov/products/GAO-06-178] (Washington, D.C.: Feb. 1, 2006). [22] Army Regulation 190-56 prescribes policies and procedures for the selection, management, employment, training, and certification of Department of the Army security personnel and contract and contractor security personnel involved in the protection and safeguarding of personnel and property. It is applicable worldwide; however, outside of the continental U.S. commanders are instructed to consider such factors as host nation support and status of forces agreements when implementing its policies and procedures. [23] Army Regulation 190-56 provides that commanders of Army commands outside of the continental U.S. will establish necessary security screening procedures for security guard personnel to ensure that the spirit and intent of the regulation are met. [24] [hyperlink, http://www.gao.gov/products/GAO-06-999R]. [25] An interim rule is a rulemaking document that is effective immediately and may request comments in the Federal Register. An interim rule responds to an emergency situation and is usually followed by a rule document that confirms that the interim rule is final and may include further amendments. The DOD draft regulation on private security contractors states that it is being published as an Interim Final Rule because there is insufficient policy and guidance regulating the actions of DOD and other governmental private security contractors and their movements in the battlespace. It will be effective upon publication in the Federal Register and has a 45 day comment period. [26] The draft regulation states the relevant Chief of Mission will develop and issue implementing instructions for non-DOD private security contractor personnel consistent with the standards set forth by the geographic combatant commanders. [27] The draft regulation makes specific reference to DOD Directive 3020.49; DOD Instruction 3020.41; CJCS Instruction 3121.01B; DOD 5200.8- R; DOD Directive 2311.01E; and DOD Directive 5210.56. [28] Additional regulations referenced in the draft regulation provide policy objectives and establish responsibilities regarding qualification, training, screening and security of private security contractors, but do not articulate processes. For instance, DOD 5200.08- R, Physical Security Program (Apr. 9, 2007, incorporating Change 1, May, 27, 2009) states as an objective the standardization of personal identification and authentication at DOD installations and facilities, using the Common Access Card as the universal authority of individual authenticity and establishes that a NACI or equivalent national security clearance is required for permanent issuance of the credential. DOD Instruction 3020.41, Program Management for Acquisition and Operational Contract Support in Contingency Operations (draft update), establishes policy for integration of DOD contractor personnel into military contingency operations overseas, but for specific procedures relating to contingency personnel providing private security services it references the forthcoming DOD Instruction, which will be based on the interim final rule. DOD Directive 5210.56, Use of Deadly Force and the Carrying of Firearms by DOD Personnel Engaged in Law Enforcement and Security Duties (Nov. 1, 2001), directs heads of DOD components to ensure that local commanders develop criteria, consistent with this Directive and local law, for the carrying of firearms and the use of force by contract security forces. [29] Section 862 (a)(2)(D) was amended by Section 853 of the Duncan Hunter National Defense Authorization Act for Fiscal Year 2009. [30] An area of combat operation is defined in section 862 (c) of the FY2008 NDAA as an area, including Iraq and Afghanistan, to be designated by the Secretary of Defense. [31] The summary statement of the draft regulation notes that the Memorandum of Agreement provides appropriate procedures for private security contractors in Iraq, but the draft regulation is needed to implement equivalent procedures in Afghanistan. [32] Pursuant to the Memorandum of Agreement, the Secretaries of Defense and State agreed to jointly develop, implement, and follow core standards, policies, and procedures for the accountability, oversight, and discipline of private security contractors in Iraq. [33] While DOD Instruction 3020.41 is not applicable to State, in July 2008, DOD entered a Memorandum of Understanding with State and USAID, which designates SPOT as a central repository for information on deployed contractors under DOD, State, and USAID contracts. [34] GAO, Rebuilding Iraq: DOD and State Department Have Improved Oversight and Coordination of Private Security Contractors in Iraq, but Further Actions Are Needed to Sustain Improvements, [hyperlink, http://www.gao.gov/products/GAO-08-966]. (Washington, D.C.: July 31, 2008). [35] U.S. Department of State, Office of Inspector General, Performance Audit of the Triple Canopy Contract for Personal Protective Services in Iraq, Report Number MERO-IQO-09-03 (April 2009). [36] U.S. Department of State, Office of Inspector General, Special Inspector General for Iraq Reconstruction, Joint Audit of Blackwater Contract and Task Orders for Worldwide Personal Protective Services in Iraq, Report Numbers AUD/IQO-09-16, SIGIR 09-021 (June 2009). [37] Special Inspector General for Iraq Reconstruction, Oversight of Aegis's Performance on Security Services Contracts in Iraq with the Department of Defense, SIGIR-09-010 (January 2009). [38] DOD Instruction 2000.16, DOD Antiterrorism Standards, December 8, 20006. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s Web site, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: