[Amadou]

If that's what's going on, then it is pure CYA. There is no practical difference between a contractor and a direct employee. Yes it seems like security clearance vetting has been outsourced (for contractors only?) in recent years. But assuming everybody did their job right an employee is no more trustworthy than a contractor.

I'm entirely willing to believe it is CYA - based on my experience working classified programs practically all security procedures are CYA: Provably follow the checklist and you won't get fired if something goes wrong. Don't worry that the checklist is full of holes like swiss cheese, the checklist is more important than actual security.