OMB Individually Reported

User and Entity Behavior Analytics (UEBA)

Medium riskExact public inventory row

Description

The Continuous Vetting Analytics Service (CVAS) sub-system in the Vetting Identities for an Enterprise Workforce (VIEW) system of record will solely be used to aggregate information provided by or authorized to be collected by an DHS applicant and then presents the aggregated information in a structured manner and present it to personnel security adjudicative specialist to help them prioritize workload and improve review processes.

Detailed example

Behavioral Baseline Modeling: Develop a baseline for each individual based on regular access patterns, network usage, and interactions with classified data or secure areas. Anomaly Detection: Employ machine learning models to detect deviations from established baselines, such as unusual access times, atypical access to high-sensitivity resources, or excessive data downloads. Risk Scoring: Assign a risk score to each user based on observed anomalies, factoring in historical behavior, job role, and access level, allowing security teams to prioritize investigations. Automated Alerts & Reporting: Generate automated alerts for high-risk behaviors or patterns of concern and deliver timely reports to personnel security teams for further investigation."

AI / analytics pattern

Classical/Predictive Machine Learning: Models trained on data to make predictions or classifications based on identified patterns or relationships.

Automation level / stage

c) Deployed – The use case is being actively authorized or utilized to support the functions or mission of an agency.

Expected benefit

Enhanced Threat Detection: Identify patterns in user behaviors that deviate from normal baselines, signaling potential insider threats or security risks. Continuous Risk Assessment: Move from static vetting to a continuous vetting process by monitoring real-time activities and interactions with secure information. Improved Incident Response: Enable rapid responses to high-risk behaviors, escalating alerts for timely intervention by security personnel."

Audit / financial statement impact

The CVAS sub-system inside the VIEW system of record is not a high-impact use case because the Al's output from CVAS does not actually "serve as a principal basis for" the relevant type of agency action or decision. The collated information supports decisions about staffing priorities but is not used to make security-related or employment-related decisions. The use case also does not perform workplace monitoring or surveillance.

Controls / human review

ATO: Yes; PIA: Not published

Data needed

Personally Identifiable Information (PII), Sensitive Sensitive Personally Identifiable Information (SPII), Clearance and Background Investigation Data: Data from security clearances, background investigations, and adjudication records.