The purpose of this section is to establish general policy and describe background investigative requirements for contract employees, subcontractors, experts, and consultants who require staff-like access, wherever the location, to Treasury/bureau-owned or controlled facilities; or work on contracts that involve the design, operation, repair or maintenance of information systems; and/or require access to sensitive but unclassified information. These policies and requirements are pursuant to Executive Order (E.O.) 10450, " Security Requirements for Government Employment," as implemented by Title 5, Code of Federal Regulations (CFR), parts 731, 732, and 736; E.O. 12968, "Access to Classified Information," and in accordance with the Treasury Security Manual, TDP 15-71, Chapter II, Section 2, "Investigative Requirements for Contractor Personnel."

The Contracting Officer’s Technical Representative (COTR), in conjunction with the appropriate Treasury/bureau management and the corresponding personnel security officer will review the work to be performed under contract and assign risk designations to positions of the contractors working on the contract in accordance with the criteria in TDP 15-71, Chapter I, Section 2, Position Sensitivity and Risk Designation. Each contract employee will undergo investigative processing based on the risk level designation. COTRs initiating background investigations should follow the instructions found on the IR Web at the following link; http://abis.web.irs.gov/abis/home.asp.

Contractor personnel hired for work within the United States or its territories and possessions and who require access, wherever the location, to IRS owned or controlled facilities or work on contracts that involve the design operation repair or maintenance of information systems, and/or require access to sensitive but unclassified information, security items or products must meet the following three eligibility criteria before a full background investigation will be initiated:

Contractors must ensure that foreign born employees meet the eligibility requirement for U.S. citizenship or lawful permanent resident status and ensure that all employees meet the Selective Service requirement by going to https://www.sss.gov/RegVer/wfVerification.aspx.

The level to which contractor employees are investigated shall be comparable to that required for Federal employees who occupy the same positions and who have the same position sensitivity designation. This includes contractor employees who have access to information or passwords associated with Treasury/IRS automated information systems (AIS) designated sensitive positions, including off-worksite access.

All unescorted contract employees are subject to a background investigation to determine their suitability and fitness for work on Treasury/bureau contracts and the investigation must be favorably adjudicated.

Responsibility for adjudication of the background investigations will remain with the Director, Personnel Security and Investigations (PS&I). This applies to, but is not necessarily limited to, end-product vendors, consultants, subcontractors, and other non-Federal personnel, all hereafter referred to as "contractors." Individuals hired as experts and consultants shall be subject to the same requirements as Treasury/IRS employees for the purpose of determining position sensitivity/risk and investigative requirements and shall not be processed through the NISP.

Treasury/IRS will establish and maintain a personnel security file for each individual contractor, expert or consultant in:

Treasury/IRS need not maintain a file on a contractor employee granted access to classified information under the NISP, unless there is a requirement for:

With regard to favorable investigations on contractor personnel, experts or consultants in low or moderate risk positions, Treasury/IRS may, at their discretion, retain either the entire report or pertinent investigative data only. The specific location of personnel security files shall be at Treasury/IRS discretion with the following exception: all national security files shall be maintained by the Treasury/IRS Personnel Security Officer.

Treasury/IRS contractor personnel whose duration of employment exceeds 180 days must be eligible for access, per certification of tax compliance, and shall undergo, at a minimum a National Agency Check and Inquiries as a condition of work under the government contract. If the duration of employment is less than 180 days or access is infrequent [i.e. 2-3 days per month] and the contractor requires unescorted access, the contractor employee must be eligible for access, per certification of tax compliance, and require at a minimum a fingerprint check (Special Agreement Check). No background investigation or tax check is completed if the duration of employment is less than 180 days or access is infrequent when there is escort provided by an IRS employee or an approved contractor employee at the same or higher position risk level.

Contractor personnel that are screened for work on applicable Treasury/IRS contracts shall not be considered to have been granted security clearance for access to classified information on the basis of the successful completion of any required investigation under this section.

Contractor personnel requiring access to Treasury/IRS offices/facilities in foreign countries who have been certified by the Department of State Diplomatic Security Service as meeting investigative and adjudicative criteria for access to facilities under the authority of a Chief of Mission shall be deemed to meet personnel security standards.

If the contractor employee leaves the contract, it is the COTRs responsibility to immediately notify the Contractor Programs group at the National Background Investigations Center, with the name and social security number of the contractor employee to cancel the investigation. Even if the background investigation is already completed notification is required so that the separation information can be appropriately recorded for tracking purposes.

In accordance with TDP 15-71, contractor personnel hired for work within the United States or its territories and possessions and who require access to Treasury/IRS owned or controlled facilities or security items or products, shall either be U.S. citizens or have lawful permanent resident status.

Treasury/IRS will adhere to the following standard when allowing contractor personnel access to Treasury/IRS owned or controlled facilities, IT systems, or security items or products:

Only under exceptional circumstances should a waiver be requested when a contractor does not meet the citizenship or lawful permanent resident residency requirement. Requests for waivers to the citizenship requirement must be submitted in writing. Foreign nationals employed as contractor, experts, or consultants shall not be allowed access to Treasury/IRS owned or controlled facilities, IT systems, or security items or products prior to the issuance of a waiver.

Waivers for non-citizens performing in low-risk/non-sensitive positions may be requested by the COTR through the Director, PS&I to the Director, Office of Security Programs (OSP), Department of Treasury, for determination.

Waivers for non-citizens performing in moderate-risk positions shall be requested by the COTR, through a senior executive-level manager in the business unit that has the contract or through the Treasury/ IRS head, to the Director, OSP, Department of Treasury, for determination.

Waivers for access to high-risk positions will not be considered for foreign nationals and waivers for foreign nationals working in IT positions involving the development of Treasury/bureau hardware or software products will not be considered if the position involves the design of security models, application integration, customization of software or hardware, or configuration of servers or networks. Waivers will not be allowed if the position has the ability to manipulate, or alter or affect the integrity; accessibility or availability of IT maintained information or records.

All waivers involving IT systems must also be routed though Treasury’s Chief Information Officer prior to approval by the Director, OSP, Department of Treasury, for final determination.

All waiver requests must include the following:

Treasury/bureau personnel security officers shall honor a contractor’s valid security clearance for access to classified information issued by other United States Government agencies or departments, provided the investigative basis for the clearance is current and meets investigative requirements. Additional investigation may be necessary if the investigation upon which the contractor’s clearance was based is not sufficient for that needed for access to Treasury/bureau facilities, information systems, and/or SBU information.

Previous background investigations conducted by other Federal agencies of the same or greater scope for low and moderate risk positions will be accepted as satisfying investigation requirements, with additional requirements for a fingerprint tax compliance eligibility. For high risk positions, the prior investigation will be accepted as satisfying the investigation requirements provided that the investigation was conducted within the last five years, tax compliance eligibility is met, and a fingerprint check is completed.

Solicitations and contracts shall include a clause that requires position risk designations for contractor employee background investigation or screening is required for access to Treasury/IRS facilities, information systems, security items and products, and/or sensitive but unclassified information. The clause shall require the successful contractor’s personnel to execute appropriate security forms prescribed by IRS Personnel Security and Investigations prior to contract work being performed; and in advance of being granted access to Treasury/IRS facilities, information systems, and/or sensitive but unclassified information (see also IRM 10.23.2.2 general investigation requirements).

Every IRS position, including those of contractors, must be designated with a sensitivity level and must meet personnel security/suitability standards commensurate with their position sensitivity level. All contractor employees shall be subject to investigation both prior to being granted staff-like access and at any time during the period of access to ascertain whether they continue to meet the requirements for staff-like access. Additionally, there is a reinvestigation requirement for individuals in high risk positions and those who have security clearances if they continue to have a need for access to classified information.

Due to the superior knowledge of the COTR regarding the position duties and access, the COTR is responsible for designating and documenting the risk level of each position within the contract. However, the Director, PS&I, has the ultimate authority for position risk designation and may adjust the risk level if deemed appropriate. This will occur if the Contractor Programs Manager finds a major discrepancy between the job duties as described in the request for investigation and the position risk designation made by the COTR.

These risk levels are established through an analysis of the duties and responsibilities of the positions, and given the placement of contractors, their impact on agency mission.

Live Scan fingerprints must be taken at limited local servicing IRS Offices or IRS approved enrollment stations. The COTR will make the necessary arrangements for the contractor to be fingerprinted.

In rare instances, manual fingerprints (ink and roll) will be taken by IRS Offices or approved enrollment stations. The integrity of the chain of custody of the completed ink and roll fingerprint card must be maintained, therefore, the completed fingerprint card must be mailed directly to the COTR by the entity administering the fingerprinting.

Any costs for fingerprinting, outside an IRS office (with the exception of an IRS approved enrollment station), will be borne by the contractor employee.

Non-custody fingerprints taken at police or law enforcement offices are the exception, and utilized for revalidation cases where chain of custody is not needed to meet HSPD-12 requirements.

A contractor employee who has been approved for interim or final staff-like access requires no escort while in an IRS owned or controlled facility such as leased or contracted space; may be granted access to information systems, data, or sensitive but unclassified information, no matter where the work will be located. This access is not unlimited however, and should only be given for the work in which the contract was awarded. Until a contractor employee has been approved for staff-like access, an escort is required no matter where the work is located.

Interim staff-like access approval will be granted when staff-like access is required prior to the completion of the full investigation. Due to the risk associated with granting staff-like access prior to the completion of the required background investigation, interim staff-like access will only be granted in cases where it has been determined that the risk is acceptable.

Interim staff-like access approval will be granted by PS&I prior to completion of the full investigation, as follows:

Pre-screening checks include a review of investigations forms, review of IRS account history for tax compliance; Federal Bureau of Investigation Criminal History and, if applicable, review of prior PS&I investigation indices check. The average time for completion of pre-screening is 15 calendar days.

PS&I will notify the COTR in an official memorandum via secure e-mail when interim staff-like access is approved or denied.

The memorandum of notice of interim staff-like access approval shall be attached to any ID media application. For system access, the COTR must have the memorandum of notice of interim staff-like access approval on file before initiating an online 5081, Information System User Registration/Change Request.

If the contractor employee is denied interim staff-like access, then he or she must be escorted. Access to an IT system will never be granted before interim staff-like access is approved. If interim is approved and then subsequently revoked - access to a system will be suspended.

Contractor employees must be escorted in the following instances:

Contractor employees who have been denied final staff-like access approval may not be escorted and must be removed from the IRS contract.

When the work is performed outside an IRS facility (IRS sensitive data or information provided to a contractor employee off site), escort access is accomplished by the accompaniment of an IRS employee or an approved contractor employee at the same or higher position risk level. Contractor employees who require a password or access to an IRS system remotely must be approved for staff-like access before an Online 5081 is initiated.

Escort access to an IRS facility is accomplished by the accompaniment of a contractor employee by an IRS employee or an approved contractor at the same or higher position risk level as the contractor employee. During work performance and movements throughout the facility, the escort must, at a minimum, have visual contact with the contractor employee.

For systems access for an escorted contractor employee, management controls such as individual accountability requirements, separation of duties enforced by access controls, or limitations on the processing privileges of individuals must be approved by the management official responsible for the system, and an IRS employee, with knowledge of the system sufficient to determine when the contractor employee's actions could cause damage or harm to the system or data, must escort the contractor employee during system access. A one-time use password will be used for this type of contractor employee systems access.

Certain contracts provide for services whereby contractor employees only periodically require access to a facility, system, or data (e.g., a time and materials maintenance contract, one or two day visit, once a month visits, etc.). Under these circumstances, a management official in the requesting organization may opt to provide escort access to a contractor employee instead of initiating an investigation or screening.

Prior to selecting this alternative, the management official must:

If a contractor employee transfers from one IRS contract to another, the new COTR must submit a revalidation of access utilizing the Automated Background Investigation System (ABIS) via the ABIS web site. PS&I will provide the new COTR with a new Memorandum of Final Staff-like Access Approval.

Contractor employees who previously worked on an IRS contract with a break in service with the IRS contract of two years or less, may move from one contract to another without additional investigation. COTRs are required to submit a request for revalidation of access to PS&I in these instances.

Contractor employees who previously worked on an IRS contract with a break in service with the IRS contract of two years or more, may not move from one contract to another without additional investigation. The contractor employee must complete new investigation forms.

The investigative costs are to be funded by the requesting customer organization in advance, via FR 58, Financial Plan Change in the Integrated Financial System (IFS). The requesting organization will transfer funds to PS&I for payment of investigation per PS&I procedures. IFS transfer procedures are posted on the PS&I web site at http://awss.web.irs.gov/personnelSecurity/NBIC/ReprogramFundstoPSI-FY08.doc. .

PS&I will not bill or draw down funds for those investigations canceled by the COTR within 15 days of receipt by PS&I . PS&I must receive written notification of the cancellation from the COTR, any investigation canceled after the 15th day will be charged the full rate current at the time the investigation was received at PS&I.

If a contractor employee transfers to a new IRS contract within 15 days of receipt of the investigative paperwork by PS&I, the new customer organization will be charged for the cost of the investigation.

If a contractor employee transfers to a new IRS contract after 15 days of receipt of the investigative paperwork by PS&I (while the investigation is already underway and after the Basic Investigation has been completed), the old customer organization will be charged for the cost of investigation.

Current investigation pricing information may be obtained from the PS&I web site at http://awss.web.irs.gov/personnelSecurity/NBIC/FY06%20Investigation%20Price%20Schedule.xls .

All contractor employees with high risk designations will be subject to re-investigation every five years. COTRs are responsible for initiating the re-investigations and tracking when reinvestigations are due for their contractors.

Low and moderate risk contractor employees do not require a new background investigation for the re-investigation requirement, however, they will require updated Federal tax compliance checks and a fingerprint check every five years.

COTRS are responsible for ensuring that investigation or screening paperwork is submitted timely 5 years from the date of the final access determination.

When the investigation is completed and the results are favorable, PS&I will notify the COTR in an official memorandum, via secure e-mail noting that the contractor employee is approved for final staff-like access.

When adverse information is developed in the course of an investigation, the scope of the inquiry will normally be expanded to the extent necessary to obtain such additional information as may be required to determine whether the contractor personnel may be employed on a given contract and granted access to Treasury/IRS facilities, information systems, security items and products, and/or sensitive but unclassified information.

A contractor on whom unfavorable or derogatory information has been developed during a personnel investigation must be so advised and offered an opportunity to refute, explain, clarify, or mitigate the information in question. The individual should also be advised that the IRS will not disclose any details of the adverse information to the contractor’s firm. However, if after final adjudication, a determination is made of ineligibility to render services on a contract and access to Treasury/IRS facilities is denied, the person will be formally notified and informed of the decision and the reason(s). The employing company will be advised only that the individual is denied employability on the IRS Government funded contract. This decision does not intend to imply that the person’s suitability for employment elsewhere in the company is affected.

When denial of staff-like access is appropriate, the contractor personnel will be informed, simultaneously with notification to the contractor that the individual is denied access for reasonable cause. The notification comes from the Director, PS&I who will forward the sealed letter to the contractor employee by trackable means such as certified or express mail with a Memorandum of Notification of Proposal to Deny Staff-like Access Approval to the COTR. The sealed letter to the contractor will outline the reasons for the proposed access denial and give the contractor employee 7 days from the date of receipt in which to respond to the Director, PS&I with any explanation, refutation, clarification, or mitigating circumstances. The Director, PS&I will make a final determination upon receipt of the response or expiration of the time period. It is recommended that the contractor employee's access be suspended or the contractor employee be escorted until the final determination is made. If after final adjudication, a determination is made to deny final staff-like access, the contractor employee will be formally notified by the Director, PS&I of the determination to deny by sealed letter. The Director, PS&I will notify the COTR with a Memorandum of Notification of Final Staff-like Access Denial. The COTR will notify the Contracting Officer (CO) to remove the contractor employee from the contract. The company shall be notified that the finding makes the individual ineligible to render services (or otherwise perform) under the contract.

Access to Treasury/IRS facilities, information systems, security items/products, and sensitive but unclassified information is a privilege. It may be revoked by the contracting Treasury/bureau based upon unsanctioned, negligent or willful action on the part of a contractor. Examples of actions that can trigger revocation include, but are not limited to, exploration of a sensitive system and/or data, introduction of unauthorized and/or malicious software, unauthorized modification or disclosure of systems and/or data, or failure to follow prescribed access control policies or procedures.

The CO (or COTR if authorized to communicate with the contractor employee's employer under this circumstance) must communicate to the employer that the contractor employee is being denied staff-like access for reasonable cause, that such finding makes the contractor employee ineligible to render services (or otherwise perform) under the contract, and that the decision by the Government does not intend to imply that the contractor employee's suitability for employment elsewhere in the company is affected. The CO will provide a copy of the Memorandum of Notification of Final Staff-like Access Denial to the employer.

Treasury/IRS personnel security officers, in consultation with Treasury/bureau information systems security officers, contracting officers, and COTRs, shall determine whether sensitive but unclassified information to which contractor personnel requires access, warrants execution of a nondisclosure agreement as a condition thereof. When determined to be necessary, each non-disclosure agreement will reference to the conditional nature of access to sensitive but unclassified information with respect to the contract work, or specialized project, for which such access is required. The Associate Director, PS&I, may be contacted for guidance in making these determinations. The non-disclosure agreement, as prescribed by Treasury, is available on the PS&I web page at http://awss.web.irs.gov/personnelSecurity/NBIC/INSTRUCTIONS%20FOR%20NON-DISCLOSURE%20AGREEMENTS.doc .

The original signed non-disclosure agreement shall be retained in the Treasury/IRS personnel security file for minimum of five years and for at least as long as the person has access to the system for which they executed the agreement. The Treasury/IRS has the discretion to maintain the agreement for as long as the information is deemed sensitive. A copy may be maintained in the official contract file. If requested, a copy may be furnished to the individual signatory.

Treasury/IRS will consult with legal counsel to determine whether annual appropriations acts, in effect at the time an agreement is executed, contain provisions requiring the inclusion of specific text in nondisclosure agreements.

Information in personnel security investigations, records, and operations, will be carefully safeguarded to protect the interests of both the individual and the Department/bureaus as required by the Privacy Act. Unless classified at a higher level, personnel security information must be afforded the same degree of protection as material classified Confidential and the information will only be used for authorized official purposes. When not in use, personnel security information must be stored in a General Services Administration-approved security container or in an equally secure area.

Personnel security investigation information requested by the subject of an investigation must be processed according to procedures established by Treasury/bureaus under provisions of the Privacy Act or the Freedom of Information Act, as appropriate. Requests for the release of the results of any personnel security investigation shall be referred to the Treasury/bureau or non-Treasury agency that conducted it.

Reports containing classified information must be protected in accordance with EO 12958, as amended, Classified National Security Information, and appropriate Treasury regulations.

Personnel security procedures relating to participants on advisory committees require that pre-appointment fingerprint screening to include a FBI criminal history and name check be completed, and annual tax checks requested by sponsoring officials. IRS officials responsible for the oversight of advisory committees are required to initiate the pre-appointment fingerprint screening and FBI name check through PS&I.

Current IRS Advisory Committees are:

In order to conduct those inquiries, committee-sponsoring officials shall inform selected advisory commission members of the purpose for requesting the information, as required by the Privacy Act, and that the SSN is used in this instance as an identifier to distinguish between individuals with identical names and birth dates. Sponsoring officials shall obtain a signed tax check waiver from the selected member and a FD 258 fingerprint card. Live Scan fingerprints can be taken at limited local servicing IRS Offices or IRS approved enrollment stations.

When results of the FBI fingerprint and name checks are obtained and are favorable, the requesting office is informed by PS&I that there is no objection to the person participating in the requested capacity. This does not, however, constitute a security clearance for access to classified information.

When results of the FBI fingerprint and name checks are questionable, the results are sent to the Director, Policy, Planning and Adjudication in PS&I for a final determination. If the determination is denied the requesting office is notified of the objection via secure e-mail.

In accordance with Wage and Investment’s Lockbox Security Guidelines (Section L.S.G.2.4.3, Employee Background Investigations), Lockbox employees must have an approved background investigation screening by the IRS Personnel Security and Investigations Office before being granted staff-like access to any lockbox facility, IT system (no matter where located), and/or sensitive data or information. Personnel Security background investigations are conducted on a position risk basis as follows: