Steady State Letter To House Committee
December 30, 2025
The Honorable Andrew Garbarino
Chair, Committee on Homeland Security
United States House of Representatives
Washington, DC 20515
The Honorable Bennie Thompson
Ranking Member, House Committee on Homeland Security
United States House of Representatives
Washington, DC 20515
Subject: DHS Handling of an Unfavorable Polygraph Involving the Acting CISA Director
Dear Chairman Garbarino and Ranking Member Thompson:
I write on behalf of The Steady State, a nonprofit advocacy group composed of former national security professionals regarding the Department of Homeland Security’s (DHS) handling of a polygraph examination involving the Acting Director of CISA, Mr. Madhu Gottumukkala. Our members include former senior officials, attorneys, and security professionals who have served across the Intelligence Community (IC) and DHS. Throughout our careers, we operated within the rule-of-law framework governing access to classified information and personnel security determinations, and we recognize the critical importance of consistent, apolitical application of those standards to the protection of national security.[1]
According to press reporting[2] Mr. Gottumukkala underwent a polygraph examination (formally, a Counterintelligence Scope Polygraph or “CSP”) in July 2025 as a condition for access to a highly sensitive controlled-access intelligence program.[3] That the examination produced an unfavorable technical result (i.e., “failure”).[4] Despite this outcome, DHS appears to have taken no publicly known steps to adjudicate the associated security implications under applicable IC policy. At the same time, DHS placed six career employees involved in facilitating the polygraph on administrative leave and suspended their access to classified information.
Under governing authorities—including Executive Orders, Security Executive Agent Directives (SEADs), Intelligence Community Directives (ICDs), and Intelligence Community Policy Guidance (ICPGs)[5]—access to controlled-access intelligence programs is determined solely by the originating IC element. When such an element requires a CSP as a condition of access, the receiving agency (neither DHS nor CISA in this case) has authority to waive that requirement. Career personnel tasked with facilitating those requirements are executing binding IC policy, not exercising discretionary judgment.
National Security Adjudicative Guidelines (SEAD-4) makes clear that while adverse action may not be based solely on a polygraph’s technical result, agencies are required to assess any underlying information, disclosures, or concerns using the adjudicative guidelines and a whole-person review. To date, there is no public indication that DHS has conducted such an adjudication in this case, even as the Acting CISA Director remains in a position of extraordinary trust.
The apparent failure to adjudicate a potentially disqualifying security issue involving a senior official—while simultaneously disciplining career staff for implementing IC-mandated access requirements—raises serious concerns regarding consistency, politicization, and potential national security risk. Given CISA’s critical role in protecting federal cybersecurity and national infrastructure, this matter warrants prompt and thorough oversight.
Accordingly, The Steady State urges the House Committee on Homeland Security to require the Secretary of Homeland Security and other relevant DHS officials to provide a full accounting of this matter.
We suggest that the Committee pose the following questions to Secretary Noem in furtherance of your oversight of this incident:
1) What agency administered Mr. Gottumukkala’s CSP examination?
2) What written advisories, consent forms, and briefings did Mr. Gottumukkala receive and sign prior to the CSP examination, and did those documents explicitly state that successfully completing the examination and receiving a favorable eligibility determination were prerequisites for access to the classified information he sought?
3) What were the technical particulars of the unfavorable polygraph results. For example, was deception indicated in response to the examiner’s questions, or did the examination result in inconclusive results (i.e., “no opinion”)? Did Mr. Gottumukkala disclose information relevant to any of the adjudicative criteria as outlined in SEAD4?
4) How has DHS implemented SEAD‑4, SEAD‑2, ICD 704, and ICPG 704.6 with respect to Mr. Gottumukkala’s case, including when adjudicative personnel were notified of the polygraph results, what additional investigative steps were taken, and whether any interim risk‑management measures were considered or imposed.
5) If no action has been taken to review the polygraph results and any associated adverse information or to render a national security eligibility determination based on that information, identify who decided not to proceed with such a review and on what basis, given the Director of National Intelligence policies regarding adjudication of potentially disqualifying information for individuals holding sensitive positions with access to classified information.
6) What internal DHS or CISA policies governed the approval of Mr. Gottumukkala’s access to the controlled access program, including any requirements that access requests for such programs be validated by an independent official rather than by the subject of the request, and how were those policies applied when Mr. Gottumukkala signed his own read-in request after a prior request had been denied for lack of need-to-know?
7) Since January 2025, how many DHS personnel have been subjected to specific issue polygraph examinations in connection with alleged leaks or unauthorized disclosures, or CSP examinations, and how many of those examinations produced unfavorable technical results and/or disclosures of information relevant to adjudicative guidelines in accordance with SEAD4? In how many of those cases did DHS suspend, reassign, or remove the employee pending adjudication?
8) What specific statements or actions by the six CISA employees led DHS to allege that they “provided false information” or “misled incoming CISA leadership” regarding the existence of a polygraph requirement for access to the controlled access program?
9) Please provide the dates and copies of all written communications, taskings, and approvals related to scheduling and authorizing Mr. Gottumukkala’s CSP, including any guidance those six employees received from senior CISA or DHS officials.
10) What DHS and CISA policies or regulations did DHS rely upon in suspending the six employees’ access to classified information and placing them on administrative leave, and how do those policies reconcile with ICPG 704.6 and related IC guidance requiring compliance with the originating agency’s access preconditions?
11) For each of the six employees placed on leave, what was their role in the polygraph process (e.g., security officer, action officer, front‑office staff), and did any of them have independent authority to order a CSP, or were they executing decisions made by senior leadership?
12) Since January 2025, in how many cases have DHS or CISA employees been placed on administrative leave or had their clearances suspended for taking steps to implement IC‑imposed security requirements (such as polygraph conditions for access), and what guidance has DHS issued to ensure that carrying out such requirements does not expose career staff to retaliation?
13) What opportunities have the six employees been given to review the allegations against them, respond in writing, and seek review of the suspension of their access and placement on administrative leave, and what is the current status of each case?
We thank the Committee for its continued attention to conducting meaningful oversight of the Department of Homeland Security.
Respectfully,
Steven A. Cash
Executive Director
The Steady State
212.685.9660
[1] Members of this Committee have already raised closely related concerns with DHS. On December 23, 2025, Ranking Member Bennie G. Thompson, along with Ranking Members James A. Himes and Eric Swalwell, transmitted a formal letter to Secretary Kristi Noem demanding a briefing regarding the suspension of career CISA employees following Mr. Gottumukkala’s unfavorable polygraph. That correspondence underscores that the issues described below are not isolated or speculative but are already the subject of active committee scrutiny and unresolved oversight concerns.
[2] Sakellariadis, John, Acting CISA Director Madhu Gottumukkala Failed Polygraph, Prompting Internal Investigation, Politico (Dec. 21, 2025).
[3] “There are three types of polygraph examinations which may be used as a component of personnel security vetting programs: Counterintelligence (Cl) Scope Polygraph (CSP) examinations, Expanded Scope Polygraph (ESP) examinations, and Specific Issue Polygraph (SIP) examinations…. CSP examinations may be conducted as part of initial personnel security vetting and may be administered at periodic or aperiodic intervals in support of reinvestigations or continuous evaluation. CSP examinations shall cover the topics of espionage, sabotage, terrorism, unauthorized disclosure, or removal of classified information (including to the media), unauthorized or unreported foreign contacts, and deliberate damage to or malicious misuse of U.S. Government information systems or defense systems.” Intelligence Community Policy Guidance 704.6, Conduct of Polygraph Examinations for
Personnel Security Vetting. Emphasis added.
[4] In public discussion, this has been described as a “failed” polygraph, but in federal personnel security practice, there is no simple pass/fail standard: polygraph examinations produce technical calls (for example, deception indicated/significant response, no deception indicated/no significant response, or no opinion) that may trigger additional security review when they are accompanied by adjudicatively significant information.
[5] EO 12968 and EO 13526 are the core government‑wide orders on eligibility for access to classified information and on classification/special access programs. ICD 704, ICPG 704.6, and SEAD 2 are the central IC issuances on personnel security standards and polygraph usage supporting access to SCI and other controlled access programs.
[i] This letter was subject to Prepublication review by the Executive Branch (PCRB), and was approved. That approval included the following: “PCRB review does not represent Agency endorsement or verification and submitters typically are required to append our official disclaimer to their works. PCRB will waive that requirement if your letter is sent directly to Representatives Garbarino and Thompson. However, if it will be published or shared more broadly-such as via a news outlet or website-you must append the following wording: “All statements of fact, opinion, or analysis expressed are those of the author and do not reflect the official positions or views of the US Government. Nothing in the contents should be construed as asserting or implying US Government authentication of information or endorsement of the author’s views.”