Toni MacDonald – Boeing Presented to: NCMS - Channel Islands Chapter 19 October 2011 October 2011 -Page 1 DISCO Relocation Defense Industrial Security Clearance Office (DISCO) has moved from Columbus, OH to Ft. Meade, MD – effective August 1, 2011 Nondisclosure Agreements (SF 312) should be forwarded to the new mailing address for DISCO below: Defense Security Service Defense Industrial Security Clearance Office (DISCO) Attention: Document Preparation Office 600 10th Street Fort George G. Meade, MD 20755-5131 October 2011 -Page 2 ENROL/STEPP ENROL is now known as STEPP - Security Training, Education and Professionalization Portal URL: http://www.dss.mil/diss/enrol-intro.html October 2011 -Page 3 Training JPAS Training for Security Professionals – Course No. PS123.16 (8 hr web-based) All JPAS documentation will be removed from the DSS website. It will only be available in the tutorial within JPAS DSS Personally Identifiable Information (PII) – Course No. DS-IF101.06 (45 min webbased) eQIP – Multiple courses to include: Initiating, Managing, Reviewing, and Solutions to Common Issues Industrial Security Facility Database (ISFD) – Course No. IS111.06 (5 hr web-based) Link to STEPP: The following link will take you to the Defense Security Service (DSS) STEPP system: https://stepp.dss.mil/SelfRegistration/Login where you can register for the courses or create a new account. For additional information regarding a STEPP account, contact the DoD Security Service Center, 1-888-282-7682, occ.cust.serv@dss.mil; for information about the course content contact IA/CND at DSSIACND@dss.mil October 2011 -Page 4 JPAS Websites via DMDC www.dmdc.osd.mil/psawebdocs (DMDC Home Page) https://jpasapp.dmdc.osd.mil/JPAS/JPASDisclosure October 2011 -Page 5 User Profile Screen (4/2/11) JPAS User Profile screen allows JPAS users to view and edit their own personal identification, security management office (SMO), and contact information The JPAS User Profile screen is displayed the first time the user gains access to JPAS by category/level and every six months thereafter October 2011 -Page 6 Signature Pages Fax Server disabled May 2011 JPAS users should use the Scan and Upload method to submit signature pages: SF86 Certification Authorization for Release of Information, and/or Authorization for Release of Medical Information (when applicable) Fair Credit Reporting (new form eftv 8/11) All documents must bear the appropriate OPM Request ID Number. All uploaded documents must be in .pdf format and cannot be larger than 1 mg. October 2011 -Page 7 Required Signature Pages Certification Page Required Authorization for Release of Information Required Fair Credit Reporting Required for submissions with 2010 SF86 October 2011 -Page 8 Additional Signature Page Medical Release Required only if subj answers “Yes” to #21 October 2011 -Page 9 Log-in Changes Prior to JPAS Release 4.3.0.0, JPAS users could log-in using: User ID and password or Common Access Card (CAC) As of 27 August 2011, In addition to the above, users can log-in using either of the following methods: A Federal Agency PIV card A Medium Token Assurance or Medium Hardware Assurance Public Key Infrastructure (PKI) smart A DoD-approved PKI certificate on a corporate smart card A PIV-Interoperable (PIV-I) smart card from a DoD-approved PIV-I smart card provider Note: JPAS will not enforce the use of any particular log-in method. October 2011 -Page 10 CHANGES TO INVESTIGATION REQUESTS October 2011 -Page 11 Prime Contract Numbers Removed the Prime Contract Number field from the Determine Investigation Type section of the Determine Initiation Scope screen Prime Contract Number and Cage Code fields are displayed in the Initiation Scope sections of the Determine Investigation Scope screen No more than 30 characters (must be alphanumeric for 2010 SF86 investigation requests) no dashes, no spaces October 2011 -Page 12 Extra Coverage / FIPC Code 7 – indicates FPC not required Code I – indicates FPC electronic transmission Code J – indicates FPC mailed (must be mailed within 14 days) to: Investigative Request Rapid Response Team OPM-FIPC PO Box 618 Boyers, PA 16020-0618 October 2011 -Page 13 Additional Request Info Enter Requester e-mail and phone number Include Secondary Requesting Official and phone number October 2011 -Page 14 Deployment/Change of Station Added the Deployment/Permanent Change of Station sub-section to Entering data into these fields is optional, but if data is entered, all of the related fields are required with the exception of the Point of Contact at Location and Phone fields October 2011 -Page 15 Investigation Request Status Mandatory Release Forms: Fair Credit, SF86 Cert, Info Release Ensure box is checked for all mandatory forms All forms must be attached before you can submit to DISCO October 2011 -Page 16 Document Review Fax Server disabled – all documents muse be scanned and uploaded Document History shows which signature page has been uploaded and when it was uploaded October 2011 -Page 17 Nda Forms (09/09/11) Organizational Information Required on an SF312 As of Oct. 1, 2011, the Defense Industrial Security Clearance Office will no longer accept an SF312, Classified Information Nondisclosure Agreement, without the organizational information (located in block 11). Please ensure all required blocks are complete or the SF312 will be considered incomplete and returned for correction. October 2011 -Page 18 2010 SF86 FORM - CHANGES October 2011 -Page 19 New 2010 SF 86 Form The 2010 SF86 form will be the default for investigation requests initiated after 29 August 2011 Investigation requests initiated prior to August 29 will use the 2008 SF86 even if the form is returned for additional information Access to the investigation request functionality via JPAS remains the same JCAVS User Levels remain the same: Levels 2 – 6 Various changes made within JPAS investigation request functionality to accommodate the new SF86 form New signature page “Fair Credit Reporting Disclosure” is required for all 2010 SF86 submissions Branching questions allow applicants to provide more detailed information about their background A new Navigation screen replaces the navigation drop down menu. You can select sections of the form from the drop down menu at the top of the screen, and then navigate to various sub sections Employee information from the old SF86 is expected to migrate to the new form October 2011 -Page 20 Some of the Changes Average completion time approx 150 min vs. 120 min The employee must read Agreement and answer “Yes” before they will be allowed to move on. If they answer “No” they will get an error message State and country of birth is required, even if born in US Passport information is required if employee possesses a US passport Additional citizenship information required if born abroad, if naturalized citizen, or if “Not a US citizen” is selected Ten years of history required for where you have lived, regardless of investigation type Must list point of contact if you attended school within past 3 years Additional selections for employment activities Two separate screens for Selective Service Record Detailed information required for Military History Additional entries for People who Know you Well Additional information required for Marital Status; detailed information required if Annulled, Divorced, or Widowed October 2011 -Page 21 Some of the Changes (cont) Must select checkbox for all relatives that apply, if “married is checked, must check mother-in-law and father-in-law before you can move forward Other names used by relatives is required, as well as dates used and why name is used Additional information required for Foreign Contacts, Foreign Activity and Foreign Travel Police Records Questions have been combined – “YES” requires additional information Investigations and Clearance questions will be asked individually, “Yes” requires additional information More specific questions are asked on Financial Records Non-Criminal Court Actions require 10 years history vs. 7 Employees will have to log in with SSN and will have to add SSN to bottom of each signature page October 2011 -Page 22 SF86 Reference Material The Center for Development of Security Excellence (CDSE) has developed online reference material for JPAS users to help them become familiar with using the new 2010 SF 86. The following links are provided by CDSE on the Security-Related Brochures and Guides Quick Reference Guide (QRG) for the Newly Updated SF-86 Provides overview, types of information, detailed section review and references, including the printable form Applicant Tips for Successful e-QIP How to avoid common mistakes http://www.dss.mil/seta/security_brochures_and_guides.html PDF (writeable) version is available on OPM’s website (127 pages) October 2011 -Page 23 Reports FAQs Cognos is that software program that generates JPAS reports. 1. I receive a Cognos screen asking for a userid and password when I try to run reports. When I enter my JPAS userid and password, I continue to receive an error. What should I do? Send e-mail to DoD Service Center indicating “Userid not recognized by report server” 2. How do I convert a Comma Separated Values (.CSV) file into an Excel spreadsheet? 3. Will my connection with JPAS timeout while I am running reports? 4. How do I convert an Excel spreadsheet into a .PDF file? 5. I am using Internet Explorer and my report is not displaying, how do I correct this? https://www.dmdc.osd.mil/psawebdocs/docRequest//filePathNm=PSA/appId=560/app_key_id=1559jsow24d/siteId=7/ediP nId=0/userId=public/fileNm=JPAS_Reports_FAQs+%2809262011%29.pdf October 2011 -Page 24 JPAS PKI IMPLEMENTATION October 2011 -Page 25 Approved Vendors DoD ECA currently approved vendors: IdenTrust, Inc. Web Site: http://www.identrust.com/certificates/eca/index.html Email: helpdesk@identrust.com Phone: 888.882.1104 Operational Research Consultants, Inc Web Site: http://www.eca.orc.com/ Email: ecahelp@orc.com Phone: 800.816.5548 VeriSign, Inc. Web Site: https://eca.verisign.com/ Email: eca-support@verisign.com October 2011 -Page 26 JPAS Logon Methods Important Dates CAC-enabled JPAS deployed January 2011 PKI-enabled JPAS deployed August 2011 Username and password will be removed January 2012 PKI Logon Methods authorized for access The DoD CAC Personal Identity Verification (PIV) cards Medium Token Assurance or Medium Hardware Assurance PKI certificate on a smartcard issued via the External Certification Authority (ECA) PKI Program Regardless of logon method, access to JPAS will be validated JPAS user ID/password must be valid and active October 2011 -Page 27 Logging in with PKI Cert Select CAC/PIV Log in Hit Return key and you will end up at the Self-Registration Screen October 2011 -Page 28 PKI Self Registration Self Registration Each user will be required to register their own certificates JPAS will display a new Self Registration page to allow users to associate their Non-CAC (PIV, PIV-I or smart card) to their active JPAS user ID and password JPAS will store user ID association to only one Non-CAC at a time JPAS will only present this page to users whose Non-CAC is not already stored in JPAS Detailed error messages will be presented to the user if problems are encountered during the log-in process October 2011 -Page 29 PKI Self Registration Screen October 2011 -Page 30 Confirming PKI Certificate Info You will be asked to confirm your certificate You will be asked to enter your passcode Once you enter passcode you will be logged in to JPAS October 2011 -Page 31 When using your PKI smartcard… The system will not: Require a user to change the password Check for a password expiration date Display the countdown of password expiration Lock the JPAS user account for unsuccessful log-in attempts Regardless of log-in method, JPAS authorization processing remains the same. JPAS will determine the user’s access rights based on the access rights assigned to the user ID. User id/passwords will be removed in January 2012 October 2011 -Page 32 JPAS Inactivity Users will be required to log in at least once every 60 days or their account will become inactive and locked If a user does not login within 90 days, their account will be terminated in accordance with DoD regulations The process to request an account will start over with submitting a new SAR and obtaining management approval October 2011 -Page 33 Technical Support For assistance with JPAS PKI login issues, contact your local IT support or the vendor who issued your certificate The DoD Call Center cannot provide PKI technical support or troubleshooting There is a PKI Technical Troubleshooting Guide available on DMDC website: https://www.dmdc.osd.mil/psawebdocs/docPage.jsp?p=JPAS If you still have issues and have exhausted all possibilities, submit e-mail to: jpas.helpdesk@osd.pentagon.mil Be sure to include the following information in your e-mail: Your First and Last Name JPAS User Account ID. (Do not send the password or your SSN) A detailed description of what you have tried using the techniques above and the errors (if any) for each technique Operating system and web browser that is being used Type of certificate you are using The digital certificate export (see here for more information) They will NOT respond to those that have not tried all steps. October 2011 -Page 34 Audit Capabilities JPAS will audit data inserted, updated, or deleted within select tables in the JPAS database. This change provides a means to track data changes at the field level for any JPAS table that contains the field 'lastUpdatedBy‘ Changes made within a text field will not be captured during this phase of auditing JPAS will retain audit log data for up to one year Security Manager/FSO can request copy of audit log from DMDC via appropriate PMO October 2011 -Page 35 Common Access Card (CAC) The Common Access Card (CAC) is a United States Department of Defense (DoD) smart card issued as standard identification for activeduty military personnel, reserve personnel, civilian employees, other non-DoD government employees, state employees of the National Guard, and eligible contractor personnel. Not all of DoD Industry personnel are eligible for CAC October 2011 -Page 36 Who qualifies for a CAC? Active Duty service members DoD civilian employees DoD contractors that are under DoD contract and sponsored by a DoD Service or Agency DoD Contractors may obtain CACs if their government sponsor deems it necessary and fulfill one of the three requirements: 1. Be active duty, reservist, or a DOD civilian 2. The user must work on site at a military or government installation 3. User is a DoD contractor that works on GFE equipment October 2011 -Page 37 I have a CAC card, do I still need PKI? If an active duty/reservist/DOD civilian is issued a CAC, can they use their CAC if they are in JPAS in a different role (e.g. contractor)? E.g. John Smith is a security consultant for ABC Company part-time. John uses his government issued CAC to access JPAS for the work he's performing for ABC Company. Is this an authorized use of the CAC as many users will fall under this category? a. The use of a Military/Civilian CAC in the performance of an Industry role is against DoD Policy and will be considered misuse of Government property. Please see the Federal Code of Regulations § 2635.704-Use of Government property. (a) Standard. An employee has a duty to protect and conserve Government property and shall not use such property, or allow its use, for other than authorized purposes. October 2011 -Page 38 Sharing Accounts Sharing USB Tokens, smartcards, and username/password is a violation of DoD Regulations, NISPOM, and the Privacy Act of 1974 If you share any of these items, your account will be terminated If you are in Industry, a notification letter will be sent to all of your contracts with the DoD that you have received a security violation on a Government application Sharing JPAS accounts is PROHIBITED. JPAS accounts are unique to only one person; there are NO company accounts. If you have a company account, you need to STOP using it immediately October 2011 -Page 39 JPAS PKI Frequently Asked Questions https://www.dmdc.osd.mil/psawebdocs/docRequest//filePathNm=PSA/appId=56 0/app_key_id=1559jsow24d/siteId=7/ediPnId=0/userId=public/fileNm=JPAS_PK I_FAQs%2824AUG2011%29.pdf PKI FAQs Section 1: General Questions Section 2: Common Access Card (CAC) and Public Key (PKI Enabling Questions Section 3: Technical Questions (when attempting to log on with a CAC/PIV) Section 4: Defining Terms for PK-Logon Section 5: List of Agencies who distribute PIVs to their employees October 2011 -Page 40 SECURE WEB FINGERPRINT TRANSMISSION (SWFT) October 2011 -Page 41 Secure Web Fingerprint Transmission (SWFT) SWFT is a secure web-based system that allows cleared contractors to submit electronic fingerprints (eFPCs) to DSS for release to OPM based on approval of a JPAS/e-QIP submission SWFT will reduce fingerprint rejection rates and eliminate delays associated with mailing paper cards DSS launched full production of SWFT in August 2009 SWFT transferred from DSS to DMDC in August 2010 Approximately 25 cleared companies are already using SWFT In July 2010 a USD(I) memo came out directing DoD components to transition to electronic fingerprint transmission in support of all background investigations by 31 December 2013 DSS will work in conjunction with industry, OPM, and other Government entities to meet the 31 December 2013 implementation date October 2011 -Page 42 SWFT Requirements You must have your FBI approved ten-print live scan systems or card scanners; then you must obtain the DSS Configuration Guide from the SWFT Coordinator. 1. Registration: All ten-print live scan and card equipment must be certified by the FBI and registered with OPM. 2. Application Access: All SWFT users must complete a System Access Request (SAR) form. 3. Testing: All ten-print live scan and card reader equipment must be tested with OPM’s Store and Forward test server. There are many vendors who offer equipment to support the electronic submission of electronic fingerprints Information on certified fingerprint systems may be found at http://www.fbibiospecs.org/fbibiometric/iafis/default.aspx SWFT website: https://www.dmdc.osd.mil/psawebdocs/docPage.jsp?p=SWFT October 2011 -Page 43 How SWFT Works Sites With e-print capability eFPCs are captured at the local facility, then saved and stored on a local hard drive Click the LSMS icon and select “New” to begin process Enter requested information (current date, personal/physical description) Capture and save print images via Guardian e-print station Log in to SWFT, locate prints you wish to upload and submit to DSS via Biometric Up loader eFPCs are forwarded to the DSS store and forward server DSS will receive prints electronically and will cross check with e-QIP and JPAS DSS will forward ePFC to OPM OPM will schedule and open the investigation Sites with scanner capability Capture prints using current/ink stamp system Scan hard copy prints via approved scanner Encrypt and e-mail prints to designated site Designated site will convert to electronic file and forward to DSS DSS OPM Sites without scanner capability Capture prints using current/ink stamp system Mail hard copy prints to Designated site Designated site will scan and convert hard copy prints to electronic file Designated site will upload and submit prints to DSS via Biometric Up loader October 2011 -Page 44 Federal Information Processing Codes (FIPC) When initiating Investigation Requests, indicate how fingerprint cards will be submitted: Code 7 – indicates FPC not required Code I – indicates FPC electronic transmission* Code J – indicates FPC mailed October 2011 -Page 45 JPAS Present and Future JPAS Today JPAS Future Joint Access Management System (JAMS) Case Adjudication Tracking System (CATS) + + Joint Clearance Access Verification System (JCAVS) Joint Verification System (JVS) = = Joint Personnel Adjudication Verification System (JPAS) Defense Information Systems Security (DISS) October 2011 -Page 46 CONTACT INFORMATION October 2011 -Page 47 JPAS Industry Team The JPAS Industry Team was established in 2004 and consists of representatives from the following companies: Boeing – Toni MacDonald CACI – Tanya Elliott L-3 Communications – Quinton Wilkes, Clyde Sayler Lockheed Martin – Wanda Walls Northrop Grumman – Rene Haley Raytheon – Susie Bryant SAIC – Carla Peters-Carr Schafer Corporation – Rhonda Peyton October 2011 -Page 48 JPAS Industry Team Contact Info Industry Team PMOs Education & Training Sub Team JPAS Industry Sub Team Quinton Wilkes – Team Lead quinton.wilkes@L-3com.com Toni MacDonald – Team Lead renita.macdonald@boeing.com Tanya Elliott – Team Lead telliott@caci.com Tanya Elliott telliott@caci.com Clyde Sayler clyde.j.sayler@L-3com.com Susie Bryant smbryant@raytheon.com Rhonda Peyton rpeyton@schaferalb.com Rene Haley Rene.haley@ngc.com Carla Peters-Carr Carla.s.peters-carr@saic.com Wanda Walls wanda.walls@lmco.com DoD Customer Call Center 888 282-7682 October 2011 -Page 49 Additional Contact Information JPAS Industry PMOs Quinton Wilkes 703-626-6187 quinton.wilkes@L-3com.com Tanya Elliott 410-782-8108 (office) telliott@caci.com Army Account Managers Denise Brannon, Army Functional Manager Deborah.Brannon@us.army.mil phone: 301.677.6374 DSN: 622.6374 Fax: 301.677.3128 DSN: 622.3128 Susan M Rogers, Army Primary Account Manager Susan.M.Rogers@us.army.mil phone: 301.677.7035 DSN: 622.7035 Air Force Account Managers Mr. Charles Clemmer charles.clemmer@pentagon.af.mil 202-767-0484 DSN: 297-0484 Navy Account Managers Roxanne Chrisman, Navy JCAVS Program Manager roxanne.chrisman@navy.mil Phone:202-433-8869 DSN: 288-8869 Fax: 202-433-8849 Marine Corps Account Managers Jill Baker, USMC Account Manager Jill.Baker@usmc.mil Phone: 703.692.0157 DSN: 222-0157 Fax: 703.614.6538 October 2011 -Page 50 October 2011 -Page 51