For many federal employees a security clearance is a requirement of employment. When a clearance is denied or revoked after the appeals process is exhausted, the federal agency will often move forward with a proposal to remove the employee from their position unless a suitable reassignment is available.
Because of this risk, it is extremely important for federal employees to actively protect and defend their security clearance at the earliest stage of a security investigation or denial.
At Berry & Berry, PLLC, our attorneys regularly represent federal employees nationwide in security clearance matters and federal employment disputes. Learn more about our federal employment practice.
What Happens When a Federal Employee Loses a Security Clearance?
Many federal positions, particularly in defense, intelligence, and law enforcement require an active security clearance as a condition of employment. If an employee ultimately loses that clearance, the agency must determine whether:
The employee can be reassigned to another position that does not require a clearance, or
The agency may remove the employee from federal service.
In many cases, reassignment options are limited or unavailable, which means that removal from federal employment becomes the likely outcome.
This reality highlights why it is essential for federal employees to seek legal advice early in the security clearance process before a security clearance is lost.
Our firm represents federal employees in matters involving security clearance investigations, denials, revocations, and appeals. Learn more about security clearance representation.
MSPB Appeals After a Security Clearance-Based Removal
Federal employees who are removed from their positions due to the loss of a security clearance often ask whether they can appeal the decision to the Merit Systems Protection Board (MSPB).
However, MSPB review in these types of cases is extremely limited.
The Supreme Court held in Department of the Navy v. Egan, 484 U.S. 518 (1988) that the MSPB generally does not have the authority to review the underlying merits of a security clearance determination. The Federal Circuit later reaffirmed this principle in Cheney v. Department of Justice, 479 F.3d 1343 (Fed. Cir. 2007).
In other words, the MSPB typically cannot second-guess a federal agency’s decision to deny or revoke a security clearance.
Limited Issues the MSPB May Review
Although the MSPB cannot review the security clearance determination itself, the Board may consider certain procedural issues related to the employment action.
For example, the MSPB may evaluate:
- Harmful procedural error that could have changed the outcome of a case (i.e. not following Agency policy).
Whether the agency had a formal policy requiring reassignment of employees who lose their clearance.
Whether a suitable reassignment position existed at the time of the removal.
Why Early Legal Representation Matters
Because the ability to challenge a removal based on a security clearance denial is limited, it is critical for federal employees to respond proactively to security clearance concerns.
Early legal guidance may help:
Address issues raised during the background investigation
Respond to a Statement of Reasons (SOR)
Prepare for security clearance hearings or appeals
Develop mitigation strategies under the Adjudicative Guidelines
Our attorneys at Berry & Berry, PLLC focus on representing federal employees in security clearance and federal employment law matters nationwide.
Contact a Federal Employment and Security Clearance Lawyer
If you are facing a security clearance denial, revocation, or federal employment action, it is important to seek legal guidance as early as possible.
Each security clearance case and federal employment matter involves unique facts, procedures, and deadlines.
Berry & Berry, PLLC represents federal employees, contractors, and military personnel in security clearance and federal employment matters throughout the United States.
📞 Phone: (703) 668-0070
🌐 Website: https://www.berrylegal.com
📩 Or visit our Contact Page to request a consultation:
Contact Berry & Berry, PLLC
IT violations and security clearance risks under Guideline M
Misuse of information technology (IT) is a common and often underestimated reason security clearances are denied or revoked. Many clearance holders assume IT violations are merely workplace issues, but under Security Executive Agent Directive 4 (SEAD 4), improper use of IT systems is evaluated under Guideline M and can place a clearance at serious risk. This can happen even when no classified information is involved, and even when the conduct occurs on unclassified or employer-provided systems.
As a security clearance attorney, I regularly see otherwise strong cases jeopardized by avoidable IT and AI-related mistakes.
Why IT Misuse Is a Serious Security Clearance Issue
The government relies on cleared personnel to handle sensitive information responsibly and follow rules designed to protect national security systems. Misuse of IT systems raises concerns about judgment, reliability, trustworthiness, and willingness to comply with rules. Guideline M is not limited to classified systems. It applies broadly to the improper use of any government or employer-provided information system, including unclassified networks.
Common IT Violations That Trigger Guideline M Concerns
Some of the most frequent problems I see include:
- Downloading or transferring data without authorization
- Using removable media without required approval
- Accessing systems or data without a valid need-to-know
- Circumventing security controls or monitoring systems
- Sending sensitive information through unauthorized email accounts
- Using government systems for prohibited personal activities
- Installing unauthorized software or applications
- Inputting sensitive data into unauthorized AI tools
- Bringing personal mobile devices into secure areas without permission
In many cases, individuals do not view their conduct as serious misconduct until it becomes a clearance issue.
Does Intent Matter in Guideline M Cases?
Not entirely. Adjudicators distinguish between intentional misconduct and negligent or careless behavior, but both can raise concerns. Knowingly bypassing security controls or accessing data without authorization is potentially very damaging. However, repeated carelessness or failure to follow IT policies can also suggest poor judgment. An adjudicator may see potential risks for both intentional and negligent IT security issues.
One-Time Mistakes vs. Patterns of Behavior
As with other adjudicative guidelines, frequency and recency matter. A single, isolated incident (or a few smaller incidents) especially where they were promptly reported and corrected is far easier to mitigate than a pattern of violations that were discovered by an agency or employer.
Multiple incidents, even minor ones, can indicate disregard for rules and procedures. That pattern can be more damaging than one serious lapse.
Why Failing to Report IT Violations Makes Things Worse
Failure to report an IT violation often creates a larger problem than the violation itself. Many clearance holders harm their cases by attempting to minimize, conceal, or “handle quietly” an incident that later comes to light. Unreported misconduct can raise Personal Conduct (Guideline E) concerns in addition to Guideline M issues. When an incident occurs, timely self-reporting and cooperation matter. Reporting the issue is critical. However, if the situation involves criminal issues you will want to consult with counsel immediately.
How Does Emerging AI Use Affect a Security Clearance?
Unauthorized use of artificial intelligence (AI) tools can raise serious security clearance concerns. We are increasingly seeing cases where individuals input sensitive or classified information into unauthorized AI systems, leading to investigations and potential clearance revocations.
Clearance holders must understand applicable policies, seek guidance from supervisors or security officers, and think carefully before using any AI system with work-related information. While AI may eventually be integrated into approved government systems, that is not the current reality for most clearance holders.
How Guideline M Concerns Can Be Mitigated
Mitigation of Guideline M cases focuses on responsibility and corrective action. Helpful factors include:
- Prompt self-reporting of the incident
- Cooperation with security and IT personnel
- Evidence the conduct was isolated or unintentional
- Completion of remedial training
- Additional efforts to show that you won’t repeat the same mistakes again
- Clear understanding of policies going forward
- Passage of time without further incidents
Adjudicators want to see that the issue is understood and unlikely to recur.
When to Speak with a Security Clearance Attorney
If you are unsure whether an IT incident must be reported or how it may affect your clearance, it is important to seek guidance before taking action. Early legal guidance can help protect both a clearance holder’s rights and their long-term eligibility. When security concerns arise involving potential misuse of information technology, it is important to get legal advice quickly. Clearance holders have multiple duties to the government, their employers (and also to themselves). Navigating a difficult situation involving IT misuse often requires advice from professionals.
Frequently Asked Questions
Can unclassified IT misuse affect my security clearance?
Yes. Improper use of employer or government information systems can raise concerns under Guideline M even when no classified information is involved. Misuse of unclassified networks, systems, or data can still reflect poor judgment, unreliability, or unwillingness to follow security rules, all of which are relevant to clearance eligibility.
What is Guideline M (Use of Information Technology Systems)?
Guideline M is the adjudicative guideline used to evaluate misuse of information technology systems during the security clearance process. It focuses on whether an individual’s conduct demonstrates poor judgment, unreliability, or a lack of willingness to comply with rules designed to protect information systems, whether classified or unclassified.
Do I have to report an IT policy violation if it seems minor?
Often, yes. Failure to report an IT violation can create more serious clearance problems than the underlying conduct itself. Unreported misconduct may raise additional concerns under Guideline E (Personal Conduct). When in doubt, follow reporting requirements and seek guidance promptly rather than attempting to handle the issue quietly.
Does one IT mistake automatically revoke a security clearance?
No. A single mistake does not automatically result in clearance revocation. Adjudicators consider the totality of the circumstances, including frequency, recency, and response. An isolated incident that is promptly reported and corrected is generally easier to mitigate than repeated violations or attempts to conceal misconduct.
Does intent matter in Guideline M cases?
Intent matters, but it is not the only factor. Intentional misuse of IT systems can be especially damaging, but repeated carelessness, negligence, or failure to follow IT policies can also raise serious security concerns. Both intentional and negligent behavior may negatively affect clearance eligibility.
Can using AI tools jeopardize a security clearance?
Yes, if the AI tool is not authorized or if sensitive, proprietary, or classified information is entered into it. Clearance holders should follow applicable policies, seek guidance from supervisors or security personnel when uncertain, and avoid using AI tools with work-related information unless explicitly permitted.
What factors help mitigate Guideline M concerns?
Mitigating factors may include prompt self-reporting, cooperation with security and IT personnel, evidence that the conduct was isolated or unintentional, completion of remedial training, demonstrated understanding of applicable policies, and the passage of time without further incidents.
When should I contact a security clearance attorney about an IT incident?
It is often advisable to contact a security clearance attorney promptly when an IT incident could affect clearance eligibility, involves allegations of intentional misconduct, includes potential criminal issues, or when you are unsure how to report or respond. Early legal guidance can help protect both your rights and your clearance.
