10.23.2 Contractor Investigations

Manual Transmittal

April 29, 2019

Purpose

(1) This transmits revised IRM 10.23.2, Personnel Security, Contractor Investigations.

Material Changes

(1) IRM sections reformatted to improve readability in compliance with IRM 1.11.2.3. During this process, subsections were created and existing content moved to the appropriate subsection or content deleted due to duplication of subject matter. Sections reformatted to improve readability in compliance with IRM 1.11.2.3. Subsequent changes listed below reflect the new numbering. See Exhibit 10.23.2-1 for a crosswalk of previous and current subsections which were changed.

(2) IRM 10.23.2.1 – Program Scope and Objectives. Changed section title from "Purpose" to adequately reflect the content addressed in this subsection. Added or reorganized existing IRM content to this subsection to comply with new regulations concerning internal controls as described in IRM 1.11.2. Added policy/programs owners and contact information. Added note: to clarify the term "IRS contract" .

  1. 10.23.2.1.1 - Authority. Updated or added legal authorities pertaining to this IRM. Moved language from subsection 10.23.2.1, Para (3) related to legal authorities to this subsection.

  2. 10.23.2.1.2 - Roles and Responsibilities. Moved language from 10.23.2.2(6) related to roles and responsibilities to this subsection.

  3. 10.23.2.1.3 - Commonly Used Acronyms. Added listed abbreviations.

  4. 10.23.2.1.4 - Security Terms and Definitions. Previously IRM 10.23.2.21, Definitions of Security Terms.

(3) IRM 10.23.2.2 General Investigative Requirements. Para (2) added to clarify application of investigative requirements related to access to facilities, IT systems and sensitive information.

(4) IRM 10.23.2.2.1 Vendor and Contracting Officer’s Representative Roles. Para (3) Revised information to clarify guidance for submitting Position Designation Survey. Revised language in the Note section to clarify when a background investigation can be initiated.

(5) IRM 10.23.2.2.2 Eligibility Criteria. Para (1):Added a note to clarify that "staff-like access" only applies when the contractor employee requires access and the interim staff-like access determination is pending. Para (1)a, moved language from 10.23.2 (13) about tax compliance to this subsection and revised definition for clarity. Added information about acceptable documentation required for non-U.S. males exempt from Selective Service Registration. Para (1)b. 2., revised to clarify "LPR residency" requirement.

(6) IRM 10.23.2.2.3 Background Investigation. Para (2)c, Removed sentence about re-investigation requirements for contractor employees with access to classified information as IRS is not authorized to grant such access to a contractor employee. Para (2)a 3, Added paragraph to read "However, if a prior investigation meets reciprocity criteria, a new investigation will not be required."

(7) IRM 10.23.2.2.3(1) Background Investigation. Revised information to update/clarify guidance for staff-like access.

(8) IRM 10.23.2.2.3(2) a) and b), Revised information to update/clarify the total number of days to be 180 calendar days per year versus consecutive days. Added statement about meeting reciprocity criteria.

(9) IRM 10.23.2.2.4 Infrequent Access to Facilities/Equipment. Para (1), Removed sentence about escorted contractor employee meeting eligibility criteria as the rule does not apply to contractor employees who only need infrequent access to IRS facilities and don’t require staff-like access. Revised rule for number of escorted persons per qualified escort.

(10) IRM 10.23.2.4 Fingerprinting Contractor Employees. Para (2), Added information that the authorized representative should complete two fingerprint cards when using ink and roll method.

(11) 10.23.2.2.6 Retention of Personnel Security Files. Para (4) added related to maintenance/destruction in compliance with the Records Control Schedule.

(12) 10.23.2.6 Interim Staff-like Access Approval. Added information about Limited Area Access.

(13) 10.23.2.6.1 Notification of Interim Staff-like Access. Added reference about security awareness training.

(14) IRM 10.23.2.6.2 Proposed Denial or Revocation of Interim Staff-like Access. Revised Para (2) Added paragraph to clarify staff-like access must be immediately suspend when a proposal to revoke staff-like access letter is issued.

(15) IRM 10.23.2.7 Reciprocity of Other Agency Background Investigations. Revised information to update/clarify guidance in accordance with Executive Order 13764. Para (2)b Change to read: more than two years.

(16) IRM 10.23.2.8 Final Staff-like Access Approval. Para (1) Revised information to update/clarify final staff-like access approval based on favorably adjudicated background investigation. Added reference about the exception of Limited Area Access. Added reference about mandatory security awareness training.

(17) 10.23.2.9 Notification of Final Staff-like. Para (2) added about request for media card and system access.

(18) IRM 10.23.2.10 Security Awareness Training Requirements. Created new subsection and moved all training requirements to this subsection.

(19) IRM 10.23.2.11.1 Proposed Denial of Final Staff-like Access. Para (1) Subject title revised as shown and language deleted regarding final decision. Para (2) d Revised information to clarify the contractor employee’s staff-like access when proposal to deny letter is issued.

(20) IRM 10.23.2.11.2 Notification of Denial of Final Staff-like Access. Para (2) c) added Note about removal if performing on more than one IRS contract. Added additional steps about retrieving ID media and disabling IT systems access.

(21) IRM 10.23.2.11.3 Revocation of Staff-like Access. Revised/added information to clarify guidance about proposed staff-like access revocation. Added additional steps about removing contractor employee, retrieving ID media and disabling IT system access.

(22) IRM 10.23.2.12 Added new subsection, Staff-like Access for Other Federal Agency Personnel.

(23) 10.23.2.13 Escort Procedures. Added guidance about while being escorted and a proposal to deny/revoke letter is issued.

(24) IRM 10.23.2.13.1 In Lieu of Investigation. Para (2), Removed sentence about escorted contractor employee meeting eligibility criteria as the rule does not apply to contractor employees who only need infrequent access to IRS facilities and don’t require an investigation.

(25) 10.23.2.13.2 Escort Requirements. Revised rule for number of escorted persons per qualified escort.

(26) 10.23.2.15 Re-investigation Requirements. Added statement about CORs responsibility for initiating fingerprint and tax check.

(27) IRM 10.23.2.16 Separating Contractor Employees. Added rule about vendor notifying COR.

(28) IRM 10.23.2.17 Non-Disclosure Agreement (NDA) for SBU Information. Para (1), Revised information for clarity that a NDA will be executed by all contractor employees requiring staff-like access to SBU information. Removed sentence about contacting the Associate Director, PS for guidance because all contractor employees, requiring access to SBU must execute a NDA

(29) IRM 10.23.2.17.2 Retention of NDA. Corrected authorization for disposition period for NDA

(30) 10.23.2.20.1 Pre-Appointment Checks. (2) b) added SF87 fingerprint card.

(31) 10.23.2.22.2 Payment When Contractor Employee Transfers to New Contract. Changed 15 calendar days to 30 calendar days.

(32) IRM 10.23.2.21 Definitions of Security Terms. Subsection renamed Security Terms and Definitions and located at IRM 10.23.2.13. Deleted the term "Access" . Revised definition for "Staff-like Access" . Where appropriate, replaced the term Access with Staff-like Access. Deleted the term and definition for "Unescorted Access." Both terms Access and Unescorted Access refer to Staff-like Access. Added or revised terms/definitions for: Adjudication, Continuous Evaluation, NBIB, National Security Position, OPM, Pre-screen, Qualified Escort, and Staff-like Access.

(33) Updated links, improved grammar and made other editorial changes throughout the IRM.

Effect on Other Documents

This supersedes IRM 10.23.2, Personnel Security, Contractor Investigations dated April 27, 2016.

Audience

All Divisions and Functions

Effective Date

(04-29-2019)

Robin Bailey, Jr.
IRS Human Capital Officer

Program Scope and Objectives

  1. Purpose. This section establishes general policy and describes the background investigative requirements for contractors (and contractor personnel), subcontractors (and subcontractor personnel), and those providing advisory and assistance services to determine their fitness for work on Treasury/IRS contracts. Hereafter the term IRS contract refers to contracts, solicitations, orders, and awards for services (i.e. courier, mail or janitorial services, etc.) granted by an IRS official, under which contractor (including subcontractor) employees require staff-like access to IRS facilities, information technology systems, SBU information, or security items or products. These individuals (all of whom are collectively referred to hereinafter, as "contractor employees," as appropriate) include but are not limited to:

    • Outside Experts

    • Consultants

    • Courier and Printing Services

    • Sign Language Interpreters

    • Document Recovery Services

    • Delivery Services

    • Interns (paid/unpaid)

    Special emphasis and discussion is placed on those contractors who require staff-like access, wherever the location, to Treasury/IRS-owned or controlled facilities; or work on contracts (as defined in Federal Acquisition Regulation (FAR) Part 2 that involve the design, operation, repair or maintenance of information systems; and/or require access to sensitive but unclassified (SBU) information, as defined in IRM 10.5.1.2.2 , Sensitive But Unclassified Information.

    "Staff-like Access" is authority granted to perform one or more of the following:

    • Enter IRS facilities or space (owned or leased) unescorted (when properly badged);

    • Possess login credentials to information systems (IRS or vendor-owned systems that store, collect, and /or process IRS information);

    • Possess physical and/or logical access to (including the opportunity to see, read, transcribe, and/or interpret) Sensitive but Unclassified (SBU) data, wherever the location; (See IRM 10.5.1 for examples of SBU data);

    • Possess physical access to (including the opportunity to see, read, transcribe, and/or interpret) security items and products (e.g., items that must be stored in a locked container, security container, or a secure room, wherever the location. These items include, but are not limited to security devices/records, computer equipment, Identification media. For details and further security requirements, see IRM 1.4.6.5.1, Minimum Protection Standards); or,

    • Enter physical areas, wherever the location, that store/process SBU information (unescorted).

    Staff-Like Access is granted to an individual who is not an IRS employee (and includes, but is not limited to: contractors/subcontractors, whether procured by IRS or another federal agency, vendors, delivery persons, experts, consultants, paid/unpaid interns, other federal employees, cleaning/maintenance employees, etc.), and is approved upon required completion of a favorable suitability/fitness determination conducted by IRS Personnel Security

    Note:

    HCO will collaborate with Procurement and FMSS related to non-IRS employees/contractors who need staff-like access on an as-needed basis, but no less than once every three years to evaluate the program effectiveness, and implement changes, as warranted.

    This manual does not prescribe policy with respect to issuance of security clearances for access to classified National Security information under the Defense Security Service, National Industrial Security Program (NISP).

  2. Audience. This IRM is for all IRS Divisions and Functions.

  3. Policy Owner. Personnel Security (PS) Employment, Talent, and Security (ETS) .

  4. Program Owner. PS is responsible for overseeing the Personnel Security program and providing policy and procedures related to personnel security matters.

  5. Contact Information. Website at: Personnel Security

Authority

  1. Contractors with access to SBU information must comply with the provisions of:

    1. Publication 4812, Contractor Security Controls

    2. Executive Order (EO) 13764, "Amending the Civil Service Rules, EO 13488, and EO 13467 To Modernize the Executive Branch-Wide Governance Structure and Processes for Security Clearances, Suitability and Fitness for Employment, and Credentialing, and Related Matters"

    3. Title 5, Code of Federal Regulations (CFR) 731, Suitability and 5 CFR 736, Personnel Investigations

    4. Treasury Security Manual (TSM), TD P 15-71, Chapter II, Section 2, Investigative Requirements for Federal Employees, Contractors, Subcontractors, Experts, Consultants and Paid/Unpaid Interns

    5. Treasury Order 102-17, Delegation of Authority Concerning the Personnel Security

    6. IRM 10.8.1, Information Technology (IT) Security, Policy and Guidance

    7. IRS Delegation Order 10-1, Perform Operating Functions Relating to Personnel Security

Roles and Responsibilities

  1. Responsibility for adjudication of background investigations falls under the responsibility of the Associate Director, PS.

Commonly Used Acronyms

  1. The table lists commonly used acronyms.

    ABIS Automated Background Investigation System
    COR Contracting Officer’s Representative
    EO Executive Order
    FBI Federal Bureau of Investigation
    JPAS Joint Personnel Adjudication System
    LPR Lawful Permanent Resident
    NBIB National Background Investigation Bureau
    NDA Non-Disclosure Agreement
    NISP National Industrial Security Program
    OPM Office of Personnel Management
    OSP Office of Security Programs
    PDT Position Designation Tool
    PII Personally Identifiable Information
    POC Point of Contact
    PS Personnel Security
    RAC Risk Assessment Checklist
    SAT Security Awareness Training
    SBU Sensitive But Unclassified
    SF Standard Form
    TD P Treasury Directive Publication
    TSM Treasury Security Manual

Security Terms and Definitions

  1. For Security Terms and Definitions, see IRM 10.23.2.23.

General Investigative Requirements

  1. Unless specified otherwise in this IRM, each contractor employee assigned to work under an IRS contract shall undergo investigative processing commensurate with the position risk level designation associated with the work to be performed, and comparable to that required for federal employees who occupy the same positions and who have the same position risk designation.

  2. Investigative requirements also apply when permitting contractor employees access to IRS-owned or controlled facilities, information technology (IT) systems, SBU information, or security items or products and no formal contract was awarded by Procurement. In such instances, the responsibility for meeting investigative requirements described in this IRM rests with the Business Operating Division (BOD) authorizing access for these contractor employees.

Vendor and Contracting Officer’s Representative Roles

  1. The vendor (company under contract) will assign a Point of Contact (POC) to all IRS contracts requiring staff-like access to Treasury/IRS-owned or controlled facilities, SBU information, IT systems, and/or assets.

  2. The vendor POC will assist the Contracting Officer’s Representative (COR) or the appropriate BOD official (individual who procured the contract) regarding position duties, level of staff-like access required, and preliminary assessments of the position risk designation.

  3. Facilities Management and Security Services, Contractor Security Management (FMSS/CSM) sends the Position Designation Survey and other forms to the vendor POC and the COR. The COR or the appropriate BOD official (individual who procured the contract) and the vendor POC will review the work to be performed under contract to assign a position risk designation. A risk assessment must be conducted for each position on the contract in accordance with the criteria in TD P 15-71, Chapter I, Section 1, Position Sensitivity and Risk Designation and IRM 10.23.2.5, Position Sensitivity and Risk Designations.

  4. FMSS/CSM will send all contractor background investigation requests to Personnel Security (PS), and will also coordinate submissions and actions with the COR, as appropriate.

    Note:

    A background investigation should not be initiated until a contract number is assigned to the vendor who is awarded the contract and the contractor employee is assigned to perform work on the IRS contract.

Eligibility Criteria

  1. Contractor employees hired for work within the United States or its territories and possessions who require staff-like access, wherever the location, to Treasury/IRS-owned or controlled facilities, or work on contracts that involve the design, operation, repair or maintenance of IT systems, and/or require access to SBU information, security items or products, must meet the three eligibility criteria listed below before being considered for staff-like access and prior to initiating a background investigation. This does not apply to non-federal personnel who do not have a contract with the IRS (i.e., child care workers, Credit Union employees) as they have access to non-IRS and public IRS areas only. Such personnel are vetted through their respective agency.

    Note:

    Eligibility criteria apply to escorted contractor employees only when the contractor employee requires staff-like access and the interim staff-like access determination is pending. During this period, the contractor employee is allowed temporary escorted access to IRS facilities only, with no access to any IT systems, SBU information, security items or products. Escorted access should only be used in emergency situations (e.g., when a contractor employee needs to attend a kickoff or other meeting scheduled prior to interim staff-like access being granted).

    1. Must be federal tax compliant. Must have filed all required returns and paid all taxes due, or be current on a payment plan for taxes due; must also remain tax compliant while actively working on IRS contracts.

      Note:

      Periodic tax checks will be conducted on all IRS contractor employees who have been granted staff-like access by PS and remain active on an IRS contract. This in addition to the tax check conducted at the initial on-boarding of IRS contractor employees requiring staff-like access and IRS contractor employees undergoing revalidation of staff-like access. All tax checks are conducted by the Employee Tax Compliance (ETC) Office.

    2. Must meet the following U.S. citizenship or residency requirements based on the assigned position risk level:
      1. Low Risk - Must be a U.S. citizen or Lawful Permanent Resident (LPR).
      2. Moderate Risk - Must be a U.S. citizen or LPR with at least three consecutive years of U.S. residency, from the date of legal entry, as a LPR .
      3. High Risk - Must be a U.S. citizen.

    3. All males born after 1959 must be registered with Selective Service. If not registered or exempt, the contractor must have a Status Information Letter from Selective Service.
      1. Non-U.S. male who entered the U.S., for the first time, after his 26th birthday can provide a copy of his I-94 with date of entry stamp or letter from U.S. Citizenship and Immigration Services indicating the date he entered the U.S.
      2. Non-U.S. male on a valid non-immigrant visa can provide a copy of his visa with date of entry stamp. For example, if the man entered the U.S. as an F-1 student visa and remained in that status until his 26th birthday, he must provide proof of admission on F-1 visa and attended school as required.

  2. Contractor companies must ensure that foreign born contractor employees meet the eligibility requirement for U.S. citizenship or lawful permanent resident status, and, when applicable, Selective Service requirements. The Selective Service Online Registration Verification website at https://www.sss.gov/Home/Verification is available to contractor employees as one tool for this purpose.

  3. Investigative processing is required regardless of the location of the work. This includes contractor employees who use technology for remote staff-like access to Treasury/IRS facilities or IT systems as well as those who have direct physical access to any IRS documents or data outside of any IRS facility.

Background Investigation

  1. All contractor employees who work on IRS contracts that require staff-like access to IRS-owned or controlled facilities SBU information, IT systems, and/or assets must be investigated. The investigation must be favorably adjudicated. The investigation covers various components of an individual’s personal background and a credit check is a standard part of many of these investigations. Contractor employees are required to sign a release form authorizing a search of their credit history. Refer to IRM 10.23.3.7, Credit Checks).

  2. Treasury/IRS contractor employees require background investigations as follows:

    1. Contractor employees whose duration of employment exceeds a total of 180 calendar days per year are subject to the following prior to beginning work on the IRS contract. Example: If a contractor employee works every other month which exceeds 180 days during the calendar year, the criteria will apply.
      1. Must meet the eligibility requirements for staff-like access outlined in section 10.23.2.2.2 above;
      2. Must receive a favorable interim staff-like access determination from PS based on a review of a Federal Bureau of Investigation (FBI) fingerprint check and a review of investigative paperwork completed by the contractor employee; and
      3. A background investigation must be initiated by PS and scheduled by the Office of Personnel Management (OPM), National Background Investigation Bureau (NBIB) based on the assigned position risk designation. Ultimately, the background investigation must be completed and adjudicated to determine if the contractor employee can continue to perform work on the contract. However, if a prior investigation meets reciprocity criteria, a new investigation will not be required.

    2. If the duration of employment is less than 180 calendar days per year and the contractor employee requires staff-like access to IT systems, facilities, Personally Identifiable Information (PII) or SBU information, the contractor employee is subject to the following prior to beginning work on the IRS contract:
      1. Must meet the eligibility requirements for access outlined in section 10.23.2.2.2 above; and
      2. Must have an approved staff-like access determination (meet the eligibility requirements and have a favorably adjudicated FBI fingerprint check).

    3. There are re-investigation requirements for contractor employees in low, moderate and high risk positions (see section 10.23.2.15 for reinvestigation requirements). Additionally, contractor employees are subject to investigation at any time during the period of access to ascertain whether they continue to meet the requirements for staff-like access.

Infrequent Access to Facilities and Equipment

  1. For contractor employees who do not require staff-like access to IT systems, PII, or SBU information, and only require infrequent access to IRS-owned or controlled facilities and/or equipment (e.g., a time and material maintenance contract that warrants access one or two days monthly/quarterly) as described in 10.23.2.13; no background investigation is required as long as the contractor employee receives 100% escort by a qualified escort. Refer to IRM 10.2.5.6.3, Non-Photo ID Cards and IRM 10.2.18.5, Physical Access Eligibility Requirements.

  2. A qualified escort is defined as an IRS employee or a contractor employee approved for staff-like access at the same or higher position risk level as the escorted contractor employee. The escort must accompany the contractor employee during all work performance and movements throughout the facility, and must, at a minimum, maintain visual contact with the escorted contractor employee. At least one qualified escort can escort per five escorted persons is required. Refer to IRM 10.2.18.5.2, Escorted Access..

Access to Facilities in a Foreign Country

  1. Contractor employees requiring access to Treasury/IRS offices/facilities in foreign countries who have been certified by the Department of State Diplomatic Security Service as meeting investigative and adjudicative criteria for access to facilities, under the authority of a Chief of Mission, will be deemed to meet personnel security standards. In these cases, a review and determination by PS is still required to ensure IRS specific standards are met.

Retention of Personnel Security Files

  1. Treasury/IRS will establish and maintain a personnel security file for each individual contractor employee in the following conditions:

    1. All moderate and high risk public trust positions; and

    2. Those low risk or non-sensitive positions on which unfavorable or derogatory information has been developed or received, unless the file is maintained by OPM.

  2. Treasury/IRS will not maintain a file on a contractor employee granted staff-like access to classified information under the NISP, unless there is a requirement for:

    1. Additional investigation in connection with access to Treasury/IRS facilities or automated information systems; or

    2. Access to classified information not covered under the NISP.

  3. With regard to favorable investigations on contractor employees , in low or moderate risk positions, Treasury/IRS may, at their discretion, retain either the entire report or pertinent investigative data only. The specific location of personnel security files shall be at Treasury/IRS discretion with the following exception: all national security files shall be maintained by the Treasury Personnel Security Officer or Associate Director, PS.

  4. Personnel security files must be maintained/destroyed in compliance with Document 12990, IRS Records Control Schedule (RCS),Document 12 Personnel Security Records, Item 2.

Citizenship Requirements

  1. In accordance with TSM TD P 15-71, contractor employees hired for work within the United States or its territories and possessions and who require staff-like access to Treasury/IRS-owned or controlled facilities, IT systems, SBU information, or security items or products, shall either be U.S. citizens or have lawful permanent resident status.

  2. Treasury/IRS will adhere to the following standard when allowing contractor employees staff-like access to Treasury/IRS-owned or controlled facilities, IT systems or security items or products, or SBU information:

    1. Low Risk: Must be a U.S. Citizen or LPR.

    2. Moderate Risk: Must be a U.S. Citizen or LPR with at least three consecutive of U.S. residency, from the date of legal entry, as a LPR.

    3. High Risk: Must be a U.S. Citizen.

Citizenship Waiver Requirements

  1. Only under exceptional circumstances should a waiver be requested when a contractor employee does not meet the citizenship or LPR residency requirement. Foreign nationals employed as contractor employees shall not be allowed staff-like access to Treasury/IRS-owned or controlled facilities, IT systems or security items or products, or SBU information prior to the issuance of a waiver. Waivers for:

    1. Low risk positions for contractor employees not meeting the conditions in 10.23.2.2.2 above may be requested by the COR.

    2. Moderate risk positions for contractors not meeting the conditions in 10.23.2.2.2 above may be requested by the COR through a senior executive-level manager in the business unit that holds the contract. th

    3. High-risk positions will not be considered for foreign nationals.

  2. Waivers for foreign nationals working in IT positions involving the development of Treasury/IRS hardware or software products will not be considered if the position involves

    1. The design of security models, application integration, customization of software or hardware, or configuration of servers or networks and/or;

    2. The ability to manipulate, or alter or affect the integrity, accessibility or availability of IT-maintained information or records.

Submitting a Waiver Request

  1. Requests for waivers to the citizenship requirement must be submitted in writing to the Associate Director, PS, who will forward it to the Director, OSP, Department of the Treasury, for a final determination. All waivers involving IT systems must be routed through Treasury’s Chief Information Officer for a final determination.

  2. All waiver requests must include the following:

    1. The full name, date of birth, place of birth, and current citizenship of the contractor employee.

    2. A completed SF85, SF85P or SF86.

    3. A completed background investigation.

    4. A description of the job/duty to be performed.

    5. Justification why there is no qualifying U.S. citizen or permanent resident alien available or capable of performing the task.

    6. A business case necessitating the waiver.

    7. An assessment of the risk associated with granting the waiver.

    8. All security countermeasures and actions taken to mitigate the risks associated with the requested waiver.

Fingerprinting Contractor Employees

  1. FMSS/CSM is responsible for sponsoring contractors in USAccess. The contractor employee will:

    1. Schedule required appointment at USAccess enrollment station via email notification sent to the contractor employee. The USAccess system is the first choice.

    2. If USAccess fingerprinting is not readily available, contractor employees may use Live Scan fingerprinting services at limited local servicing IRS Offices or IRS approved enrollment stations.

    3. If an enrollment station is not available, FMSS Identity Credential and Access Management (ICAM) may delegate escort and/or registrar responsibilities to CORs to escort contractor employees to other locations for fingerprinting.

  2. In rare instances, ink and roll fingerprints will be taken by IRS Offices or approved enrollment stations. The authorized representative should complete two fingerprint cards for each contractor employee. The integrity of the chain of custody of the completed ink and roll fingerprint card must be maintained, therefore, the completed fingerprint card must be mailed directly to FMSS/CSM by the entity administering the fingerprinting.

  3. When the contractor employee will not have physical or systems access, non-custodial fingerprints taken at police or law enforcement offices can be utilized. The chain of custody requirement in HSPD-12 is not required for these contractor employees.

  4. Any costs for fingerprinting outside an IRS office (with the exception of an IRS approved enrollment station) will be borne by the contractor company or contractor employee.

Position Sensitivity Risk Designation Levels

  1. Every IRS position, including those of contractor employees, must be designated with a position risk designation. Contractor employees must meet personnel security/suitability standards commensurate with their position risk designation. See IRM 10.23.3.4, Position Sensitivity Risk Levels

Determining The Position Risk Designation

  1. The vendor POC and COR or BOD official (individual who procured the contract) are responsible for working with the appropriate business unit management for identifying access needs and preliminary assessments on risk designations for each position within the contract. The Associate Director, PS, has the ultimate authority for position risk designation and may adjust the risk level if deemed appropriate.

  2. These position risk levels are established through an analysis of the duties and responsibilities of the positions, the placement of contractor employees and their potential impact on the agency’s mission. All position risk designations will be determined through the use of the Position Designation Survey, which provides a logical questionnaire-based approach to position risk designation.

Position Risk Designation for IT Privileged Access

  1. Contractor employees in IT positions with IT Privileged Access to sensitive IT systems must be designated as high risk.

    1. IT management must identify these contractor employees and enter a request into the OL5081 system.

    2. PS will determine if an adequate investigation exists or if a new investigation is required for the high risk position.

    3. Access will be granted if a requisite background investigation exists or upon the completion and favorable adjudication of a new background investigation for the high risk position.

    4. IT Privileged Access is defined as administrator or root access to DS, DSTEST and IRSNET domains and that contain highly sensitive, critical information. Individuals with this level of access have major program responsibilities and authorities; and if information is compromised, it could cause exceptionally serious damage to the national financial market. Examples of DS, DSTEST and IRSNET domains include, but not limited to:

    • IBM and application access Individual Master File (IMF)

    • Business Master File (BMF)

    • Customer Account Data Engine (CADE/CADE2)

    • Redesigned Revenue Accounting System (RRACS)

    • Integrated Financial System (IFS)

    • Corporate Files On Line (CFOL)

Interim Staff-like Access Approval

  1. Interim staff-like access approval may be granted prior to the completion of the background investigation. Due to the risk associated with granting staff-like access prior to the completion of the required background investigation, interim staff-like access will only be granted in cases where it has been determined that the risk is acceptable. Contractor employees who have been approved for interim staff-like access are granted staff-like access while in IRS-owned or controlled facilities (includes leased or contracted space), except for designated limited areas. Refer to IRM 10.2.18.5.1, Unescorted Access and IRM 10.2.18.8, Limited Area Access.

    Note:

    Contractor employees in IT positions with "IT Privileged Access" to IRS sensitive IT systems, designated as a high risk position, will not be granted interim staff-like access.

  2. Interim staff-like access approval is based on the following eligibility/suitability checks:

    1. Background investigation forms;

    2. IRS account history for federal tax compliance;

    3. Selective service registration compliance;

    4. Citizenship/residency;

    5. FBI fingerprint criminal history;

    6. If applicable, credit history report; and

    7. If applicable, prior background investigations.

  3. Contractor employees who possess a current active U.S. Government security clearance for access to classified information may be granted interim staff-like access for positions after:

    1. The clearance is verified through the Joint Personnel Adjudication System (JPAS).
      1. Contractor employees with Top Secret clearance may be granted interim staff-like access approval to occupy positions designated at High, Moderate or Low Risk.
      2. Contractor employees with Secret or Confidential clearances may be granted interim staff-like access approval to occupy positions designated Moderate or Low Risk.

    2. A favorable adjudication of pre-screening eligibility/suitability checks.

Notification of Interim Staff-like Access

  1. PS will notify the COR and FMSS/CSM in an official memorandum when interim staff-like access is approved. PS will notify FMSS/CSM and the COR in the same manner when interim staff-like access is denied.

  2. The memorandum of notice of interim staff-like access approval shall be attached to the Request for ID Media/Access Card for Contract Employee application. For system access, the COR must have this memorandum of notice of interim staff-like access approval on file before initiating an Online 5081," Information System User Registration/Change Request." The COR will inform contractor employee of ID card pick up procedures.

    Note:

    Regardless of where work is performed, contractor employees who require a password or access to an IRS IT system must be approved for staff-like access before an Online 5081 is initiated for systems access.

  3. Contractor employees who require staff-like access to IT systems/data or SBU information, regardless of location, must complete mandatory annual security awareness training as described in 10.23.2.10 below.

Proposed Denial or Revocation of Interim Staff-like Access

  1. If PS issues the contractor employee a Proposal to Deny letter during the interim staff-like access determination process, the contractor cannot enter on duty and/or perform work on the contract until a final staff-like access approval determination is rendered. Access to an IT system and/or SBU information cannot granted before interim staff-like access is approved.

  2. If interim staff-like access is approved and then subsequently a proposal to revoke letter is issued, staff-like access to Treasury/IRS-owned or controlled facilities, IT systems, SBU information, and security items and products must be immediately suspended by the COR and FMSS/CSM until a final determination is made by PS.

Reciprocity of Other Agency Background Investigations

  1. PS will accept background investigations and adjudications conducted by other federal agencies unless it is determined that the background investigation or adjudication does not sufficiently address the standards used by PS in determining contractor fitness.

  2. Completed background investigations and final favorable adjudications will be accepted for staff-like access unless:

    1. The new position requires a higher level investigation;

    2. Favorable adjudication or background investigation was completed more than five years ago.

    3. New adverse information is obtained that questions the individual’s fitness for staff-like access based on character or conduct; or

    4. The individual’s investigative record shows conduct that is incompatible with core duties of the new position.

  3. Additional requirements must be met for all position risk levels for final staff-like access to be granted: fingerprint screening, selective service registration, citizenship/residency requirements and full tax compliance.

Final Staff-like Access

  1. Contractor employees who have been approved for final staff-like access, based on a favorably adjudicated background investigation, are granted staff-like access while in an IRS-owned or controlled facility (which includes leased or contracted space), except for designated limited areas. Refer to IRM 10.2.18.5.1, Unescorted Access and IRM 10.2.18.1, Limited Area Access.

    Note:

    Staff-like access to work on Treasury/IRS contracts does not constitute a national security clearance and does not allow access to classified information.

  2. Staff-like Access is the authority granted to employees and contractors that provides opportunity to physically come into contact with (including, but not limited to reading, transporting, and/or transcribing/interpreting) SBU information in the performance of official duties; entering an IRS facility without escort; and/or to login into IRS systems with approved credentials.

  3. Contractor employees who require staff-like access to IT systems/data or SBU information, regardless of location, must complete mandatory annual security awareness training as described in 10.23.2.10 below.

Access to IT Systems and Sensitive Information

  1. Contractor employees approved for staff-like access may be granted access to IT systems/data, or SBU information, no matter where the work will be located. This access is not unlimited, and should only be granted to accomplish the work described in the IRS contract. Until a contractor employee has been approved for staff-like access, an escort is required no matter where the work is located and no access to IT systems/data or SBU information is permitted. For escort procedures, see 10.23.2.13 below.

  2. SBU information is any information that requires protection due to the risk and magnitude of loss or harm to the IRS or the privacy to which individuals are entitled under Section 552a of Title 5, United States Code (the Privacy Act), which could result from inadvertent or deliberate disclosure, alteration, or destruction. Refer to IRM 10.5.1.2.2, Sensitive But Unclassified (SBU) Data. Examples of SBU information include:

    1. Personal information, including employment information such as job applications, disciplinary actions, performance appraisals, drug tests and health exams;

    2. Tax return information (IRC §6103);

    3. Law enforcement manuals; or

    4. Certain procurement documents, bids and contracts.

  3. PII is also considered SBU information. This is information that is linked or linkable to an individual and the information must be protected to prevent the possibility of identity theft or invasion of privacy. Examples include:

    1. Any information about an individual maintained by an agency, including, but not limited to, education, financial transactions, medical history and criminal or employment history; or

    2. Information that can be used to distinguish or trace an individual’s identity, such as their name, social security number, date and place of birth, mother’s maiden name, biometric records, etc.

Notification of Final Staff-like Access Determination

  1. When the investigation is completed and the results are favorable, PS will notify the COR and FMSS/CSM in an official memorandum noting that the contractor employee is approved for final staff-like access.

  2. The memorandum of notice of final staff-like access approval must be attached to the Request for ID Media/Access Card for Contract Employee application. For system access, the COR must have this memorandum of notice of final staff-like access approval on file before initiating an Online 5081, Information System User Registration/Change Request. The COR will inform contractor employee of ID card pick up procedures.

    Note:

    If the contractor employee was approved for and retained interim staff-like access, issued an ID card, and granted system access; the above step is not required for final staff-like approval.

  3. When the results of the investigation are unfavorable and final staff-like access is not granted, PS will notify the COR and FMSS/CSM in an official memorandum noting that the contractor employee is not approved for final staff-like access. See IRM 10.23.2.11 below for more details of actions taken when the results are unfavorable.

Security Awareness Training Requirements

  1. Contractor employees who require staff-like access to SBU information and/or IT systems, regardless of location, must complete mandatory annual security training.

  2. The COR is responsible for ensuring contractors receive Security Awareness Training (SAT) within five business days of being granted interim/final staff-like access to an IRS sensitive information or IT systems. For more information about SAT, refer to IRM 10.8.1.4.2.1, Security Awareness Training.

  3. If the contractor employee has IT Privileged Access, the COR is responsible for ensuring the contractor employee completes the Specialized IT Security Training (SITS) pertinent to their roles and responsibilities before being granted access to the IT system or performing assigned duties. Contractor employees with such access are required to complete specialized training annually. Refer to IRM 10.8.1.4.2.2, Roled Based Security Training and IRM 10.8.2, Information Technology (IT) Security, IT Roles and Responsibilities.

Adverse Information - Denial and Revocation of Final Staff-like Access

  1. When adverse information is discovered or detected in the course of an investigation, the scope of the inquiry may be expanded to obtain additional information to determine whether the contractor employee may continue staff-like access to Treasury/IRS facilities, IT systems, security items and products, and/or SBU information.

  2. If adverse information that may warrant action is discovered during a background investigation, the contractor employee must be so advised and offered an opportunity to refute, explain, clarify, or mitigate the information in question. The contractor employee will be advised that the IRS will not disclose any details of the adverse information to the contractor’s firm. However, if after final adjudication, a determination is made of ineligibility to render services on a contract and access to Treasury/IRS facilities is denied, the contractor employee will be formally notified and informed of the decision and the reason(s). The contractor company will be advised only that the contractor employee is denied employability on the IRS Government funded contract. This decision does not intend to imply that the contractor employee’s suitability for employment elsewhere in the company is affected.

Proposed Denial of Final Staff-like Access

  1. ,If after final adjudication, PS issues a proposal to deny letter for final staff-like access, the following will occur:

    1. Associate Director, PS, will send a proposal to deny letter to the contractor employee’s last known residence.

    2. The letter will outline the reasons for the proposed staff-like access denial and give the contractor employee seven calendar days, from the date of receipt, to respond to the Associate Director, PS with any explanation, refutation, clarification, or mitigating circumstances.

    3. Associate Director, PS will notify the COR and FMSS/CSM via email stating that the contractor employee is being denied staff-like access for reasonable cause until a final determination is made. Upon notification from Associate Director, PS of a proposal to deny staff-like access, the COR and FMSS/CSM must ensure that the contractor employee’s staff-like access to Treasury/IRS-owned or controlled facilities, information systems, SBU information/PII, and security items and products is suspended until the final determination is made.

    4. Associate Director, PS will make a final determination upon receipt of the contractor employee’s response or expiration of the time period allotted for the contractor employee to respond. The contractor employee, COR, and FMSS/CSM will be notified in writing of the final decision and any required actions.

Notification of Denial of Final Staff-like Access

  1. If after final adjudication, the Associate Director, PS makes a decision to deny final staff-like access, the contractor employee will be formally notified by the Associate Director, PS of the determination to deny by sealed letter.

    1. The Associate Director, PS will notify the COR and FMSS/CSM with a Memorandum of Notification of Final Staff-like Access Denial.

    2. The COR will notify the Contracting Officer (CO) to remove the contractor employee from the contract and provide a copy of the notification to FMSS/CSM.

  2. The CO (or COR if authorized to communicate with the contractor employee’s employer under this circumstance) must take the following steps:

    1. Communicate to the employer that the contractor employee is being denied final staff-like access for reasonable cause. Such finding makes the contractor employee ineligible to render services (or otherwise perform) under the IRS contract, and the decision by the Government does not intend to imply that the contractor employee’s suitability for employment elsewhere in the company is affected.

    2. Provide a copy of the Memorandum of Notification of Final Staff-like Access Denial to the employer. PS will not disclose any details of the adverse information to the contractor company, COR, or third-party entity.

    3. Immediately remove the contractor employee from the IRS contract.

      Note:

      If the contractor employee performs work on more than one IRS contract, the contractor employee must be removed from all contracts unless the reason for the denial does not have a nexus to duties being performed on the contract. This includes situations where access only occurs at an off-site or non-IRS location.

    4. Retrieve all ID media and sensitive information from the contractor employee.

    5. Disable all IT system user accounts associated with the contractor employee.

Revocation of Final Staff-like Access

  1. Staff-like Access to Treasury/IRS-owned or controlled facilities, IT systems, security items/products, and SBU information is a privilege. It may be revoked by the contracting Treasury/IRS element based upon unsanctioned, negligent or willful action on the part of a contractor employee. Examples of actions that can trigger revocation include, but are not limited to:

    • Non-compliance with federal tax regulations

    • Unauthorized access or inspection of a sensitive system and/or data

    • Introduction of unauthorized and/or malicious software

    • Unauthorized modification or disclosure of systems and/or data

    • Failure to follow prescribed access control policies or procedures

  2. When revocation of staff-like access is appropriate, the following will occur:

    1. Associate Director, PS will mail a proposal to revoke staff-like access letter to the contractor employee’s last known residence.

    2. The letter will outline the reasons for the proposed action and provide the contractor employee 30 calendar days for non-compliance tax matters and 14 calendar days for all other misconduct matters to respond to the Associate Director, PS with an explanation, refutation, clarification, or mitigating circumstances.

    3. Associate Director, PS will notify the COR and FMSS/CSM that the contractor employee’s staff-like access to Treasury/IRS-owned or controlled facilities, IT systems, security items/products, or SBU information is being suspended for reasonable cause until a decision is made. The Associate Director, PS will make a final determination to revoke or grant continued staff-like access upon receipt of the contractor employee’s response or expiration of the allotted time for the contractor employee to respond. At such time, the contractor employee, COR, and FMSS/CSM will be notified in writing of the final decision and any required actions.

  3. If staff-like access is revoked, the CO (or COR if authorized to communicate with the contractor employee’s employer under this circumstance) must take the following steps:

    1. Communicate to the employer that the contractor employee’s staff-like access is being revoked for reasonable cause. Such finding makes the contractor employee ineligible to render services (or otherwise perform) under the IRS contract, and that the decision by the Government does not intend to imply that the contractor employee’s suitability for employment elsewhere in the company is affected.

    2. Provide a copy of the Memorandum of Notification of Final Staff-like Access Revocation to the employer. PS will not disclose any details of the adverse information to the contractor company, COR, or third-party entity.

    3. Immediately remove the contractor employee from the IRS contract.

    4. Retrieve all ID media and sensitive information from the contractor employee.

    5. Disable all IT system user accounts associated with the contractor employee.

Staff-like Access for Other Federal Agency Personnel

  1. Other federal agency personnel who require periodic access, on a recurring basis, may be granted staff-like access to IRS-owned or controlled facilities, sensitive data and/or information systems. The individual must have a completed and favorably adjudicated background investigation at, or higher, than the risk level of the work to be performed or the access to the controlled IRS work area. The background investigation and adjudicative determination must be verified through the parent agency’s security office and/or the appropriate OPM security indices. Refer to the following standard operating procedures, which are located on the PS Website.

    • Clearing Other Federal Agency/Bureau Personnel (not paid for by the IRS) for Unescorted Access to IRS Facilities/Data/Systems (SOP PS 4-1A)

    • Clearing Other Federal Agency/Bureau Personnel (being paid by the IRS) for Unescorted Access to IRS Facilities/Data/Systems (SOP PS 4-1B)

    • Clearing Department of Homeland Security (DHS) Federal Protective Service (FPS) Security Officers for Unescorted Access to IRS Facilities/Data/Systems (SOP PS 4-1C)

Escort Procedures

  1. Contractor employees must be escorted in the following instances, but will not be permitted to access SBU information or IT systems:

    1. When a background investigation has been initiated and an interim staff-like access determination is pending.

      Note:

      In the event a proposal to deny or revoke interim staff-like access letter is issued, all access will be immediately suspended until a final staff-like access determination is made. Refer to 10.23.2.6.2, Proposed Denial or Revocation of Interim Staff-like Access

    2. In lieu of an investigation when the contractor employee requires infrequent access to a facility or equipment and no access to IT systems and/or SBU data is required.

In Lieu of Investigation

  1. Alternative 10.23.2.13(1)b above, in lieu of investigation, applies only to contractor employees who require infrequent access to a facility or equipment (e.g., a time and material maintenance contract that warrants access one or two days monthly/quarterly). Under these special circumstances, a management official, in the requesting organization, may opt to provide escort access to a contractor employee instead of initiating a background investigation. Refer to IRM 10.2.5.6.3 , Non-Photo IDs.

    Note:

    This alternative does not apply to contractor employees who have frequent access to IRS sensitive IT systems, IRS facilities, PII, and/or SBU information.

  2. Prior to selecting this alternative, the management official must adhere to the following conditions, in addition to the requirements set forth in 10.23.2.13.2) below.

    1. Ensure escort access provides adequate security protection;

    2. Document the decision and provide a copy to the COR; and

    3. Coordinate escort with management official at the site(s) where access is required.

Escort Requirements

  1. Escorted access requirements are the same for work performed at any Treasury/IRS-owned or controlled facility. Requirements for escorted access are:

    1. Only an IRS employee or a contractor employee approved for final staff-like access at the same or higher position risk level, as the escorted contractor employee, can serve as a qualified escort;

    2. The escort must accompany the escorted contractor employee during all work performance and movement throughout the facility;

    3. The escort must, at a minimum, maintain visual contact with the escorted contractor employee; and

    4. At least one qualified escort per every five escorted persons is required. Refer to IRM 10.2.18.5.2, Escorted Access.

      Note:

      Exceptions to these requirements must be approved by the Associate Director, PS.

  2. Contractor employees who have been denied final staff-like access cannot be escorted and must be removed from the IRS contract unless the contractor employee performed on more than one contract and was not removed from all IRS contracts, refer to 10.23.2.11.2 (c) above.

Revalidation of Contractor Employee Staff-like Access

  1. When there is a material change in the contract or working situation, revalidation of access is needed for affected contractor employees. Examples of material changes include:

    1. Contractor employee transfers from one IRS contract to another;

    2. Contractor employee requires access to more than one contract;

    3. Contractor employee separates from an IRS contract and has a break in service of two years or less;

    4. Contractor employee name changes;

    5. Contractor company name changes; and/or

    6. Contract number changes.

  2. In these situations, the following will occur:

    • The COR will provide FMSS/CSM with the Risk Assessment Checklist (RAC)

    • FMSS/CSM will enter the RAC information into the Automated Background Investigation System (ABIS)

    • The COR and FMSS/CSM will receive an Approval of Final Staff-Like Access or Denial of Access memo from PS.

  3. Federal tax compliance checks are conducted on all revalidations.

Break in Service

  1. Contractor employees who were previously approved to work on an IRS contract and have a break in service from the IRS contract of two years or less may move from one contract to another without an additional investigation as long as the prior investigation meets or exceeds the current position risk designation. CORs are required to submit a RAC to FMSS/CSM in these instances. Final staff-like access continues in these cases, and PS will generate a revalidation of access letter of approval.

  2. Contractor employees who have had a break in service on an IRS contract of more than two years, or who require an investigation for a higher risk level, must have a new investigation before being granted final staff-like access on a new contract.

Re-investigation Requirements

  1. Contractor employees in positions designated as high and moderate risk will be subject to re-investigation every five years. The COR is responsible for initiating the re-investigation.

  2. Contractor employees in positions designated as low risk require a FBI fingerprint and a tax check every five years. The COR is responsible for initiating the fingerprint and tax check.

    Note:

    The tax check is a standard reinvestigation requirement for a low risk position. However, a contractor in such position is not exempt from the periodic tax check requirement in 10.23.2.2.2 (1) a above..

  3. CORs are responsible for tracking when reinvestigations are due for their contractor employees. CORs should ensure that the RAC and other appropriate documents are submitted three months prior to the expiration of the background investigation, which is the date of final approval memo issued by PS. A copy of the final approval memo can be obtained through the ABIS Website.

Separating Contractor Employees

  1. When a contractor employee leaves the contract, the following occurs:

    1. The vendor notifies the COR within one business day from the contractor employee’s date of separation.

    2. The COR completes the Form 14604, "Contractor Separation Checklist," and forwards it to FMSS/CSM.

    3. FMSS/CSM forwards Form 14604 to PS and PS will cancel any pending investigations or adjudications and update the security file. Even if the background investigation is already completed, notification is required so that the separation information can be appropriately recorded in the security file.

Non-Disclosure Agreement (NDA) for SBU Information

  1. Treasury/IRS personnel security officers, in consultation with Treasury/IRS IT systems security officers, contracting officers, and CORs, must ensure all contractor employees requiring access to SBU information execute a NDA as a condition thereof.

Execution of NDA

  1. An NDA must be signed and submitted to PS prior to starting work on the contract when access to SBU information is required. When necessary, each NDA will reference to the conditional nature of access to SBU information with respect to the contract work, or specialized project, for which such access is required.

  2. The COR should use the NDA instructions/sample document provided at the PS Contractor Forms Website. The document has been adapted for IRS use from the non-disclosure agreement format prescribed by TD P 15-71, Chapter II, Section 2, Item 8, "Nondisclosure Agreement for Sensitive Information" .

  3. The COR will provide a copy to FMSS/CSM along with all necessary security documents. FMSS/CSM will submit the NDA and required security documents to PS when initiating case in ABIS.

  4. Treasury/IRS will consult with legal counsel to determine whether annual appropriations acts, in effect at the time an agreement is executed, contain provisions requiring the inclusion of specific text in NDAs.

Retention of NDA

  1. The original signed NDA shall be retained by the COR in the official background investigation file. For authorized disposition period, see Document 12990 , IRS Records Control Schedule (Rev. 2014), 12 Personnel Security Records, Item 2. The Treasury/IRS has the discretion to maintain the agreement for as long as the information is deemed sensitive. If requested, a copy may be furnished to the individual signatory.

Solicitations and Contracts

  1. Solicitations and contracts shall include a clause that requires position risk designations for contractor employee, background investigation, or screening, and federal tax compliance before staff-like access is granted to Treasury/IRS-owned or controlled facilities, IT systems, security items and products, and/or SBU information. The clause shall require the successful contractor’s employees to execute appropriate security forms including non-disclosure agreements (as required) prescribed by IRS PS prior to contract work being performed, and in advance of being granted staff-like access to Treasury/IRS-owned or controlled facilities, IT systems, security items and products, and/or SBU information (see IRM 10.23.2.2, General Investigative Requirements, IRM 10.23.2.17, Non-Disclosure Agreement (NDA) for SBU Information and TDP 15-71, Treasury Security Manual, Chapter II, Section 2, item 8, Nondisclosure Agreement for Sensitive Information.

Protection of Personnel Security Records

  1. PII in personnel security investigations, records, and operations shall be carefully safeguarded to protect the interests of both the individual and the IRS, pursuant to requirements of the Privacy Act. Unless categorized at a higher level, or determined to be classified national security information, personnel security information must be afforded the same degree of protection as material identified as SBU as defined in IRM 10.5.1.2.2, Sensitive But Unclassified (SBU) Data, and must be used only for authorized official purposes. When not in use, personnel security information must be stored in a General Services Administration approved security container or in an equally secure area.

  2. Personnel security investigation information requested by the subject of an investigation must be processed according to procedures established by Treasury/IRS under provisions of the Privacy Act or the Freedom of Information Act, as appropriate. Requests for the release of the results of any personnel security investigation shall be referred to the Treasury/bureau or non-Treasury agency that conducted it.

  3. Reports containing classified information must be protected in accordance with EO 13526, Classified National Security Information and appropriate Treasury regulations.

Advisory Committees

  1. Personnel security procedures relating to participants on advisory committees require that a pre-appointment fingerprint screening be completed and periodic tax checks requested by the IRS sponsoring official. IRS sponsoring officials responsible for the oversight of advisory committees are required to initiate the pre-appointment fingerprint screening through PS.

  2. Current IRS Advisory Committees are:

    1. Electronic Tax Administration Advisory Committee

    2. Information Reporting Program Advisory Committee

    3. Taxpayer Advocacy Panel

    4. Internal Revenue Service Advisory Council

    5. Tax Exempt &Government Entities

    6. Art Advisory Panel of the Commissioner of Internal Revenue Service

Pre-Appointment Checks

  1. In order to conduct those inquiries, committee-sponsoring officials (SO) will inform selected advisory commission members of the purpose for requesting the information, as required by the Privacy Act.

  2. Prior to completing the tax check and having the subject fingerprinted, the SO must ensure the applicant reads and signs the tax check waiver and Form 12333, Fingerprint Consent Form.

    1. The Form 12333 should be mailed to PS and the tax check waiver maintained by the SO.

    2. The applicant must be fingerprinted on a SF87 or FD 258 fingerprint card or Live Scan fingerprints can be taken at limited local servicing IRS Offices or IRS approved enrollment stations.

  3. When the results of the FBI fingerprint check are completed, PS will:

    1. Automatically approve any results indicating "no record" ; or

    2. Review any FBI fingerprint check with a record to determine if the applicant is suitable.

    3. Document all results on an official memorandum and e-mail to the SO.

Lockbox Employees

  1. In accordance with Wage and Investment’s, Lockbox Security Guidelines, Section L.S.G.2.4.3, Employee Background Investigations, Lockbox employees must have an approved background investigation screening by IRS PS before being granted staff-like access to any lockbox facility, IT system (no matter where located), and/or sensitive data or information. Background investigations are conducted on a position risk basis as follows:

    1. Full time bank employees - appropriate investigation based on position risk.

    2. Bank associates - annual fingerprint check.

    3. Temporary employees - annual fingerprint check.

Payment for Investigations

  1. The investigative costs are to be funded by the requesting customer organization. The requesting customer organization is responsible for:

    1. Completing a reprogramming action in the Integrated Financial System (IFS) and

    2. Transferring funds to PS for payment of investigation per PS procedures. IFS transfer procedures are posted on the PS web site at http://hco.web.irs.gov/recruitstaff/PersonnelSecurity/Contractor/ContractorProcess.shtml.

Cancellation of Investigation

  1. PS will not bill or draw down funds for those investigations canceled by FMSS/CSM or the COR within 15 calendar days of PS receipt.

    1. PS must receive written notification of the cancellation from FMSS/CSM or the COR.

    2. Any investigation canceled after the 15th calendar day will be charged the full rate current at the time the investigation was received.

Payment When Contractor Transfers to New Contract

  1. If a contractor employee transfers to a new IRS contract within 30 calendar days of receipt of the investigative paperwork by PS, the new customer organization will be charged for the cost of the investigation.

  2. If a contractor employee transfers to a new IRS contract after 15 calendar days of receipt of the investigative paperwork by PS and an interim determination was made by PS, the previous customer organization will be charged for the cost of investigation.

Security Terms and Definitions

  1. Adjudication - The evaluation of information in an individual’s background investigation or any other relevant/reliable information to determine if an individual is suitable or fit to perform work for or on behalf of the federal government; eligible for logical or physical access; or eligible to hold a sensitive position. An adjudicator carefully weighs information gathered during the background investigation (favorable-unfavorable, past-present) to reach a final determination.

  2. Adjudicator - A trained personnel security specialist who evaluates background investigations and other pertinent information to make employment suitability and national security eligibility determinations.

  3. Adverse Information - Information that adversely reflects on a person’s character, integrity or reliability that suggests that their ability to safeguard sensitive information may be impaired, or that their employment and national security eligibility is not in the best interest of Treasury/IRS. For example, a history of misbehavior, i.e., drug abuse, criminal activity, employment misconduct, etc.

  4. Background Investigation - An official examination of facts or other pertinent information that covers a defined period of normally no more than 10 years. The information is compiled from a review of various records, interview with the subject, and interviews with persons who have knowledge of the subject. The information collected must be sufficient to allow an affirmative or negative determination of a person’s eligibility and suitability to work for the Federal Government.

  5. Classified Information - Information controlled by the U.S. Government that has been determined pursuant to Executive Order 13526, Classified National Security Information, or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.

  6. Continuous Evaluation (CE) – A vetting process to review the background of an individual who has been determined to be eligible for access to classified information or to hold a sensitive position at any time during the period of eligibility. CE leverages a set of automated record checks to assist in the assessment of an individual’s continued eligibility.

  7. Contract - A mutually binding legal obligation or agreement for services/ supplies prepared or granted by or on behalf of the Secretary of the Treasury or a Treasury/bureau head.

  8. Contracting Officer - A U.S. Government official having written, designated authority to enter into, administer, and/or terminate contracts and make related determinations and findings with respect thereto on behalf of the United States Government.

  9. Contracting Officer’s Representative (COR) - An individual designated and authorized by the contracting officer to perform contract administration activities on his/her behalf within the limits of delegated authority for a specific acquisition or contract.

  10. Contractor Employee - An individual, not a federal employee, that performs work for or on behalf of the Federal Government.

  11. Contractor Employee Fitness Determination - A fitness determination based on an individual’s character and conduct to work for or on behalf of the Government as a contractor employee.

  12. Controlled Facility - A designated facility, building, office where only personnel assigned to work in such areas are authorized unescorted access.

  13. Credit Check - A credit history report conducted on the subject of a background investigation. The report contains financial information collected from creditors, lenders, and public records and organized by credit bureaus or other credit reporting services.

  14. Escorted Access - A contractor employee not yet granted staff-like access that needs to be accompanied by an" authorized escort " during work performance and movement throughout the facility.

  15. Federal Tax Compliant - Federal tax returns are timely and accurately filed and timely payment of taxes without penalties or interest.

  16. Fingerprint Check - Also referred to as a criminal history record or rap sheet - Is a listing of specific information taken from fingerprint submissions retained by the FBI in connection with arrests and, in some instances, federal employment, naturalization, or military service.

  17. Foreign National - An individual who is not a U.S. citizen or a lawful permanent resident authorized to reside in the U.S.

  18. High Risk Position - A public trust position that has the potential for exceptionally serious impact on the "efficiency of the service" involving duties especially critical to the agency or a program mission with broad scope of policy or program authority.

  19. Interim Staff-Like Access - Access granted on a temporary basis based on the completion of minimum investigative requirements pending the completion of full investigative requirements, including receipt and adjudication of the individual’s completed background investigation.

  20. IT Privileged Access - Administrator or root access to DS, DSTEST and IRSNET domains that contain highly sensitive, critical information. See IRM 10.23.2.5.2 for examples of DS and IRSNET domains.

  21. Joint Personnel Adjudication System (JPAS) - The centralized Defense Department database of standardized processes; virtually consolidates the Defense Central Adjudication Facilities by offering real time information concerning clearances, access, and investigative statuses to authorized security personnel and other interfacing organizations.

  22. Lawful Permanent Resident (LPR) - A non-U.S. citizen who resides in the U.S. under legally recognized and lawfully recorded permanent residence as an immigrant. Also known as "Permanent Resident Alien" , "Resident Alien Permit Holder," and "Green Card Holder."

  23. Lockbox Employee - An individual employed by a commercial bank that processes financial transactions for Treasury/bureaus.

  24. Low Risk Position - Positions involving duties that have the potential for limited impact upon the agency mission based upon their limited program responsibilities that affect the "efficiency of the service."

  25. Moderate Risk Position - A public trust position involving duties having the potential for moderate to serious impact on an agency or a program mission with significant program responsibilities and delivery of customer services to the public.

  26. National Background Investigations Bureau (NBIB) - Established within OPM as the primary service provider for conducting effective and efficient background investigations for employment suitability or fitness to perform work for or on behalf of the Federal Government.

  27. National Security Position - Any position, the occupant of which could bring about, by virtue of the nature of the position, a material adverse effect on national security. Such positions include, but are not limited to, those requiring eligibility to classified information; protecting the nation from acts of terrorism, espionage, or foreign aggression; developing plans or polices related to national defense/military operations. Refer to 5 CFR 1400, Designation of National Security Positions, Section 1400.102.

  28. National Industrial Security Program (NISP) – A single, integrated, cohesive industrial security program established by Executive Order 12829 to protect federal government classified information that is released to contractors, licensees, and grantees of the United States Government and to preserve our Nation’s economic and technological interests.

  29. Non-Disclosure Agreement (NDA) - A legally binding contract executed by an individual to protect U.S. Government sensitive and/or classified information from unauthorized disclosure. The agreement is a condition to have access to sensitive/classified information and specifies the security requirements and penalties for noncompliance.

  30. Notification of Access - A written notice delivered to the COR and contractor employee that signifies the final staff-like access determination.

  31. Office of Personnel Management (OPM) - OPM is an independent Federal agency that works in numerous broad areas to recruit and retain a first-rate Federal workforce, which includes individuals performing work for or on behalf of the Federal Government.

  32. Periodic Reinvestigation - An investigation that is required every five years for contractor employees who perform work for or on behalf of the Federal Government and are in positions designated high and moderate risk.

  33. Personally Identifiable Information (PII) - Also considered Sensitive But Unclassified (SBU) information. Information that is linked or linkable to an individual that must be protected to prevent the possibility of identity theft or invasion of privacy.

  34. Personnel Security (PS) - An organization comprised of security specialists that are engaged in the formulation and application of security policies and procedures involving the trustworthiness and loyalty of persons employed with the Federal Government in sensitive and non-sensitive positions.

  35. Position Designation Tool (PDT) - A logical questionnaire-based system designed by OPM to guide agencies in determining the proper level of investigation and screening required based on an assessment of risk and national security sensitivity.

  36. Position Sensitivity - A risk designation based on an assessment of the degree of damage that an individual, by virtue of the occupancy of a position, could have an effect on the "efficiency of the service."

  37. Pre-screen - A preliminary review of a security questionnaire and security checks to render an interim employment eligibility and suitability or fitness determination before initiating a background investigation.

  38. Proposal to Deny Letter - A written notice delivered to the contractor employee when unfavorable information is discovered during a background investigation that could adversely affect the individual’s employment suitability. The notice gives the individual the opportunity to refute, explain, clarify, or mitigate the information in question prior to PS making a final determination.

  39. Public Trust Position - Positions at the high or moderate risk levels as determined by the position’s potential for adverse impact to the "efficiency of the service." Such positions may involve policy making, major program responsibility, public safety and health, law enforcement duties, fiduciary responsibilities or other duties demanding a significant degree of public trust, and positions involving access to or operation or control of financial records, with a significant risk for causing damage or realizing personal gain.

  40. Qualified Escort - An IRS employee or a contractor employee approved for final staff-like access at the same or higher position risk level as the contractor employee who requires escorting. At least one qualified escort per every five escorted persons is required and must accompany the escorted persons during work performance and throughout the facility. Refer to IRM 10.2.18.5.2 , Escorted Access.

  41. Reciprocity - Recognition and acceptance of prior background investigations and favorable fitness determinations conducted by another federal agency, without further processing when the determination was based on equivalent criteria used by gaining agency; i.e., investigation meets or exceeds required position risk level, investigation completed within last two years, no break in service since the last favorable determination.

  42. Revalidation of Access - Reconfirmation of a contractor employee’s staff-like access when there is any material changes to a contract, a contractor employee name change, movement from one contract to another contract, or work performance on multiple contracts.

  43. Security Clearance - Certification issued by a designated personnel security official or designee that grants an individual access to classified information, on a need-to-know basis, up to the required classification level (Top Secret, Secret, or Confidential) to perform official duties.

  44. Security Items - Items that must be stored in a locked container, security container, or a secure room. These items include, but not limited to security devices/records, computer equipment, Identification media. For details, see IRM 10.4.1.5.1, Minimum Protection Standards.

  45. Sensitive But Unclassified Information (SBU) - Any sensitive information (including tax and tax-related information) that requires protection due to the risk and magnitude of loss or harm to the IRS or the privacy to which individuals are entitled under Section 552a of Title 5, United States Code (the Privacy Act), which could result from inadvertent or deliberate disclosure, alteration, or destruction.

  46. Sensitive Position – Positions that the occupant could bring about, by virtue of the nature of the position, a material adverse effect on the national security, whether the occupant has access to classified information.

  47. Staff-like Access - See IRM 10.23.2.1, Program Scope and Objectives.

  48. Staff-like Access Denial - An adjudicative decision to deny access based on information revealed in a background investigation, other relevant information, or both that indicates that contractor employee is not fit to perform work for or on behalf of the federal Government.

  49. Staff-like Access Revocation - An adjudicative decision to permanently withdraw the contractor employee’s staff-like access based on a background investigation, other relevant information, or both, that a cleared contractor employee is no longer fit to perform work for or on behalf of the Federal Government.

  50. Subcontractor - A supplier, distributor, vendor or firm that furnishes supplies or services to or for a prime contractor or another subcontractor. A subcontractor is considered a prime contractor in relation to each of its subcontractors.

  51. U.S. Citizen - A person born in the U.S. or its territories, or born in a foreign country to U.S. born parents are U.S. citizens by birth. A person not born in the U.S. can voluntarily become a naturalized U.S. citizen once all eligibility requirements are met. Also, a minor can derive U.S. citizenship following the naturalization of one of both parents.

  52. Vendor - A business or person who provides goods or services.

IRM 10.23.2 Previous and Current Subsections Crosswalk

The table below displays the changes for previous and current subsections.

Previous Subsection Numbering Current Subsection Numbering
10.23.2.1 Purpose 10.23.2.1 Program Scope and Objectives
10.23.2.8 Staff-like Access 10.23.2.8 Final Staff-like Access
10.23.2.9 Notification of Access Determination 10.23.2.9 Notification of Final Staff-like Access Determination
10.23.2.10 Adverse Information and Revocation of Access 10.23.2.10 Security Awareness Training Requirements
10.23.2.11 Escort Procedures 10.23.2.11 Adverse Information - Denial and Revocation of Final Staff-like Access
10.23.2.12 Revalidation of Contractor Employee Access 10.23.2.12 Staff-like Access for Other Federal Agency Personnel
10.23.2.13 Re-Investigation Requirements 10.23.2.13 Escort Procedures
10.23.2.14 Separating Contractor Employees 10.23.2.14 Revalidation of Contractor Employee Staff-like Access
10.23.2.15 Non-Disclosure Agreement (NDA) for SBU Information 10.23.2.15 Re-Investigation Requirements
10.23.2.16 Solicitations and Contracts 10.23.2.16 Separating Contractor Employees
10.23.2.17 Protection of Personnel Security Records 10.23.2.17 Non-Disclosure Agreement (NDA) for SBU Information
10.23.2.18 Advisory Committees 10.23.2.18 Solicitations and Contracts
10.23.2.19 Lockbox Employees 10.23.2.19 Protection of Personnel Security Records
10.23.2.20 Payment for Investigations 10.23.2.20 Advisory Committees
10.23.2.21 Definitions of Security Terms 10.23.2.21 Lockbox Employees
  10.23.2.22 Payment of Investigations
  10.23.2.23 Security Terms and Definitions