Industry Team

1

Industry Team

2

Agenda

• Industry Team

• Q’ s Tips

• CAF Consolidation

• PSMO Portal

• Call Center Transition

• JPAS Documentation

• Account Requirements

• CATS Portal

• eQIP by Design

• DEERS/PDR Update

• JVS System Modifications

• Policy Updates

• SWFT

DSS/Industry Team Working Group

3

The JPAS Industry Team (est. 2004)

• Renita “Toni” MacDonald (Boeing)

• Tanya Elliott (Analyst Warehouse)

• Quinton Wilkes (L-3 Communications)

• Steven Burke(Lockheed Martin)

• Rene Haley (Northrop Grumman)

• Susie Bryant (Raytheon)

• Carla Peters-Carr (Northrop Grumman)

• Shala Romandelvalle (BAE Systems)

• Sheila Garland (Ball Corporation)

Industry Team

4

Q’ s Tips

• A forum utilized to assist the Industrial Security community with additional guidance, training, and application for use of government databases and processes affecting industry

• Located in members only section on NCMS website

• E-mail links to Industry Team members

• E-mail links to ask questions re: JPAS and SWFT

• Hot Topics

• Upcoming Training

NCMS Board of Directors Industrial Security Professionals Certified (ISP) Gov’t & Industry Committee Chair Industry Team Subcommittee Chair NCMS Presidential Award Winner

Industry Team

5

DoD CAF Consolidation Defense Adjudication Activities Facility

WHS CAF

Joint Staff

CAF

DISCO

DOHA

Adj

Air Force

CAF

Army CCF

Navy CAF

Note: DoD CAF Consolidation does not include: DIA, NGA, NRO, NSA, or DOHA-AJ

Industry Team

6

RKB – International Functions

• Outgoing Visit Requests-Cleared (US)

• Security Assurances (Cleared)

• NATO Security Clearance Verification (Foreign)

• Limited Access Authorization requests

• Foreign FSC Verifications

Industry Team

7

Personnel Security Management Office for Industry (PSMO-I)

Liaison to DoD CAF

Personnel Clearance

Processing

PCL Oversight

Interim Suspension

NISP Rqmts

e-QIP submissions

e-Fingerprints

Interim Clearances

Customer Support

Clearance System Records Data Management

Incident Report Oversight

PCL Eligibility/Access

Non-disclosure Agreement (SF-312)

increased visibility efficiency

timeliness

collaborative effort

systematic vision

centralized communication

streamlined processes

PSMO-I

Overdue PRs

Industry Team

8

JPAS, SWFT, DCII, and non-Industry e-QIP call center functions have transitioned from the DSS Call Center to the DMDC Contact Center.

DMDC Contact Center:

• Contact Information – 1-800-467-5526

– dmdc.contactcenter@mail.mil

– dmdc.swft@mail.mil

• Menu Options: 1 – JPAS

2 – e-QIP (Non-Industry)

3 – SWFT

4 – DCII

5 – Personnel Security Inquiry

6 – General Inquiry / Contact Center Information

Call Center Transition

DSS Call Center:

• Contact Information – 1-888-282-7682

– call.center@dsshelp.org

• Menu Options: 1 – STEPP/ISFD/Industry ONLY e-QIP Account

Lockout or Password Reset

2 – Personnel Security or Facility Clearance Inquiry

4 – e-QIP

5– STEPP

6 – ISFD

8 – General Inquiry / Call Center Contact Information

Click here for the DMDC PSSAR Click here for the DSS SAR

Industry Team

9

Channels of Communication

VOI

DSS Webinar

DMDC PSA

JPAS Website

JPAS PMO meetings

E-Mail Listserv ISFD CDSE Flash JPAS SMO emails AskPSMO-I Webinar Participants

Briefings to Industry

NCMS

DSS Website

Industry Team

10

DSS PSMO-I Update

• Research, Recertify, and Upgrade Actions

– Research

• Research requests will be forwarded to the PSMO-I for action regarding any front end submission process concerning Interim eligibilities, overdue PR notifications and SF 312 processing. They can also be submitted for any official requests for information by the PSMO-I.

– Recertify/Upgrade

• Recertify requests will be used by the DoD CAF to assist in any adjudicative action, issues or responding to official requests for information by the DoD CAF. When requesting the reciprocity of eligibility please submit an Upgrade Request to the DOD CAF-Industry Division.

Industry Team

11

New Industry Guidance on Submitting Periodic Reinvestigations

• Effective April 10, 2014, the Defense Security Service (DSS), Personnel Security Management Office for Industry (PSMO-I) will accept requests for periodic reinvestigations that are within 90 days of the investigation anniversary date. This is a change from the current 30 day timeframe and reinstates the previous 90 day submission window.

• Please see the following site for additional information: http://www.dss.mil/psmo-i/indus_psmo-i_updates.html

Industry Team

12

Break in Access vs. Break in Employment • Break in access is the point when a cleared employee no longer has a requirement to have

access to classified information.

• If an employee no longer has a requirement to access classified information, remains employed by the contractor, and there is a “reasonable” expectation that the employee will require access to classified information again in the future then complete the following actions in JPAS:

– “Debrief” the employee from access

– Maintain an owning relationship of the employee’s eligibility record in the JPAS Personnel Security Management Network (PSM Net) until a separation action is necessary

• The contractor should debrief the employee.

• If the employee is no longer in your PSM-Net, then the contractor should not submit a request for a PR and is not required to provide refresher training to the employee.

• The contractor should continue to submit adverse information reports in accordance with NISPOM 1-302a (and the clarifying guidance in Industrial Security Letter 2011-04) by using the “Report Incident” feature in JPAS for any employee eligible for access to classified information, regardless of whether the employee currently has access to classified information.

Industry Team

13

Break in Access vs. Break in Employment

• If the employee no longer has a requirement to access classified information, remains employed, and there is “no reasonable” expectation that the employee will require access again while employed by the company, then complete the following actions in JPAS:

– “Debrief” the employee from access

– Add a separation date to the record

– Out-process the employee’s eligibility record from the PSM Net

• The contractor should debrief the employee.

• If the employee is no longer in the contractor’s PSM-Net, then the contractor should not submit a request for a PR and is not required to provide refresher training to the employee.

• The contractor should continue to submit adverse information reports in accordance with NISPOM 1-302a (and the clarifying guidance in Industrial Security Letter 2011-04) by using the “Report Incident” feature in JPAS for any employee eligible for access to classified information, regardless of whether the employee currently has access to classified information.

Industry Team

14

Break in Access vs. Break in Employment • Break in employment is the point when a cleared contractor terminates the employment

of an employee with eligibility for access to classified information regardless of the reason for the termination, and regardless of whether the termination was initiated by the company, the employee (e.g., by resignation), or by mutual agreement of the company and the employee.

• When a contractor terminates the employment of an employee who is eligible for access to classified information at the time of termination, the contractor must complete the following actions in JPAS:

– “Debrief” the employee from access (Note: this is the verbiage in JPAS for removing access)

– Add a separation date to the record

– Out-process the employee’s eligibility record from the PSM Net

• The contractor should debrief the employee prior to departure from the company.

• When an employee who previously was eligible for access to classified information has had a break in employment greater than 24 months, the employee cannot be granted access to classified information until the employee has undergone a new (initial) investigation, regardless of the recency of any prior personnel security investigation.

Industry Team

15

JPAS Documentation

• JPAS Account Management Policy

– Procedures Governing Use of JPAS by cleared Contractors

• Appendix A: of JPAS Account Management Policy

• JPAS Account Request Procedures

• JVS Modifications

• JPAS Points of Contact

• JPAS Policy Guidance

• All documentation can be found via links on DMDC/JPAS Login screen

Industry Team

16

JPAS Account Requirements

• Clearance Requirements – The minimum requirement for JPAS access is Secret eligibility. Levels 2, 3 and 8 require an SSBI at

minimum.

• Training Requirements – JCAVS / Cyber Awareness / PII

• Personnel Security System Access Request (PSSAR) Form – You must read the Account Management Policy before you can access the PSSAR.

– Initial accounts for Primary Account Managers - send to the DMDC Contact Center

– Subsequent accounts - send to appropriate JPAS Account Manager

• Letter Of Appointment (LOA) – Required for ALL Industry Account Managers

• Note: Account Managers are responsible for keeping PSSAR forms and training certificates (in case of audit or incident)

Industry Team

17

JPAS Account Requirements

• AS A FUTURE OR CURRENT JPAS ACCOUNT HOLDER, WHAT SHOULD I DO TO GAIN ACCESS TO OR MAINTAIN MY JPAS ACCOUNT?

– The Defense Manpower Data Center (DMDC) Contact Center is unable to process a Personnel Security System Access Request (PSSAR) for applicants with no Owning or Servicing relationship in JPAS. When DMDC Contact Center receives a PSSAR for an applicant who is missing the required owning or servicing relationship in JPAS but has met all other requirements, the DMDC Contact Center will send the request to the DSS Facility Clearance Branch (FCB), who will establish a temporary 30-day servicing relationship for the applicant to facilitate creation of their JPAS account. FCB will notify the Facility Security Officer (FSO) of the action taken and the facility must establish a servicing or owning relationship with that subject under their own Security Management Office (SMO) within the 30-day timeframe or the account will be deleted.

Industry Team

18

Required Training

• JPAS/JCAVS Virtual Training for Security Professionals STEPP course PS123.16

http://www.dss.mil/cdse/catalog/elearning/PS123.html

– JCAVS LEVEL 7 and 10 USERS ONLY (in place of JCAVS training above):

Introduction to Personnel Security, STEPP course PS113.16 http://www.cdse.edu/catalog/elearning/PS113.html

• Cyber Security Awareness/Information Assurance Course(2 options) http://iase.disa.mil/eta/cyberchallenge/launchPage.htm

Annual security training provided by the cleared service/company/agency

• Personally Identifiable Information course (2 options) http://iase.disa.mil/eta/piiv2/disapii201/module.htm http://www.cdse.edu/catalog/elearning/DS-IF101.html (if you have a STEPP account)

Industry Team

19

Personnel Security System Access Request (PSSAR)

Industry Team

20

CATS Portal • Case Adjudication Tracking System CATS– to adjudicate electronic

investigations

– Faster and easier communication between Security Managers , FSOs and DSS/CATS

– Will be able to upload and forward electronic documents (.PDF) to the new DSS PSMO

• Classified Non-Disclosure Agreements (SF-312)

• Incident Reports and supporting documentation

• Other

– DISS PMO conducted demonstrations in December and January

• User Login

• SMO creation, access, management

• Subject record detail

• Incident creation and update

• Manage CAF requests (Former RRU process)

– Version 4 will retool and restructure the adjudication process

• Incorporates HSDP-12 determinations

• Clean Secret cases will be e-Adjudicated

• Non e-Adjudicated will route for human adjudication

Industry Team

21

eQIP by Design

• Working with Industry on pilot program

• Better support and more efficient process

• Quick response on current status

• eQIP process will be eliminated from JPAS

• Will change the Interim Determination process • .eft must be submitted with favorable results

• Could increase granting / declination by one day

Industry Team

22

Impact to Those w/o EDIPN

• ALL Industry persons will be added to the Person Data Repository (PDR) (aka DEERS) in July (exact time has not yet been scheduled) in order to start the data transition from JPAS to JVS and in support of the Industry SIPR token mandates. The Industry identities have been identified and will be loaded in the PDR. All PII modifications will need to be captured not only in JPAS but also officially submitted to the PDR and modified in the PDR. Specific instructions are located on the DMDC PSA JPAS web pages for PII Updates for Industry.

Industry Team

23

Instructions for Name Corrections

1. If the subject's Personal Identifying Information (PII) is incorrect, check to see if the record contains a DoD Electronic Data Interchange Person Number (EDIPN). If not, then FSOs can update the record in JPAS.

2. If the record DOES contain an EDIPN and the Person Category is not Civilian or Military, the FSO or the subject will need to submit official documentation (e.g., passport, birth certificate, SSN card, or marriage certificate) to DMDC to support the change. Call the DEERS Support Office (DSO) at 1-800-538-9552 or the DMDC Contact Center at (800) 467-5526 and tell the Call Center Representative that you need to correct your record for JPAS and the PDR. DSO/DMDC Contact Center will ask you to fax the documentation to 1-831-655-8317 with your case # on the fax. The case # will be provided by the Call Center Representative. You will have 5 calendar days to fax in the supporting documentation or the case will be administratively closed.

In the majority of cases, the Customer Service Representative (CSR) will be able to update the record immediately. It is important to tell DSO the correction is for JPAS and the PDR and make sure you fax the required document(s).

3. The PDR updates JPAS on a monthly basis. This occurs on the day of the employee's birth (e.g., if their birth date is 4/20, the record is updated on the 20th of every month). However, if the subject has an immediate need, the FSO can update the record in JPAS.

4. If the subject's Person Category is Military, Civilian, or Retiree, they will need to personally contact their Personnel Center, milConnect, and/or DFAS to update

Industry Team

24

Verification of Subject Name

JPAS Users whose Last Name and/or First Name in JPAS does not match their PKI Login Credential may receive the following letter from the JPAS Help Desk:

THIS IS YOUR ADVANCE NOTIFICATION THAT DMDC MAY ADMINISTRATIVELY LOCK YOUR JPAS ACCOUNT DUE TO A FIRST OR LAST NAME MISMATCH ON YOUR JPAS RECORD AND LOGIN CREDIENTIAL. YOU HAVE 15 BUSINESS DAYS TO TAKE CORRECTIVE ACTION (if any).

You have been identified as an individual who are using a first or last name mismatched credential to log into JPAS. Please ensure your name is your LEGAL name, NOT YOUR NICKNAME OR MAIDEN NAME, in JPAS. You may need to have your name be corrected in the PDR (aka DEERS) due to a previous or current DoD affiliation. If you have a prior or current DoD affiliation (defined as Common Access Card (CAC) holder issued by the DoD), Military, Civilian, Retiree, prior dependent or sponsor), please see the instructions at the bottom of this email or on the DMDC PSA JPAS web documents. If you have already updated your information and there is no mismatch between your credential and JPAS, thank you.

If JPAS contains the wrong name, update JPAS and possibly the PDR immediately. If your credential contains your old name, please contact us for further instructions. DMDC will not ask that you purchase a new credential if your credential contains the old name. You may continue to use the existing credential until it expires.

Thank you,

JPAS

Industry Team

25

For Informational Purposes

The following characters are NOT allowed for names:

[1] [blank] or NULL for last and first names. You may have a space between letters if there are more than 1 word for a last, first or middle name. For middle names, you can leave blank or put NMN without any special characters.

Examples are:

[A] Last name with a space 'De Long'

[B] This is incorrect (NMN) but this is correct NMN [C] Since all users must have a last name (NLN) is unacceptable

[2] NO SPECIAL CHARACTERS such as:

[A] + (plus sign)

[B] . (period) or .................................................... (many periods) Periods should not be in the last name (SMITH JR. or ST. GEORGE). Last name should be SMITH, suffix should appear as JR (without period) or last name ST GEORGE

[C] any number 0-9

[D] last names with O like Oscar please ensure it's an O not a 0 (zero)

[E] SSNs are not considered last names

[F] Suffix should be in the suffix field and not the last name field (SMITH (JR.). Last name should be SMITH, Suffix should be JR

[G] ( ) (parenthesis)

[H] _ (underscore)

[I] " " (double quotes)

[J]. ** (asterisks)

Characters that are allowed:

1. Alpha characters A - Z, a - z

2. Hyphens are allowed, for example: Johnson-Smith

Industry Team

26

JPAS Present and Future

JPAS Today

Joint Adjudication Management System (JAMS)

+

Joint Clearance Access Verification System (JCAVS)

=

Joint Personnel Adjudication System (JPAS)

JPAS Future

Case Adjudication Tracking System (CATS)

+

Joint Verification System (JVS)

=

Defense Information Systems Security (DISS)

JVS is the system that will replace JPAS (Scheduled for 2016)

Industry Team

27

JVS System Modifications

• DMDC has created a JPAS Users’ Checklist for upcoming changes to JVS – In order for the person records to be properly migrated over to JVS, the JPAS team is

asking that you review the company/service persons’ names and update the records.

– The easiest way to find out if the Name (Last, First, Middle) does not meet the standards is to pull a JPAS report, import the data into Excel, and then perform a search on the Name fields for the invalid characters.

• Names: – Certain characters are not allowed in last names:

No blanks, no numbers, no periods, i.e. SMITH JR or ST GEORGE, no parenthesis, no underscores, quotes, or asterisks, suffix should be in the suffix field and not the last name field (SMITH JR)

– Alpha characters: A – Z, a – z and Hyphens are allowed

Industry Team

28

SMO Data

• Phone Numbers:

– Please ensure the SMO phone number is accurate • Example: (123)-456-1234

• SMO Email Address:

– All email addresses in the SMO Email Address Field need to be updated without name, phone, rank, title, or extra wording. i.e. name@company.com; name@service.mil separated by semicolons (;).

Industry Team

29

Policy Updates • Use of PKI Certificates

Please note that it is wrongful to willingly use another individual's PKI certificate for authentication/logon to JPAS as the certificate is the digital representation of another person's identity. This is considered to be a misuse of technology and will result in a security incident and potentially permanent debarment from having a JPAS account

• Deleted JPAS Accounts

If your Account was created under a previous SMO that you previously separated from, the JPAS Account will be deleted. Please ensure your account is associated with your existing SMO.

– Denied, Revoked , Suspended or any other unfavorable eligibility

– No owning and/or servicing SMO

– Separated categories

– Inactivity of 90 days

• NO Test or “Dummy” SSNs in JPAS

JPAS is a DoD System of Record, and therefore inputting test or “dummy” SSNs into the system is a violation of system policies and is STRICTLY prohibited. If you input test SSNs into JPAS, your account will be terminated and a misuse of technology incident will be recorded on your JPAS record.

Industry Team

30

This is the page to bookmark:: www.dmdc.osd.mil/psawebdocs

Alerts, notices, user guide resources, etc. are posted here If unable to log in via above link, try the following link that takes you to JPAS Disclosure page:

https://jpasapp.dmdc.osd.mil/JPAS/JPASDisclosure

For Customer support you can contact:

DMDC Contact Center 800-467-5526 Or:

DSS Call Center 888-282-7682

DMDC Website

Industry Team

31

JPAS TIMELINE

• Inactive Account Deletion Policy – In order to comply with CYBERCOM TASKORD 13-0641, JPAS/SWFT/DCII will be decreasing the inactive account

deletion deadline from 90 days to 45. This change will not affect the current 30 day account lock due to inactivity. Users should remember to login every 30 days to prevent any interruption in access. This enhancement is currently planned to be implemented on 9 March 2014.

• The JPAS Account Manager Policy and Policy Updates are being updated to reflect this modification. Please note, only DoD Common Access Card holders will be able to access the original CYBERCOM task order.

Industry Team

32

STATE LAWS IMPACTING CLEARED EMPLOYEES

• State Laws and Impacts to Federal Security Clearances/Eligibility: – There has been some inquiry as to recent changes to state laws and the potential effect on federal security

clearances. Please note that regardless of state level decriminalization or legalization of schedule 1 narcotic possession or use, it is still a Federal level offense and subject to litigation under the Controlled Substances Act (USC Title 21). Beyond the legal issues, use of controlled substances may have a negative impact on the government’s risk model for allowing access to classified materials. SOs/FSOs should report all substance abuse issues via the security incident process.

• Industrial Security Letter (ISL) 2006-02, also provides guidance on substance abuse reporting for industry.

• For additional information on recent state legalization of marijuana and the lack of impact to Federal law, please see the following links: – http://www.whitehouse.gov/ondcp/state-laws-related-to-marijuana

– http://www.justice.gov/dea/druginfo/ds.shtml

Industry Team

33

JPAS Printouts

• What is the JPAS operational policy on printouts from JCAVS?

– Personnel are granted access to JPAS for the specific purpose of verifying eligibility and determining access to

classified information of their service members/employees and/or visitors. There is no other authorized use of the JPAS or JPAS records.

– JPAS was not designed to enable the printing of JPAS records either hard copy or electronically. Once a record is printed or saved, there is no guarantee that the information on the printout is current and accurate. The on-line system contains the current, accurate records that should be used for verification purposes. Any JPAS screens that have been printed or saved are not allowed to be used in Human Resource folders or Security folders and will be considered a JPAS misuse violation. Please read the ‘JPAS Disclosure Screen’ (aka the ‘I Agree’ page) for possible consequences of a JPAS misuse.

– JPAS contains Personal Identifying Information (PII) that is subject to the Privacy Act of 1974, as amended. If a JPAS record is printed, the record may be accessed by personnel who have not been granted authorized access to JPAS, do not have the proper security clearance, do not have the appropriate need-to-know, and are not authorized to view a subject’s PII.

Industry Team

34

JPAS Printouts (Cont’d)

– Personnel with JPAS accounts are not allowed to let subjects view their personal JPAS record either by sharing information on the computer screen or by providing subjects with a hard copy of their JPAS record. Service members or employees seeking information about themselves contained in JPAS should address written inquiries to the Defense Manpower Data Center (DMDC) Boyers, ATTN: Privacy Act Office, P.O. Box 168, Boyers, PA 16020-0168. For additional information. All Privacy Act requests must be made according to the JPAS SoRN Record Access procedures. All law enforcement requests used for investigations must be forwarded to DMDC. The JPAS SoRN is located at: http://dpclo.defense.gov/privacy/SORNs/dod/DMDC12.html.

– There are VERY FEW exceptions! PLEASE READ VERY CAREFULLY AS YOU DO NOT WANT TO RISK FORFEITURE OF YOUR JPAS ACCOUNT. READ

– THE DISCLOSURE (A.K.A. THE ‘I AGREE’) SCREEN FOR POSSIBLE CONSEQUENCES ASSOCIATED WITH A JPAS MISUSE. a. A JPAS Person Summary screen printout may be used in a nomination package to a Non-DoD entity. Each Person Summary screen printout must be covered with a DD Form 2923 Privacy Act Data Cover Sheet dated Sept 2010. However, ALL military services, DoD Agencies, Non-DoD government agencies with a NISP agreement, and industry companies with DD254s have access to either JPAS OR the Office of personnel Management’s (OPM) Central Verification System (CVS) database for the purpose of verifying clearance information. JPAS and CVS have true reciprocity through the data bridge and both can be used to verify clearance information. Using a JPAS printout in nomination packages when JPAS or CVS access is available is strictly prohibited.

– JPAS Person Summaries may also be used by Industrial Security Representatives for the expressed purpose of annual facility security audits.

Industry Team

35

JPAS Newsletter

Industry Team

36

Secure Electronic Fingerprint Transmission

(SWFT)

All fingerprint images that are provided in support of background investigations must be captured and submitted electronically. Please visit the Secure Web Fingerprint Transmission

(SWFT) web pages for more information on this USD(I) mandate at https://www.dmdc.osd.mil/psawebdocs/docPage.jsp?p=SWFT.

Industry Team

37

Why Implement Electronic FP

OSD policy requires electronic submission NLT December 2013

Policy Changes 1

Technology and process changes can overcome policy and reject issues

Improve Efficiencies 4

14 day fingerprint rule is OPM #1 reject reason

Delay/Rework 5

Future Interim PCL Policy Change: 1. Investigation Scheduled 2. Review FP results 3. Review National Databases 4. Review SF-86

Future Interim PCL Policy Change 2

Interim PCL process aligns to HSPD-12 and national security standards

Compliance 3

Interim PCL granted

Ultimate Goal 6

Industry Team

38

SWFT Account Requirements

• The minimum background investigation for a SWFT user is a NACLC with interim secret eligibility is required.

• Registered through a cleared company identified in ISFD.

• SWFT applicants must complete and submit a PSSAR. Completed PSSAR forms for the primary and backup SWFT Account Managers must be submitted to the DMDC Contact Center.

• Any scanner or software used for capturing and sending EFTs to SWFT must meet Federal Bureau of Investigation (FBI) certification guidelines and must be registered with SWFT and OPM. Average Number of Days from Initial Contact/Request to Test Authorization: 22 days

Average Number of Days from Initial Contact/Request to Approved Production Use: 48 days

The turnaround time mostly depends on how engaged the site is in the registration and testing process.

Industry Team

39

SWFT USERS

• SWFT Users can now associate their user account with more than one Cage Code. This means that a single person can now upload e-Fingerprints for personnel from multiple branches of the same company or even from another company. System Access Request (SAR) has to be submitted for each Cage Code separately.

• SWFT users can now select and upload multiple EFT files at a time.

• SWFT Discrepancy report – Shows discrepancies between the subject’s biographic data received in the EFT file and the e-QIP data received from

JPAS.

• Multiple SWFT status reports have a new column “Received by OPM”. Users can now confirm that each EFT has been received by OPM, and verify whether it was received without errors. If the column shows “Rejected by OPM” or an error, the corresponding EFT should be corrected and re-submitted.

Industry Team

40

You must have your FBI approved ten-print live scan systems or card scanners; then you must obtain the DSS Configuration Guide from the SWFT Coordinator.

1. Registration: All ten-print live scan and card equipment must be certified by the FBI. In addition, ANY equipment capturing and sending electronic fingerprints must be registered with OPM.

2. Application Access: All SWFT users must complete a System Access Request (SAR) form. DoD Call Center will maintain SARs for accounts they create, SWFT Account Managers will maintain SARs for accounts they create.

3. Testing: All ten-print live scan and card reader equipment must be tested with OPM’s Store and Forward test server. Users will send test records via SWFT, OPM will validate the data and authorize when e-prints can be submitted to the production system.

SWFT Registration, Application Access, and Testing

Industry Team

41

Livescan

Hardcopy Scanner

SWFT Account

• SCENARIO o Company purchases eFP

capture/hardcopy scanners to submit fingerprints electronically to SWFT

o Refer to the FBI-Product List

• COST o Estimated: $1,300- $10,000 o Beyond initial costs, this option may

require a recurring maintenance fee for sustainment

eFP Option 1

Industry Team

42

Livescan

Share Resources

• SCENARIO o Multiple companies share the cost of

purchasing eFP capture/hardcopy scan devices

o If Company A submits on behalf of Company B, the owning/servicing Facility Security Officer (FSO) does not have to be involved in the actual submission of the fingerprints to SWFT

• COST

o Estimated: $1,300- $10,000 o Beyond initial costs, this option may require

a recurring maintenance fee for sustainment

Hardcopy Scanner

eFP Option 2

Industry Team

43

Livescan

• SCENARIO o Cleared companies provide service to other

companies in submitting eFPs to SWFT o Companies may use their CAGE Code to

submit fingerprint files on behalf of other companies

• COST

o Estimated: $15-$50 per print based on service level agreement

• NOTE o Companies are strongly encouraged to

enter into a service level agreement to address the handling/protection of PII data

Cleared Company

Hardcopy Scanner

eFP Option 3

Industry Team

44

Livescan

FD-258

• SCENARIO

o Vendor that is an FBI approved channeler collects eFPs, saves the EFT file in the required format per SWFT, OPM and FBI standards

o Owning/servicing FSO uploads file(s) to SWFT

• COST o Estimated: $15-$50 per print based on service level

agreement

• NOTE o FSO must confirm equipment has been registered w/

SWFT prior to processing NISP applicants o DSS does not endorse a particular product or

service. Companies depicted are currently tested and registered with SWFT and OPM

o Companies are strongly encouraged to enter into a service level agreement to address handling/protection of PII data

Capture Locations

eFP Option 4

Industry Team

45

NISP Agencies

• SCENARIO o Industry partners with military services and

OGAs in the NISP for eFP submissions

• COSTS o No cost to Industry

• NOTES

o DSS SOI/SON and IPAC are necessary when using this option ‒ SOI (DDO3) ‒ SON (346W) ‒ IPAC (DSS-IND)

o OPM matches fingerprint results to the SSN in the SF-86 submission to initiate the background investigation

Department of Defense

DoD is working to enterprise SWFT across all populations (HSPD-12, Suitability and Security)

Hardcopy Scanner

eFP Option 5

Industry Team

46

• Question:

Is it requirement that the FSO of a company get a SWFT account (user) if it has been decided to submit prints by using a third party vendor/another company?

• Answer: There are two possibilities:

1. If the third party vendor uses the Multi-Company Uploader role to submit the fingerprints on behalf of a client company, then the client company must have its own SWFT account.

2. If the third party vendor uses an account that is associated with multiple CAGE Codes (including the CAGE of the client company) to submit the fingerprints on behalf of a client company, then the client company does NOT have to have its own SWFT account (actually, it can't because the client company's CAGE in SWFT is already being used by the 3rd party vendor).

• If you are using a Third party Vendor do you have a document that covers possible PII issues if compromised? – A Template of the document is posted on “Q’s Tips” on the NCMS Website.

Industry Team

47

Multi-Company Uploader • Can upload Electronic Fingerprint Transmission (EFT) files on behalf of any company

that has been already registered in the SWFT system. • Will simply select the Serviced Company's Name from a dropdown list • Their role also allows the Service Provider to generate transaction reports behalf of

their clients • In order to be able to serve as a Multi-Company Uploader, a PSSAR must be submitted

to the DMDC Contact Center. – Because the Multi-Company Uploader role is not associated with any particular CAGE Code, the request

does not have to be approved or validated by any of the Serviced Companies.

Industry Team

48

Multi-CAGE SWFT Account • This option is primarily intended for large companies under a MFO or subsidiaries.

– It allows a user's SWFT account to be associated with more than one CAGE Code. So, the Account Manager or Users of a parent company can have their accounts associated with the CAGE Codes of some or all of the MFO or subsidiaries, they can submit, manage, and track fingerprints on their behalf.

• This option is also applicable to third party providers that are asked by client companies to act in SWFT on their behalf. – Similarly, an Account Manager or Users from a third party service provider can have their accounts associated with the CAGE

Codes of their client companies, and then they can submit, manage, and track fingerprints on their behalf.

• Adding each additional CAGE Code to an existing SWFT account must be specifically requested in the (PSSAR), which must be approved by the appropriate nominating official from the Company that "owns" the CAGE Code.

• Please note that this option allows the multi-CAGE SWFT account holder an access to all detailed SWFT reports for each CAGE Code which they were authorized to use. These reports often contain sensitive PII data. It is, therefore, highly recommended that the client companies enter into a formal agreement with their third party provider to ensure proper management and protection of the PII data. This option might be less attractive for service providers who wish to provide their services to many serviced/client companies, as meeting the formal requirements and the management of large number of CAGE codes can become burdensome.

Industry Team

49

eFP Implementation Resources

AskPSMO-I Webinars • Join the PSMO-I for its bi-monthly

webinars where we answer specific questions related to eFP Visit the DSS website for the

webinar announcement and registration link

Be sure to submit questions during the registration process

Note: Hyperlinks only work in “Slideshow View”. Click Shift+F5

• Email questions: AskPSMO-I@dss.mil DO NOT SEND PII

Contacts

• DMDC-SWFT Homepage

• SWFT - Registration, Access and Testing Procedures

• FBI Product List

• FBI Approved Channeler List

• When submitting eFPs use: SOI: DD03 SON: 346W IPAC: DSS-IND

• DoD Security Services (Call) Center Inquiries: DoD Security Services Center

eFP Setup & Submission

• Email questions: dmdc.swft@mail.mil

• Email DMDC Contact Center Inquiries: dmdc.contactcenter@mail.mil

Industry Team

50

Useful Websites

• DMDC: https://www.dmdc.osd.mil/psawebdocs/

• JPAS Homepage: https://www.dmdc.osd.mil/psawebdocs/docPage.jsp?p=JPAS

• DSS website: http://www.dss.mil/

• DEERS website: http://tricare.mil/mybenefit/home/overview/Eligibility/DEERS/Updating

• SWFT: https://www.dmdc.osd.mil/psawebdocs/docPage.jsp?p=SWFT

• ISFD: http://www.dss.mil/diss/isfd.html

• STEPP: http://www.dss.mil/seta/enrol/stepp.html

• NCMS: https://www.classmgmt.com/Home/

Industry Team

51

Industry Team PMOs

Quinton Wilkes – Team Lead

quinton.wilkes@L-3com.com

Tanya Elliott

telliott@lg-tek.com

SWFT Industry

Sub Team

Sheila Garland

sgarland@ball.com

Shala Roman shala.romandelvalle@baesystems.com

Industry Sub Team

Renita “Toni” MacDonald

renita.macdonald@boeing.com

Susie Bryant

smbryant@raytheon.com

Rene Haley

rene.haley@ngc.com

Steven Burke

steven.d.burke@lmco.com

Carla Peters-Carr

carla.peters-carr@ngc.com

JPAS Industry Team Contact Information

Industry Team

52