DEPARTMENT OF STATE
2 CFR Part 602
48 CFR Parts 604, 652
[Public Notice: 11513]
RIN 1400-AF09
Acquisition Regulation and Grants Regulation: Contractor and Grantee Counterterrorism
Vetting
AGENCY: Department of State.
ACTION: Advance Notice of Proposed Rulemaking; request for comment
SUMMARY: The Department of State has identified namecheck vetting as a critical tool that
can be used, where appropriate, to mitigate the risk that U.S. government activities could
inadvertently benefit terrorist groups, their members, or their supporters, and is crafting rules that
will address the Department’s namecheck vetting process, including setting out the requirements
for including vetting provisions in Department of State solicitations and awards for both grants
and contracts to allow for namecheck vetting of key individuals of implementing partners and
sub-contractors or sub-grantees, beneficiaries of programs, or other identified categories of
individuals, when deemed appropriate by the relevant Department official.
DATES: The Department of State will accept comments until [INSERT DATE 30 DAYS
AFTER DATE OF PUBLICATION IN THE FEDERAL REGISTER].
ADDRESSES: Persons with access to the Internet may view this rule and submit comments by
going to www.regulations.gov and searching for docket number DOS-2024-0008.
● Inspection of public comments: All comments received before the close of the comment
period will be available for public inspection, including any personally identifiable or

confidential business or financial information that is included in a comment. The
Department of State will post all comments received before the close of the comment
period at www.regulations.gov. For a summary of this rulemaking, please go to
www.regulations.gov/DOS-2024-0008.
FOR FURTHER INFORMATION CONTACT: Annura Murtadha, Vetting Chief,
MurtadhaAN@state.gov, (202) 663-3871 (Fax).
SUPPLEMENTARY INFORMATION: Because security screening precautions have slowed
the delivery and dependability of surface mail and hand delivery to the Department of State in
Washington, DC, the Department recommends sending all comments to the Federal
eRulemaking Portal. The e-mail address and fax number listed above are provided in the event
that submission to the Federal eRulemaking Portal is not convenient (all comments must be in
writing to be reviewed). You may submit comments by electronic mail, avoiding the use of any
special characters and any form of encryption.
The purpose of this ANPRM is to gather data for the Department to amend 48 CFR chapter 6 and
2 CFR chapter VI, to add new pre-award and award terms for contracts and grants. The preaward provisions will delineate the namecheck vetting process and the applicant’s
responsibilities for submitting information on individuals who will be subject to namecheck
vetting, prior to award. The award provisions will delineate the post-award namecheck vetting
process and the recipient’s responsibilities with respect to namecheck vetting during the award
period.

This regulatory action will boost national security by helping the Department to mitigate the risk
that agency funds and other resources do not inadvertently benefit terrorist groups, their
members, or their supporters.
Background

Authority for vetting is inherent in the Department of State’s (“the Department” or “State”)
authority to carry out the necessary administrative steps to implement foreign assistance and
other Department of State programs and activities. The Office of Risk Analysis and Management
(RAM) is the sole organization designated within the Department to conduct counterterrorism
name-check vetting. In addition, section 7034(e) of the Department of State, Foreign
Operations, and Related Programs Appropriations Act, 2024 (Div. F, P.L. 118-47) and similar
provisions in prior year acts specifically contemplates the implementation of counterterrorism
name-check vetting (described in the provision as “partner vetting”) and establishes requirements
for the expansion of the vetting program, which the Department addresses as appropriate1.
Section 7034(e) also provides that the Secretary may restrict the award of, terminate, or cancel
contracts, grants, or cooperative agreements or require an awardee to restrict the award of,
terminate, or cancel a sub-award based on information in connection with a partner vetting
program. With respect to foreign assistance programs, section 635(a) of the Foreign Assistance
Act of 1961 (FAA) provides that assistance may be provided on such terms as may be
determined to be best suited to the achievement of the purposes of the FAA.
Consistent with U.S. law and Department policy, the Department makes every reasonable effort
to guard against the risk that U.S. government activities could inadvertently benefit terrorist
groups, their members, or supporters. Prior to furnishing assistance or providing funding, the
Department first assesses the risk that funds, goods, services, or other resources to be provided
could inadvertently benefit terrorist groups, their members, or their supporters, including people
or organizations who are not formally designated as terrorists by the U.S. government but who
may nevertheless be linked to terrorist activities.

“(e) Partner Vetting.—Prior to initiating a partner vetting program, providing a direct vetting option, or making a significant change to the scope
of an existing partner vetting program, the Secretary of State and USAID Administrator, as appropriate, shall consult with the Committees on
Appropriations: Provided, That the Secretary and the Administrator shall provide a direct vetting option for prime awardees in any partner vetting
program initiated or significantly modified after the date of enactment of this Act, unless the Secretary Administrator, as applicable, informs the
Committees on Appropriations on a case-by-case basis that a direct vetting option is not feasible for such program. Provided further, That the
Secretary and the Administrator may restrict the award of, terminate, or cancel contracts, grants, or cooperative agreements or require an awardee
to restrict the award of, terminate, or cancel a sub-award based on information in connection with a partner vetting program.”
Where such risk is identified by a State Department Program Office, one way to mitigate
it is through name-check vetting.
The Department of State has been conducting name-check vetting for programs in certain select
countries since 2012. Through a five-year joint pilot with the U.S. Agency for International
Development (USAID) that concluded in 2017, 688 contracts and grants were subject to namechecking vetting, with 1,593 key individuals from 410 organizations being vetted. The
Department of State’s RAM vetting program is designed to gather information about key
individuals employed at organizations seeking U.S. funding, as well as subcontractors or
subgrantees, beneficiaries of programs, or other identified categories of individuals that receive
some benefit from an award. That information is then vetted against public sources of
information and information contained in non-public relevant U.S. government databases for ties
to terrorist groups, their members, or their supporters.
The Joint State-USAID Pilot Program
The Department conducted a joint pilot program with the USAID starting in 2012. The joint
State-USAID pilot was initially authorized under section 7034(o) of the Department of State,
Foreign Operations, and Related Programs Appropriations Act, 2010 (Div. F, P.L. 111-117), and
required consultations between the Department and USAID and the Committees on
Appropriations prior to implementation.
The joint State-USAID pilot program included both agencies’ programming in five countries –
Guatemala, Ukraine, Lebanon, Kenya, and the Philippines. It was later expanded to include
Afghanistan. These countries were chosen to reflect geographic diversity and a range of terrorist
threat levels in contexts where comparable programs were being implemented by both agencies.
During the pilot’s early implementation, the Department and USAID received individuals’
personal information through OMB-approved forms made available to the public via an online
portal. The relevant individuals were vetted, and derogatory information identified was provided

to the program office. The program office would then decide on whether to proceed in light of
that information.
Throughout the joint pilot, the Department and USAID also sought feedback from
nongovernmental stakeholders. Some key areas of concern noted during consultations included
standardization of vetting procedures, data privacy, and exemptions. To reduce concerns about
effort duplication, State and USAID created a steering group to coordinate and standardize
processes and data collection. In addition, to reduce the burden placed on implementers, both
agencies instituted online portals for submitting individuals’ information, rather than using paper
forms.
These online portals provided a secure platform and more streamlined means of submitting
information and included instructions in multiple languages. Further, the agencies exercised best
practices to protect submitted personal information throughout the joint pilot to ensure
participants’ privacy and minimize risk to those operating in more repressive contexts. Access to
information submitted to the Department was limited within the Department to only those with a
“need-to-know,” such as the analysts charged with conducting the vetting. Records were
retained and disposed according to a standardized records schedule consistent with National
Archives and Records Administration guidance.
The Department also implemented structures to ensure those without required documentation can
still participate in programming after their case is reviewed on an ad hoc basis.
A report was provided to Congress in 2017 at the conclusion of the pilot, consistent with section
7034(e)(1) of the Department of State, Foreign Operations, and Related Program Appropriations
Act, 2017 (Div. J, P.L. 115-31).
Following completion of the pilot program, the Department of State’s name-check vetting
program has continued to operate consistent with U.S. government and Department guidance,

including the Department’s Foreign Affairs Manual (FAM)2. The vetting program continues to
be managed by the Office of Risk Analysis and Management (RAM) within the Department and
continues to adapt to address feedback received, evolving needs of implementers, and dynamic
global security challenges.
After the Department completed the joint pilot program with USAID, the number of countries
under the RAM vetting program increased due to evolving circumstances in countries where
Department programs are implemented. Programs in eight countries are currently subject to
counterterrorism name-check vetting based on program offices’ assessments of the risk that
program resources will inadvertently provide a benefit to terrorist groups, their members, or their
supporters. Additional countries could be added if the implementing program office, through its
risk assessment process, assesses it is necessary to mitigate risk of foreign assistance or
Department programs or activities inadvertently benefitting terrorist organizations or their
supporters, subject to consultation with the Appropriations Committees, consistent with
requirements in the annual appropriations acts for any significant expansion of the RAM vetting
program. With respect to programs within each of these countries, the Department conducts a
program-specific analysis and determines whether vetting is the appropriate risk-mitigation
method for a particular award. Government-to-government assistance, and contributions to
Public International Organizations, nonproliferation programs, other U.S. Government agencies,
or the National Endowment for Democracy are not subject to vetting under this program.
Pre-Award Vetting and Source Selection.
The Department applies name-check vetting to acquisitions and foreign assistance in countries,
as needed, where the risk has been determined to necessitate the practice.
Offerors (potential recipients of contract or grant funds) applying or competing for State
Department funding are made aware of the security screening requirement prior to application;

14 FAM 247

when an acquisition, grant, contract, or cooperative agreement is subject to name-check vetting,
a provision in the solicitation will notify offerors of the vetting requirements and procedures.
Vetting for contracts and grants is conducted prior to award, often when the Department
establishes the competitive range (see 48 CFR 15.306(c)).3 For indefinite contracts – those that
provide an indefinite quantity of supplies or services during a fixed period – vetting will take
place before the basic contract is awarded, in anticipation of potential orders. For all other
contracts, including those that qualify as simplified acquisitions or sealed bids, the Contracting
Officer determines the appropriate timing to require offerors to submit individuals for vetting.
When the Department decides to move forward with vetting an offeror, the offeror will be
instructed to submit the completed Risk Assessment Information Form, DS-4184 (all DS-4184
form submissions are made through the internet-based RAM Portal). The information collection
tool (DS-4184) identifies the biographic information required for the key individuals of the
offeror, required subcontractors, and, if applicable, beneficiaries. (Note -- no biometric
information, such as fingerprints, are collected.) Offerors are informed that key individuals
include principal officers of the organization’s governing body (e.g., chairman, vice chairman,
treasurer and secretary of the board of directors or board of trustees), the principal officer and
deputy principal officer of the organization (e.g., executive director, deputy director, president,
vice president), or the program manager for the U.S. government-financed program, and any
other person with significant responsibilities for administration of the U.S. government-financed
activities or resources.
U.S. persons’ (U.S. citizens and lawful permanent residents) information submitted through the
RAM Portal is subject to the Privacy Act of 1974, as well as other authorities and guidance
pertaining to information security, disclosure, and disposition. While non-U.S. persons’

Competitive Range refers to those offerors whose proposals meet a minimum threshold and have a reasonable chance of being selected for
award.
information is not protected under the Privacy Act, the Department aims to provide robust
privacy protections for individuals regardless of the citizenship status of the record holder. The
Department takes the responsibility to protect personal information seriously, particularly in
contexts where there is increased risk for participants. The Portal that the Form is submitted
through is housed within Department of State servers and access is strictly controlled. The
vetting office’s systems are also subject to auditing under the Federal Information Security
Modernization Act (FISMA), which requires specific infrastructure for the provision of
information security.
Once all information is submitted through the RAM Portal, the vetting official4 uses multiple
commercial and investigative databases, public search engines, and both unclassified and
classified systems operated by the Department and other U.S. government agencies to complete
the name-check vetting. The RAM vetting official is also responsible for responding to questions
from offerors about information to be included on the Form.
Upon completion of the vetting, the RAM vetting official conveys the vetting results of each
vetted offeror to the relevant Department program office. The RAM vetting office will only
identify and provide to the program office derogatory information with a potential nexus to
terrorism activities or violations of United States policy (i.e. human rights violations or
sanctioned individuals/entities); other potentially unfavorable information (e.g., disorderly
conduct, speeding tickets, or a criminal conviction for operating a motor vehicle while
intoxicated) would not be provided to the program office. A name-match alone would not
typically be considered sufficient evidence that a key individual has derogatory information. The
program office makes the ultimate decision regarding whether to move forward with an offeror,
and vetting is only one factor among many that go into making this decision.

Namecheck vetting officials are U.S. citizen employees of the Department in the RAM office not involved in the source selection process and
operate under agency guidance at 14 FAM 247.
The Department’s counterterrorism vetting program was designed to avoid adding a significant
amount of time to the contracting and grant process. The process was also designed to avoid
delays in an award, and the typical vetting case takes, on average, fewer than 14 days. Source
selection proceeds separately from vetting, meaning that the name-check process for vetting
occurs concurrently to other review processes. Generally, the Department finds there is no backand-forth between the offeror and the RAM vetting office after the offeror completes and
submits the DS-4184 except in limited circumstances when the RAM vetting office must recontact the offeror to request missing information. In circumstances when derogatory
information is identified and the program office informs the offeror that they are ineligible for
the award, the offeror is entitled to request a redetermination of the decision and to provide
additional documentation or explanation that may be used to make a revised determination.
However, due to the sensitive nature of much derogatory information, the Department does not
generally share such information with offerors if vetting is the cause of the Department’s
decision to not move forward with an offeror.
During the 5-year period of the pilot program, 4.6% of offerors had key individuals found to
have derogatory information, and 2.98% were ultimately deemed to be ineligible to participate in
the award.
Offerors who change any key individuals for any reason must submit their revised DS-4184
through the RAM Portal as soon as possible to allow for vetting of individuals not previously
vetted. Name-check vetting may also be required for subcontractors and subgrantees. In most
circumstances, only those subcontracts and subgrants for which consent is required in
accordance with FAR clause 52.244–2 will be subject to name-check vetting. The contracting
officer will not consent to a subcontract or subgrant until the subcontractor and subgrantee’s key
individuals have completed vetting. When the Department considers it appropriate, additional
subcontracts for certain classes of items (supplies and services) that are considered higher risk
may also be subject to vetting, even if Contracting Officer consent is not required. These classes

of items will be identified in the solicitation, and the offeror will be responsible for ensuring that
subcontracts at any tier are vetted through the RAM process before placing the subcontracts. In
practice, this typically requires the prime contractor to include all known subcontractors when
responding to the Department’s solicitations. During this pre-award stage, offerors may either
collect the necessary key individual information from subcontractors and subgrantees and
directly submit it through the RAM Portal, or the subcontractors and subgrantees may submit it
directly through the RAM Portal.
Post-Award Vetting
Per 14 FAM 247, all grantees and contractors (including subgrantees and subcontractors) subject
to initial vetting must resubmit individuals for vetting annually or when they replace key
individuals with individuals who have not been previously vetted for that contract or grant.
Previously vetted offerors and their key individuals are also subject to vetting when responding
to solicitations for new grants or contracts for which the Department deems vetting an
appropriate risk mitigation measure.. However, because vetting is valid for one year, individuals
submitted on multiple awards within a given year will only be vetted one time if the same
personal information is submitted. Additionally, when vetting is determined to be appropriate for
a given award as identified in the initial solicitation, the Department can require vetting at any
time post-award at the Department’s discretion, including for the final beneficiaries of the award.
Questions for the Public
The Department of State welcomes public comment on the discussion of existing RAM vetting
processes as described above, but the Department would particularly benefit from commenters
addressing one or more of the following questions with detailed explanations of the reasoning,
data, or experiences informing their perspective.
Costs Associated with Name-Check Vetting

Under OMB Control NO. 1405-0204, the Department of State has historically estimated that it
takes, on average, 90 minutes for a respondent (i.e., an offeror) to fully complete the DS-4184
and to submit it through the RAM Portal. The Department estimates the average offeror submits
information on five key individuals (and notes that this has ranged between one and 50
individuals), and the 90 minute estimate is inclusive of all the time it takes to learn the relevant
instructions and information requirements, gather all necessary information and documentation
from key individuals (including subcontractors and subgrantees), and compile that information
into the RAM Portal and submit it to the Department.
1. Is our time estimate accurate for your organization? If not, please provide us an estimate
of the time that your organization expends submitting a completed DS-4184 through the
RAM Portal. This estimate may include some or all of the following factors, and
commenters are encouraged to provide a specific breakdown of each element of the time
commitment:
I.

The time spent learning the requirements for RAM Vetting, including reading
relevant instructions, understanding which individuals qualify as reportable key
individuals, and learning how to navigate the RAM Portal.

II.
III.

The time spent explaining vetting requirements to all key individuals.
The time each key individual of your organization, as well as subcontractors and
subgrantees, or final beneficiaries expends gathering the necessary information
and documentation to be responsive to the information collected on the DS-4184.

IV.

Any travel time directly associated with developing the information necessary to
be responsive to the DS-4184.

2. Are there additional time or financial costs that are routinely incurred while responding to
or submitting the DS-4184 that we have not previously captured?

3. On average, how many individuals does your organization include per submission for
vetting? Please consider submissions of key individuals, subcontractors and subgrantees,
and final beneficiaries who are required to submit vetting information in your estimate.
4. Have vetting requirements resulted in prospective grantee or contractor organizations
choosing to not participate or drop out of the application process because of:
I.

Concerns regarding the cost, capacity, or ability to develop or gather the
necessary identity documentation or biographic information about their key
individuals or other vetted parties?

II.

Other reasons associated with difficulty or inability to comply with vetting
requirements? Please provide those reasons.

5. What financial costs, if any, has your organization incurred associated with maintaining
appropriate information technology or physical filing systems for protecting the
biographic information that must be collected prior to completing the DS-4184?
Current RAM Vetting Procedures
As described in the background section, the entire RAM vetting process takes, on average, fewer
than 14 days, typically does not require significant back-and-forth between the offeror and the
Department of State, and occurs concurrently to other review processes the program office is
conducting.
1. In your organization’s experience or in your understanding of other organizations’
experiences:
I.

How frequently does RAM vetting require contacting the Department of State
prior to submission of the DS-4184 in the RAM Portal to seek clarification
regarding information that needs to be submitted or other challenges with
navigating the RAM portal?

II.

How frequently does RAM vetting involve the Department following-up with
your organization after initial submission to request additional information or
documentation? How much additional time is typically involved in responding to
and submitting any follow-up requests for additional information?

III.

Has your organization ever requested reconsideration of an initial determination
of ineligibility? Was your organization able to provide the necessary explanation
or additional documentation to successfully revise the Department’s original
determination of ineligibility?

2. How might the Department structure the reconsideration or appeals process to provide
offerors adequate opportunity to rebut an initial determination of ineligibility due to
derogatory information? What type of feedback from the Department would help allow
the offeror to provide more effective documentation or explanation when requesting a
reconsideration?

Seth E. Green,
Deputy Assistant Secretary,
Logistics Management,
U.S. Department of State.

Billing Code: 4710-24

[FR Doc. 2024-14127 Filed: 6/28/2024 8:45 am; Publication Date: 7/1/2024]