JPAS Industry Sub Team - NCMS

advertisement
Toni MacDonald – Boeing
Presented to:
NCMS - Channel Islands Chapter
19 October 2011
October 2011 -Page 1
DISCO Relocation
 Defense Industrial Security Clearance Office (DISCO) has moved from
Columbus, OH to Ft. Meade, MD – effective August 1, 2011
 Nondisclosure Agreements (SF 312) should be forwarded to the new mailing
address for DISCO below:
Defense Security Service
Defense Industrial Security Clearance Office (DISCO)
Attention: Document Preparation Office
600 10th Street
Fort George G. Meade, MD 20755-5131
October 2011 -Page 2
ENROL/STEPP
 ENROL is now known as STEPP - Security Training, Education and
Professionalization Portal
URL: http://www.dss.mil/diss/enrol-intro.html
October 2011 -Page 3
Training
 JPAS Training for Security Professionals – Course No. PS123.16 (8 hr web-based)
 All JPAS documentation will be removed from the DSS website. It will only be
available in the tutorial within JPAS
 DSS Personally Identifiable Information (PII) – Course No. DS-IF101.06 (45 min webbased)
 eQIP – Multiple courses to include: Initiating, Managing, Reviewing, and Solutions to
Common Issues
 Industrial Security Facility Database (ISFD) – Course No. IS111.06 (5 hr web-based)
 Link to STEPP: The following link will take you to the Defense Security Service (DSS)
STEPP system: https://stepp.dss.mil/SelfRegistration/Login where you can register for the
courses or create a new account.
For additional information regarding a STEPP account, contact the DoD Security Service
Center, 1-888-282-7682, occ.cust.serv@dss.mil; for information about the course content
contact IA/CND at DSSIACND@dss.mil
October 2011 -Page 4
JPAS Websites via DMDC
www.dmdc.osd.mil/psawebdocs (DMDC Home Page)
https://jpasapp.dmdc.osd.mil/JPAS/JPASDisclosure
October 2011 -Page 5
User Profile Screen (4/2/11)
 JPAS User Profile screen allows JPAS users to view and edit their own
personal identification, security management office (SMO), and contact
information
 The JPAS User Profile screen is displayed the first time the user gains
access to JPAS by category/level and every six months thereafter
October 2011 -Page 6
Signature Pages
 Fax Server disabled May 2011
 JPAS users should use the Scan and Upload method to submit
signature pages:
 SF86 Certification
 Authorization for Release of Information, and/or
 Authorization for Release of Medical Information (when applicable)
 Fair Credit Reporting (new form eftv 8/11)
 All documents must bear the appropriate OPM Request ID Number.
 All uploaded documents must be in .pdf format and cannot be larger
than 1 mg.
October 2011 -Page 7
Required Signature Pages
Certification Page
Required
Authorization for Release of Information
Required
Fair Credit Reporting
Required for submissions with 2010 SF86
October 2011 -Page 8
Additional Signature Page
Medical Release
Required only if subj answers “Yes” to #21
October 2011 -Page 9
Log-in Changes
 Prior to JPAS Release 4.3.0.0, JPAS users could log-in using:
 User ID and password or
 Common Access Card (CAC)
 As of 27 August 2011, In addition to the above, users can log-in using
either of the following methods:
 A Federal Agency PIV card
 A Medium Token Assurance or Medium Hardware Assurance Public Key
Infrastructure (PKI) smart
 A DoD-approved PKI certificate on a corporate smart card
 A PIV-Interoperable (PIV-I) smart card from a DoD-approved PIV-I smart
card provider
Note: JPAS will not enforce the use of any particular log-in method.
October 2011 -Page 10
CHANGES TO INVESTIGATION
REQUESTS
October 2011 -Page 11
Prime Contract Numbers
 Removed the Prime Contract Number field from the Determine Investigation
Type section of the Determine Initiation Scope screen
 Prime Contract Number and Cage Code fields are displayed in the Initiation
Scope sections of the Determine Investigation Scope screen
 No more than 30 characters (must be alphanumeric for 2010 SF86 investigation requests) no dashes, no spaces
October 2011 -Page 12
Extra Coverage / FIPC

Code 7 – indicates FPC not required
Code I – indicates FPC electronic transmission
Code J – indicates FPC mailed (must be mailed within 14 days) to:
Investigative Request Rapid Response Team
OPM-FIPC
PO Box 618
Boyers, PA 16020-0618
October 2011 -Page 13
Additional Request Info
 Enter Requester e-mail and phone number
 Include Secondary Requesting Official and phone number
October 2011 -Page 14
Deployment/Change of Station
 Added the Deployment/Permanent Change of Station sub-section to
 Entering data into these fields is optional, but if data is entered, all of the
related fields are required with the exception of the Point of Contact at Location
and Phone fields
October 2011 -Page 15
Investigation Request Status
 Mandatory Release Forms: Fair Credit, SF86 Cert, Info Release
 Ensure box is checked for all mandatory forms
 All forms must be attached before you can submit to DISCO
October 2011 -Page 16
Document Review
 Fax Server disabled – all documents muse be scanned and uploaded
 Document History shows which signature page has been uploaded and
when it was uploaded
October 2011 -Page 17
Nda Forms
 (09/09/11) Organizational Information Required on an SF312
As of Oct. 1, 2011, the Defense Industrial Security Clearance Office will no
longer accept an SF312, Classified Information Nondisclosure Agreement,
without the organizational information (located in block 11). Please ensure all
required blocks are complete or the SF312 will be considered incomplete and
returned for correction.
October 2011 -Page 18
2010 SF86 FORM - CHANGES
October 2011 -Page 19
New 2010 SF 86 Form
 The 2010 SF86 form will be the default for investigation requests initiated after
29 August 2011
 Investigation requests initiated prior to August 29 will use the 2008 SF86 even if the
form is returned for additional information
 Access to the investigation request functionality via JPAS remains the same
 JCAVS User Levels remain the same: Levels 2 – 6
 Various changes made within JPAS investigation request functionality to
accommodate the new SF86 form
 New signature page “Fair Credit Reporting Disclosure” is required for all 2010 SF86
submissions
 Branching questions allow applicants to provide more detailed information about their
background
 A new Navigation screen replaces the navigation drop down menu. You can select
sections of the form from the drop down menu at the top of the screen, and then
navigate to various sub sections
 Employee information from the old SF86 is expected to migrate to the new form
October 2011 -Page 20
Some of the Changes
 Average completion time approx 150 min vs. 120 min
 The employee must read Agreement and answer “Yes” before they will be allowed to
move on. If they answer “No” they will get an error message
 State and country of birth is required, even if born in US
 Passport information is required if employee possesses a US passport
 Additional citizenship information required if born abroad, if naturalized citizen, or if “Not a
US citizen” is selected
 Ten years of history required for where you have lived, regardless of investigation type
 Must list point of contact if you attended school within past 3 years
 Additional selections for employment activities
 Two separate screens for Selective Service Record
 Detailed information required for Military History
 Additional entries for People who Know you Well
 Additional information required for Marital Status; detailed information required if Annulled,
Divorced, or Widowed
October 2011 -Page 21
Some of the Changes (cont)
 Must select checkbox for all relatives that apply, if “married is checked, must
check mother-in-law and father-in-law before you can move forward
 Other names used by relatives is required, as well as dates used and why name
is used
 Additional information required for Foreign Contacts, Foreign Activity and
Foreign Travel
 Police Records Questions have been combined – “YES” requires additional
information
 Investigations and Clearance questions will be asked individually, “Yes”
requires additional information
 More specific questions are asked on Financial Records
 Non-Criminal Court Actions require 10 years history vs. 7
 Employees will have to log in with SSN and will have to add SSN to bottom of
each signature page
October 2011 -Page 22
SF86 Reference Material
 The Center for Development of Security Excellence (CDSE) has developed online reference material for JPAS users to help them become familiar with using
the new 2010 SF 86.
 The following links are provided by CDSE on the
 Security-Related Brochures and Guides
 Quick Reference Guide (QRG) for the Newly Updated SF-86
 Provides overview, types of information, detailed section review and
references, including the printable form
 Applicant Tips for Successful e-QIP
 How to avoid common mistakes
 http://www.dss.mil/seta/security_brochures_and_guides.html
 PDF (writeable) version is available on OPM’s website (127 pages)
October 2011 -Page 23
Reports FAQs
Cognos is that software program that generates JPAS reports.
1. I receive a Cognos screen asking for a userid and password when I try to run
reports. When I enter my JPAS userid and password, I continue to receive an
error. What should I do?

Send e-mail to DoD Service Center indicating “Userid not recognized by
report server”
2. How do I convert a Comma Separated Values (.CSV) file into an Excel
spreadsheet?
3. Will my connection with JPAS timeout while I am running reports?
4. How do I convert an Excel spreadsheet into a .PDF file?
5. I am using Internet Explorer and my report is not displaying, how do I correct
this?
https://www.dmdc.osd.mil/psawebdocs/docRequest//filePathNm=PSA/appId=560/app_key_id=1559jsow24d/siteId=7/ediP
nId=0/userId=public/fileNm=JPAS_Reports_FAQs+%2809262011%29.pdf
October 2011 -Page 24
JPAS PKI IMPLEMENTATION
October 2011 -Page 25
Approved Vendors
DoD ECA currently approved vendors:
 IdenTrust, Inc.
Web Site: http://www.identrust.com/certificates/eca/index.html
Email: helpdesk@identrust.com
Phone: 888.882.1104
 Operational Research Consultants, Inc
Web Site: http://www.eca.orc.com/
Email: ecahelp@orc.com
Phone: 800.816.5548
 VeriSign, Inc.
Web Site: https://eca.verisign.com/
Email: eca-support@verisign.com
October 2011 -Page 26
JPAS Logon Methods
 Important Dates
 CAC-enabled JPAS deployed January 2011
 PKI-enabled JPAS deployed August 2011
 Username and password will be removed January 2012
 PKI Logon Methods authorized for access
 The DoD CAC
 Personal Identity Verification (PIV) cards
 Medium Token Assurance or Medium Hardware Assurance PKI
certificate on a smartcard issued via the External Certification
Authority (ECA) PKI Program
 Regardless of logon method, access to JPAS will be validated
 JPAS user ID/password must be valid and active
October 2011 -Page 27
Logging in with PKI Cert
 Select CAC/PIV Log in
 Hit Return key and you will end up at the Self-Registration Screen
October 2011 -Page 28
PKI Self Registration
 Self Registration
 Each user will be required to register their own certificates
 JPAS will display a new Self Registration page to allow users to
associate their Non-CAC (PIV, PIV-I or smart card) to their active
JPAS user ID and password
 JPAS will store user ID association to only one Non-CAC at a time
 JPAS will only present this page to users whose Non-CAC is not
already stored in JPAS
 Detailed error messages will be presented to the user if problems are
encountered during the log-in process
October 2011 -Page 29
PKI Self Registration Screen
October 2011 -Page 30
Confirming PKI Certificate Info
 You will be asked to confirm your certificate
 You will be asked to enter your passcode
 Once you enter passcode you will be logged in to JPAS
October 2011 -Page 31
When using your PKI smartcard…
 The system will not:
 Require a user to change the password
 Check for a password expiration date
 Display the countdown of password expiration
 Lock the JPAS user account for unsuccessful log-in attempts
 Regardless of log-in method, JPAS authorization processing remains
the same. JPAS will determine the user’s access rights based on the
access rights assigned to the user ID.
 User id/passwords will be removed in January 2012
October 2011 -Page 32
JPAS Inactivity
 Users will be required to log in at least once every 60 days or their
account will become inactive and locked
 If a user does not login within 90 days, their account will be
terminated in accordance with DoD regulations
 The process to request an account will start over with submitting a
new SAR and obtaining management approval
October 2011 -Page 33
Technical Support
 For assistance with JPAS PKI login issues, contact your local IT support or the
vendor who issued your certificate
 The DoD Call Center cannot provide PKI technical support or troubleshooting
 There is a PKI Technical Troubleshooting Guide available on DMDC website:
https://www.dmdc.osd.mil/psawebdocs/docPage.jsp?p=JPAS
 If you still have issues and have exhausted all possibilities, submit e-mail to:
jpas.helpdesk@osd.pentagon.mil
Be sure to include the following information in your e-mail:

Your First and Last Name

JPAS User Account ID. (Do not send the password or your SSN)

A detailed description of what you have tried using the techniques above and the errors (if any)
for each technique

Operating system and web browser that is being used

Type of certificate you are using

The digital certificate export (see here for more information)

They will NOT respond to those that have not tried all steps.
October 2011 -Page 34
Audit Capabilities
 JPAS will audit data inserted, updated, or deleted within select tables in
the JPAS database. This change provides a means to track data
changes at the field level for any JPAS table that contains the field
'lastUpdatedBy‘
 Changes made within a text field will not be captured during this phase
of auditing
 JPAS will retain audit log data for up to one year
 Security Manager/FSO can request copy of audit log from DMDC via
appropriate PMO
October 2011 -Page 35
Common Access Card (CAC)
 The Common Access Card (CAC) is a United States Department of
Defense (DoD) smart card issued as standard identification for activeduty military personnel, reserve personnel, civilian employees, other
non-DoD government employees, state employees of the National
Guard, and eligible contractor personnel.
 Not all of DoD Industry personnel are eligible for CAC
October 2011 -Page 36
Who qualifies for a CAC?
 Active Duty service members
 DoD civilian employees
 DoD contractors that are under DoD contract and sponsored by a
DoD Service or Agency
 DoD Contractors may obtain CACs if their government sponsor
deems it necessary and fulfill one of the three requirements:
1. Be active duty, reservist, or a DOD civilian
2. The user must work on site at a military or government
installation
3. User is a DoD contractor that works on GFE equipment
October 2011 -Page 37
I have a CAC card, do I still need PKI?
 If an active duty/reservist/DOD civilian is issued a CAC, can they use
their CAC if they are in JPAS in a different role (e.g. contractor)? E.g.
John Smith is a security consultant for ABC Company part-time. John
uses his government issued CAC to access JPAS for the work he's
performing for ABC Company. Is this an authorized use of the CAC as
many users will fall under this category?
 a. The use of a Military/Civilian CAC in the performance of an Industry role is
against DoD Policy and will be considered misuse of Government property.
Please see the Federal Code of Regulations § 2635.704-Use of Government
property.
 (a) Standard. An employee has a duty to protect and conserve Government
property and shall not use such property, or allow its use, for other than
authorized purposes.
October 2011 -Page 38
Sharing Accounts
 Sharing USB Tokens, smartcards, and username/password is a violation
of DoD Regulations, NISPOM, and the Privacy Act of 1974
 If you share any of these items, your account will be terminated
 If you are in Industry, a notification letter will be sent to all of your
contracts with the DoD that you have received a security violation on a
Government application
 Sharing JPAS accounts is PROHIBITED. JPAS accounts are unique to
only one person; there are NO company accounts. If you have a
company account, you need to STOP using it immediately
October 2011 -Page 39
JPAS PKI Frequently Asked Questions
 https://www.dmdc.osd.mil/psawebdocs/docRequest//filePathNm=PSA/appId=56
0/app_key_id=1559jsow24d/siteId=7/ediPnId=0/userId=public/fileNm=JPAS_PK
I_FAQs%2824AUG2011%29.pdf
PKI FAQs
 Section 1: General Questions
 Section 2: Common Access Card (CAC) and Public Key (PKI Enabling Questions
 Section 3: Technical Questions (when attempting to log on with a CAC/PIV)
 Section 4: Defining Terms for PK-Logon
 Section 5: List of Agencies who distribute PIVs to their employees
October 2011 -Page 40
SECURE WEB FINGERPRINT
TRANSMISSION (SWFT)
October 2011 -Page 41
Secure Web Fingerprint Transmission
(SWFT)
 SWFT is a secure web-based system that allows cleared contractors to
submit electronic fingerprints (eFPCs) to DSS for release to OPM based on
approval of a JPAS/e-QIP submission
 SWFT will reduce fingerprint rejection rates and eliminate delays
associated with mailing paper cards
 DSS launched full production of SWFT in August 2009
 SWFT transferred from DSS to DMDC in August 2010
 Approximately 25 cleared companies are already using SWFT
 In July 2010 a USD(I) memo came out directing DoD components to
transition to electronic fingerprint transmission in support of all
background investigations by 31 December 2013
 DSS will work in conjunction with industry, OPM, and other Government
entities to meet the 31 December 2013 implementation date
October 2011 -Page 42
SWFT Requirements
 You must have your FBI approved ten-print live scan systems or card
scanners; then you must obtain the DSS Configuration Guide from the
SWFT Coordinator.
1. Registration: All ten-print live scan and card equipment must be certified by
the FBI and registered with OPM.
2. Application Access: All SWFT users must complete a System Access Request
(SAR) form.
3. Testing: All ten-print live scan and card reader equipment must be tested with
OPM’s Store and Forward test server.
 There are many vendors who offer equipment to support the electronic
submission of electronic fingerprints
 Information on certified fingerprint systems may be found at
http://www.fbibiospecs.org/fbibiometric/iafis/default.aspx

SWFT website: https://www.dmdc.osd.mil/psawebdocs/docPage.jsp?p=SWFT
October 2011 -Page 43
How SWFT Works
Sites With e-print capability
 eFPCs are captured at the local facility, then saved and stored on a local hard drive

Click the LSMS icon and select “New” to begin process

Enter requested information (current date, personal/physical description)

Capture and save print images via Guardian e-print station

Log in to SWFT, locate prints you wish to upload and submit to DSS via Biometric Up loader

eFPCs are forwarded to the DSS store and forward server

DSS will receive prints electronically and will cross check with e-QIP and JPAS

DSS will forward ePFC to OPM

OPM will schedule and open the investigation
Sites with scanner capability

Capture prints using current/ink stamp system

Scan hard copy prints via approved scanner

Encrypt and e-mail prints to designated site

Designated site will convert to electronic file and forward to DSS
DSS
OPM
Sites without scanner capability

Capture prints using current/ink stamp system

Mail hard copy prints to Designated site

Designated site will scan and convert hard copy prints to electronic file

Designated site will upload and submit prints to DSS via Biometric Up loader
October 2011 -Page 44
Federal Information Processing Codes
(FIPC)
 When initiating Investigation Requests, indicate how fingerprint
cards will be submitted:
 Code 7 – indicates FPC not required
 Code I – indicates FPC electronic transmission*
 Code J – indicates FPC mailed
October 2011 -Page 45
JPAS Present and Future
JPAS Today
JPAS Future
Joint Access Management System
(JAMS)
Case Adjudication Tracking System
(CATS)
+
+
Joint Clearance Access Verification
System (JCAVS)
Joint Verification System (JVS)
=
=
Joint Personnel Adjudication Verification
System (JPAS)
Defense Information Systems Security
(DISS)
October 2011 -Page 46
CONTACT INFORMATION
October 2011 -Page 47
JPAS Industry Team
 The JPAS Industry Team was established in 2004 and consists of
representatives from the following companies:
 Boeing – Toni MacDonald
 CACI – Tanya Elliott
 L-3 Communications – Quinton Wilkes, Clyde Sayler
 Lockheed Martin – Wanda Walls
 Northrop Grumman – Rene Haley
 Raytheon – Susie Bryant
 SAIC – Carla Peters-Carr
 Schafer Corporation – Rhonda Peyton
October 2011 -Page 48
JPAS Industry Team Contact Info
Industry Team
PMOs
Education & Training
Sub Team
JPAS Industry
Sub Team
Quinton Wilkes – Team Lead
quinton.wilkes@L-3com.com
Toni MacDonald – Team Lead
renita.macdonald@boeing.com
Tanya Elliott – Team Lead
telliott@caci.com
Tanya Elliott
telliott@caci.com
Clyde Sayler
clyde.j.sayler@L-3com.com
Susie Bryant
smbryant@raytheon.com
Rhonda Peyton
rpeyton@schaferalb.com
Rene Haley
Rene.haley@ngc.com
Carla Peters-Carr
Carla.s.peters-carr@saic.com
Wanda Walls
wanda.walls@lmco.com
DoD Customer Call Center
888 282-7682
October 2011 -Page 49
Additional Contact Information
JPAS Industry PMOs
Quinton Wilkes
703-626-6187
quinton.wilkes@L-3com.com
Tanya Elliott
410-782-8108 (office)
telliott@caci.com
Army Account Managers
Denise Brannon, Army Functional Manager
Deborah.Brannon@us.army.mil
phone: 301.677.6374
DSN: 622.6374
Fax: 301.677.3128
DSN: 622.3128
Susan M Rogers, Army Primary Account Manager
Susan.M.Rogers@us.army.mil
phone: 301.677.7035
DSN: 622.7035
Air Force Account Managers
Mr. Charles Clemmer
charles.clemmer@pentagon.af.mil
202-767-0484
DSN: 297-0484
Navy Account Managers
Roxanne Chrisman, Navy JCAVS Program Manager
roxanne.chrisman@navy.mil
Phone:202-433-8869
DSN: 288-8869
Fax: 202-433-8849
Marine Corps Account Managers
Jill Baker, USMC Account Manager
Jill.Baker@usmc.mil
Phone: 703.692.0157
DSN: 222-0157
Fax: 703.614.6538
October 2011 -Page 50
October 2011 -Page 51
Download