JCAVS User Update

advertisement
NCMS
Capital Region Chapter
11 August 2010
Presented by:
Tanya Elliott
CACI
Procedures Governing Use of JPAS by Cleared
Contractors Defense Security Service – April 2007
 DSS will suspend the access of contractors that do not comply with these procedures or
violate the terms of user agreements

National Industrial Security Program Operating Manual (NISPOM) paragraph 2-200b states that “When the
CSA [Cognizant Security Agency] has designated a database as the system of record for contractor eligibility
and access, the contractor shall be responsible for annotating and maintaining the accuracy of their
employees’ access records. Specific procedures will be provided by the CSA.” The Department of Defense,
acting as a CSA, has designated the Joint Personnel Adjudication System (JPAS) as the DoD system of
record for contractor eligibility and access.

JPAS is a U.S. Government information system that contains official government records. The information in
JPAS must be protected from unauthorized disclosure and used only for authorized purposes. Contractors
may only use their JPAS accounts to manage the access records of their employees and consultants, and to
verify the access levels and affiliations (e.g., employee of ABC Company) of incoming visitors who require
access to classified information.

The following procedures are issued under the authority provided by NISPOM paragraph 2-200b. Contractors
shall follow these procedures when using JPAS and shall ensure that authorized users of JPAS have been
properly informed about these procedures and any other specific policies governing access to and use of
JPAS.
1. Contractors shall accurately maintain the JPAS records pertaining to their employees and consultants.
Contractors must expeditiously update these records when changes occur (e.g., termination of employment).
2. Contractors are prohibited from placing false information in JPAS, and DSS will seek appropriate sanctions
against contractors and contractor employees who knowingly place false information in JPAS.
Procedures Governing Use of JPAS by Cleared
Contractors Defense Security Service – April 2007
3.
DoD issues JPAS accounts exclusively for use by a specific contractor or corporate family of contractors.
Persons given access to JPAS as account holders may only use JPAS on behalf of the cleared contractor
or corporate family of contractors through which the account was issued. For example, an employee of
ABC Company holding a JPAS account issued through ABC Company and who works at a government
site is not authorized to use the contractor-granted account in support of the government customer. If
the government customer requires the contractor employee to review or update JPAS records on behalf
of the government customer, the government customer must provide the JPAS account for the contractor
employee to use.
4.
The JPAS account manager must be a company employee. The JPAS account manager cannot be a
subcontractor or consultant.
5.
Contractors may subcontract or obtain consultant support for administering security services. The using
contractor will provide a JPAS account to the subcontractor or consultant under the using contractor’s
Security Management Office (SMO) for the sole purpose of permitting the subcontractor or consultant to
provide security services for the using company. Subcontractors or consultants providing such security
services must be under the direct supervision of the using contractor’s FSO or FSO’s designee.
6.
Each individual accessing JPAS must have a separate and unique account created by the individual’s
JPAS account manager. The account manager must maintain a current record of every JPAS account
established.
7.
JPAS users may never share their user names, passwords, or other authentication information with any
other individual, including anyone who is a designee or an alternate to the account holder.
8.
Contractors must not allow any practices that include sharing user names, passwords, or other
authentication information, and must have policies in place that guard against such practices.
Contractors can establish JPAS accounts for additional users when a reasonable need exists.
Procedures Governing Use of JPAS by Cleared
Contractors Defense Security Service – April 2007
9.
Access to JPAS is only authorized by means of company or government-owned equipment with
appropriate security controls in place. JPAS users may not access their accounts from personal or home
computers.
10.
Contractors are not permitted to change an existing date notation in JPAS for the Classified Information
Nondisclosure Agreement (SF 312). Contractors must, however, input the date that the SF 312 was
signed when JPAS does not reflect a date.
11.
Contractors are authorized to verify prospective employees’ eligibility for access to classified information
in JPAS prior to an offer of employment being extended. However, contractors may not use JPAS for
recruiting purposes.
12.
While access to JPAS is only granted to contractors who have a legitimate need for such access in
support of classified work being performed for the Government, JPAS is not a classified system. DSS
will not grant a facility security clearance (FCL) for the sole purpose of allowing a company or its
employees to gain access to JPAS.
13.
Any contractor with JPAS access that becomes aware of a violation of these procedures shall
immediately report the nature of the violation, the names of the responsible parties, and a description of
remedial action taken, to the servicing DSS Industrial Security Representative.
NOTE: Violations of the procedures may lead DSS to suspend or withdraw JPAS access, terminate the JPAS
account, or exclude culpable companies or persons from access to JPAS for a specified or indefinite
period. DSS will also refer information concerning violations of these procedures to other federal
agencies for consideration of administrative, civil or criminal sanctions when circumstances warrant.
JPAS Training - JPAS/JCAVS Virtual Training for
Security Professionals
 Course Title:
JPAS/JCAVS VIRTUAL TRAINING FOR SECURITY PROFESSIONALS
 Course Description:
JPAS/JCAVS Virtual Training for Security Professionals provides an overview of the
Joint Personnel Adjudication System (JPAS) and a detailed explanation of its
subsystem, the Joint Clearance and Access Verification System (JCAVS) used
extensively by DoD Personnel Security Managers (PSMs) and contractor Facility
Security Officers (FSOs) for eligibility and investigation verification. The course is
formatted to include demonstration followed by knowledge checks and practical
exercises. Participants will complete task in a virtual JPAS environment and
navigate various windows and practice specific actions to perform desired
functions.
 Link to ENROL:
The following link will take you to the Defense Security Service (DSS) ENROL
system: https://enrol.dss.mil/enrol/lang-default/SYS_login.asp. where you can
register for the course or create a new account.
Personally Identifiable Information (PII) – DSS
Requirement
Training Requirement as of August 2008:
 All personnel, DoD employees and on/off-site contractors, accessing DSS Systems containing
PII (JPAS, ISFD, DCII, ENROL, and SWFT) are required to complete the "Personally Identifiable
Information (PII)" eLearning course. Defense Information Systems Agency (DISA) produced this
training to ensure that all personnel accessing PII are adequately trained for handling PII and
reporting any theft, loss, or compromise of this information. The course also provides a basic
level of understanding of current DoD PII-related information security principles and
requirements.
 The following link will take you to the Defense Security Service (DSS) ENROL system:
https://enrol.dss.mil/enrol/lang-default/SYS_login.asp. where you can register for the course or
create a new account.
 The following file: "access_pii_course.pdf" contains instructions on how to register and start the
PII course.
 For additional information regarding an ENROL account, contact the DoD Security Service
Center, 1-888-282-7682, occ.cust.serv@dss.mil; for information about the course content contact
IA/CND at DSSIACND@dss.mil
Release of JPAS Records ISL 2010-01 #5
 (NISPOM 6-104a) Release of JPAS records
JPAS, as a U.S. Government information system, contains official government
records. The information in JPAS must be protected from unauthorized
disclosure and used only for authorized purposes. Contractor personnel may
only use their JPAS accounts to manage the access records of their
company’s employees and consultants, and to verify the access levels and
employment affiliations of incoming visitors who require access to classified
information. Contractor personnel are not authorized to, and may not, release
printed or electronic copies of JPAS records to any person or entity. The
appropriate U.S. Government release authority (commonly in an agency
Privacy Act Office) is responsible for making release decisions regarding all
JPAS records in accordance with the Privacy Act of 1974.
 Update - further clarification and guidance:
At a recent DSS Stakeholders meeting the issue of the ISL 2010-01 #5
regarding the restrictions for the release of JPAS records was
addressed. DSS leadership and Policy personnel have acknowledged that
additional research and coordination within the US Government is needed on
this item. Therefore, in coordination with DSS, and as a temporary measure,
industry may continue to use JPAS records when requested or required by
any US Government customer for personnel security related processing.
Foreign Passport Disposition
 DISCO will not grant or continue a personnel clearance if the
individual possesses a current foreign passport
 If the FSO accepts a surrendered passport and returns it while it is
still current, you must submit an incident report with details
concerning the return of the passport
 Reasons for the return of the passport should be provided in the
incident report
 An incident report must be submitted if the passport is returned at
the time of the individual's employment termination
See DSS News dated: 11/20/09 “Foreign Passport Disposition Influences Personnel
Clearance Eligibility” or click the following link: http://www.dss.mil/diss/jpas/jpas.html
PRs for Cleared NISP Contractors (eftv 6/9/10)
 DISCO will identify and notify NISP cleared contractor facilities of cleared
personnel who are eligible or overdue for a periodic reinvestigation (PR).
 Eligibility for a PR is contingent upon the access level and the closed date
of the investigation.
 Once a cleared contractor facility is notified a PR is due, the contractor
facility will have 60 days to submit the SF-86 to DISCO via JPAS.
 If the information is not received in 60 days, DISCO will assume the
clearance is no longer required, remove the clearance eligibility and send
notification to the FSO that the eligibility was withdrawn due to failure to
submit the requested forms.
 If the cleared contractor facility identifies that the individual still requires a
clearance after the eligibility has been withdrawn, the clearance eligibility
will be reinstated upon submission of the required information. Access to
classified information is not valid during the period that the eligibility is
withdrawn until DISCO reinstates the clearance eligibility.
PSM Net Validation
 From the Main Menu select “PSM Net”
 Will take you to JCAVS Maintain PSM Net Screen
 Select “Person Categories by Organization”
 Click “Add” - Will take you to PSM Net Add Organization Category
 Hit “Select Organization” - Will take you to organization search
 Select DoD Contractor Companies
 Enter your cage code (plus *) in last box
 Click “Search” – selected cage will show up
 Click blue link indicating cage code; company name will move to top line
 Click “OK” – Will take you back to “PSM Net Add Org…”
 Click “Search”
 Search result will indicate all persons associated with your cage that are not in your
PSM Net
 Determine if each person listed should be in your PSM Net
 If Yes – In-process and indoctrinate
 If No – In-process and out-process using the same date; then go to Maintain Person
screen and enter separation date and separation code. At midnight the person will
drop out of your PSM Net and will no longer be associated with your Cage
Report Types
 Act PC-Access/No PSM Net - Lists organizations that have a Person Category for a subject without a
PSM Net relationship owned or serviced
 Inv Rqst by Duty Pos - This report indicates all Investigation Requests currently in your PSM Net by
Duty Position.
 Non-SCI Totals - List of all Non-SCI Access’s, for owned and or serviced Person Categories in your
PSM Net or subordinate organization.
 Periodic Reinvest - List of Personnel within your PSM Net or subordinate organization whose
investigation may be out-of-scope and may require a Periodic Reinvestigation
 Personnel - Detailed list of Personnel in your PSM Net and or subordinate organization, including
access, eligibility and investigation information.
 PSM Net Personnel - Abbreviated list of all personnel in your PSM Net or subordinate organization.
 SMO-No PSM Net - Retrieve information regarding SMOs in your hierarchy that have not established a
PSM Net.
 SMO-No Users - Retrieve information regarding SMOs in your hierarchy that have established their
SMO but have no Personnel with an Owning or Servicing relationship in their PSM Net.
 SMO-PC-No Access - Retrieve information regarding SMOs in your hierarchy that have established
their PSM Net but don’t have an access indoctrinated for a Person Category.
 Suspense - Retrieves information regarding Suspense information the JCAVS user created from a
subject’s Person Summery screen / Suspense Data link.
 Suspensions - Information regarding Suspensions (eligibility and/or Access) for personnel in your
PSM Net and or subordinate organization.
Additional Information Request

When requested by DISCO to submit an updated SF 86 (due to an
incident report or anything other than a PR):

Contract numbers are not required for these requests. It is
acceptable to indicate: “To Satisfy Official requirements” in the
Contract Number box

The Investigation Request should be annotated as "Initial"
Changes to Investigation Request
346W
Extra Coverage/Advance Results
 Extra Coverage/Advance Results
 DISCO will complete prior to submission
of eQIP to OPM – Not for Industry Use
 If system determines the request to be a
PR, the extra coverage code ‘R’ is prepopulated and cannot be removed
Federal Information Processing Codes (FIPC)
 Federal Information Processing Codes (FIPC)
 Indicate if fingerprint cards will be submitted and how
 Code 7 – indicates FPC not required
 Code I – indicates FPC electronic transmission*
 Code J – indicates FPC mailed
*SWFT = Secure Web Fingerprint Transmission
Release Investigation Request (old)
 Employee must complete
Steps One thru Three in
order to complete the eQIP
Process
Print copy for file
Print signature pages – will be faxed to JPAS
repository or scanned and uploaded into JPAS
Transmit to Agency – will go back to requesting office
Update to Release Investigation Request (new)
eQIP Direct for Industry















New SF86 effective 1 January 2011
eQIP investigation requests will no longer be initiated via JPAS
All requests initiated in JPAS must be completed prior to 1 Jan ’11
No old forms will be accepted
Additional drop downs for yes/no questions (can yield up to 447 qs)
New form should address all concerned (even some 3 letter agencies)
Everyone within federal govt will have to transfer to eQIP Direct, not just DoD
No Interims will be granted until NAC portion of FPC has been conducted
Everyone with CAC card will be required to use it; must have CAC reader
DMDC will require everyone to have some type of secure communication: Personal Identity Verification
(PIV), Public Key Infrastructure (PKI) encryption or authentication
Account Management functions will be limited, permissions need to be defined/established
DISCO will approve eQIP for Industry and forward to OPM
eQIP actions will be time stamped and can be seen from start to finish
The DoD Call Center not able to fully assist e-QIP users initiated via e-QIP Direct; e-QIP Direct does not
interface with JPAS
Call Center can not view eQIP, can not reset golden questions
 Users should contact appropriate military agency or unit security manager or officer for assistance.
E-QIP Training - Virtual Training for Security
Professionals (3/4/10)

Online e-QIP Training:

Provides high-level overview of the purpose, history, and
benefits of the e-QIP system.

Includes instruction for accessing and navigating in e-QIP.

Introduces various e-QIP end-user roles and responsibilities,
and identifies the tasks involved in initiating, reviewing, and
approving investigation requests.

Delivers solutions to common applicant issues and includes
walkthroughs with knowledge checks and practical exercises
and tasks completed in a virtual e-QIP environment.

To register for this training, visit the ENROL Web site at
https://enrol.dss.mil/enrol/lang-default/SYS_login.asp.
Secure Web Fingerprint Transmission (SWFT)
 SWFT is a secure web-based system that allows cleared contractors to
submit electronic fingerprints (eFPCs) and demographic information to
DSS.
 Cleared contractors can transmit eFPCs to DSS for release to OPM based
on the approval of a JPAS/e-QIP submission by DISCO.
 Cleared contractors can upload fingerprint files to the SWFT website.
 The website will conduct a virus scan of the uploaded files prior to
sending them to the SWFT Store and Forward server.
 Fingerprint files will be matched against approved e-QIP submissions
and automatically forwarded to OPM and then on to FBI.
 DSS accepting additional cleared contractors as of 3 August 2009.
 SWFT NOT mandatory, but highly recommended.
For additional info, see SWFT website: http://www.dss.mil/diss/swft.html
How SWFT Works
Sites With e-print capability
 eFPCs are captured at the local facility, then saved and stored on a local hard drive

Click the LSMS icon and select “New” to begin process

Enter requested information (current date, personal/physical description)

Capture and save print images via Guardian e-print station

Log in to SWFT, locate prints you wish to upload and submit to DSS via Biometric Up loader
Sites with scanner capability

Capture prints using current/ink stamp system

Scan hard copy prints via approved scanner

Encrypt and e-mail prints to designated site

Designated site will convert to electronic file and forward to DSS
Sites without scanner capability

Capture prints using current/ink stamp system

Mail hard copy prints to Designated site

Designated site will scan and convert hard copy prints to electronic file

Designated site will upload and submit prints to DSS via Biometric Up loader
DSS
OPM
eFPCs are forwarded to the DSS store and forward server

DSS will receive prints electronically and will cross check with e-QIP and JPAS

DSS will forward ePFC to OPM

OPM will schedule and open the investigation
JPAS Today
JAMS + JCAVS = JPAS
Defense Security Services (DSS)
Joint
Adjudication
Management
System
Used exclusively by
CAFs for tracking
adjudication actions
and clearance results
+
Joint
Clearance
Access
Verification
System
Used by security to
indoctrinate eligibility
information
=
Joint
Personnel
Adjudication
System
Provides “real-time”
information regarding
eligibility access and
investigation status
Transition from DSS to Defense Manpower Data
Center (DMDC) eftv 21 June 2010
 DMDC serves under the Office of the Secretary of Defense to collate
personnel, manpower, training, financial, and other data for the
Department of Defense.
 IT Systems to transfer to DMDC: JPAS, DCII, SWFT, IRR
 New URL for JPAS: https://jpasapp.dmdc.osd.mil/JPAS/JPASDisclosure
 New DMDC Web Page will display October 2010 and will allow the
following log-in options:
 Military/Civilian:
 Dual Login Option – Password or CAC Card
 Industry:
 Password (If current password does not meet regulations, change
requirement will be enforced)
 Additional information will be posted on DSS (www.dss.mil) and DMDC
(www.dmdc.osd.mil) as it becomes available.
JPAS Future
CATS + JVS = DISS
Business Transformation Agency (BTA)
Case
Adjudication
Tracking
System
Used exclusively by
CAFs for tracking
adjudication actions
and clearance results
Joint
Verification
System
=
+
Used by security to
indoctrinate eligibility
information
Defense
Information
Systems
Security
Provides “real-time”
information regarding
eligibility access and
investigation status
Why the New System?
 JPAS was built in early 2000 and the software is not
compatible with systems currently used by BTA (CATS,
eQIP by Design)
 JPAS was initially built for the Govt. and was not
Industry specific
 JPAS was initially built to host ~45,000 users, but is
currently hosting over 100,000 users, which far exceeds
the initial capacity
 JPAS is very difficult and expensive to update
 New system being built from scratch
Business Transformation Agency (BTA)
 Established October 2005
 Specifically responsible as a corporate-level service organization
for the DoD, accountable for successful definition and execution of
DoD-wide business improvement initiatives and system
investments
 The BTA Mission is: to guide transformation of business
operations throughout the Department of Defense and to deliver
Enterprise-level capabilities that align to Warfighter needs
Case Adjudication Tracking System (CATS)
 CATS is the case management system that allows electronic
transmission of investigative reports from the Office of Personnel
Management to DISCO
 DISCO will use CATS to adjudicate electronic investigations, and
CATS will update JPAS
 CATS has been deployed to Army, DISCO, Navy
 CATS is in process of deploying to WHS and AF
JVS
 JVS will provide the following benefits:
 Continuous Evaluation/Incident Event Trigger Report working
with ACES
 Will provide SMOs a more robust work management tool
 Will be able to leverage capabilities of other DISS systems to
create a specialty management tool combining, tracking, and
evaluating the information provided by CATS and ACES
 Enterprise Services will be deployed with JVS
 Portal
 Workflow
 Document Management
JVS Requirements
 Overarching requirements completed in Dec ’09
 Industry PMOs met with BTA and provided detailed guidance on
JCAVS Use Cases (industry processes and procedures)
 Working group sessions with JPAS user community to elicit
system requirements
 Review, update and define security management process
models
 Validate individual JVS Use Cases
 Follow-up ‘playback sessions’ that allow JVS stakeholder
community to provide input
JVS Initial Capabilities Identified
 JVS will provide current JCAVS functionality
 Additional requirements identified:
 Mass personnel updates
 Electronic document transmission
 Notifications, messaging, and correspondence
 Robust reporting and business intelligence
 Federated search
 Clearance tracker
 Digital signature
 Excel based queries
JVS Use Cases Discussed
 Access Subject Record
 Allows Security Officer to request a Subject's record via certain selection criteria and returns screens and data as
appropriate to the Security Officer's relationship to the Subject .
 Grant Non-SCI/SCI Access
 System shall prevent a Subject from being Indoctrinated into an access higher than the Organization Clearance
level based
 System shall notify the servicing Security Officer when a Subject's access is granted or removed for a particular
Person Category
 System shall allow a Security Officer to send a request that another Security Officer grant access for a Subject's
Person Category if the Subject is transferring to a new Security Office.
 Create Subject Record
 System shall automatically populate a Subject's record when a Personnel Security Questionnaire (PSQ) is sent
based on Electronic Questionnaires for Investigation Processing (e-QIP) as designed.
 Remove Subject Relationship
 System shall ensure that Subjects have completed access removal/debriefing prior to out-processing.
 Establish Subject Relationship
 There can only be one Owning Security Officer per Person Category for a Subject.
 In the instance where a Subject already has an existing Owning Relationship in a Person Category, the existing
Owner must manually remove the Subject Relationship before another Owning relationship can be taken.
JVS Use Cases to be Discussed
 Deactivating Person Categories
 Adding/Creating/Deactivating SMOs
 Reactivating a SMO
 Granting/Removing access to DISS
 Security Officer Permissions
 Mass Personnel Changes
 Incident Reporting
 Managing PRs
 Visits
 Initiating Investigation Requests
 Notifications
 Reports – Predefined and Ad-Hoc
Defense Information System for Security (DISS)
 DISS will replace JPAS and incorporate Enterprise Services
 CATS will replace JAMS
 JVS will replace JCAVS
 DISS will be used to implement Joint Reform Team (JRT) principles
within DoD
 Validate Need for hiring and clearance requests
 Automated Records Check (utilizing both govt and commercial data)
 Enhanced Subject Interview (in-depth interviews based on application
information and results of ARC)
 Continuous Evaluation (utilize ARC annually for TS/SCI, once every 5
years for S)
 Automatic Continuous Evaluation Check (ACES) is in pilot status;
will provide Automatic Records Check (ARC) services
 DISS will be a single point of entry for the DoD security process
Transition Status
 JAMS Migration to CATS:
In process
Q3 – Q4 2009
 Phase 1: Requirement Gathering:
 Phase 2: Design and Development:
Q3 2010 – Q4 2011
 Phase 3: New System Deployment:
Q1 – Q2 2012
Phase 1
DISS
JPAS
Phase 2
JPAS
Phase 3
DISS
DISS
JPAS
Migrate
Users
JAMS
CATS
JAMS
CATS
CATS
JAMS
Migrate
Users
JCAVS
JCAVS
 Working with DMDC to decommission JPAS by April 2012
JCAVS
New Sys
Successful Implementation of DISS
 Ensure only those positions that require a clearance are submitted
 Provide near real-time security clearance investigative and
adjudicative information
 Support efficient and effective resourcing and management of
security clearance requirements
 Support compliance with DoD security clearance policies
 Provide timely and consistent information that will allow decisionmakers to make sound security clearance decisions
Working Group Participants
AGENCY
 AF
 DMEA
 Army
 DoDEA
 BTA/JRT
 DoDIG
 DCAA
 DSS
 DCMA
 DTRA
 DeCS
 Joint Staff
 DFAS
 Navy
 DIA
 NGA
 DISA
 NSA
 DISCO
 OIG
 DLA
 USD(I)
 DMDC
 WHS
INDUSTRY
 NISPPAC Reps
214 Validated JCAVS Use Case
Requirements
+ 63 New Requirements
277 Initial JVS Requirements
JPAS Industry Team Members
Industry Team
Education & Training
Sub Team
JPAS Industry
Sub Team
Quinton Wilkes – Team Lead
quinton.wilkes@L-3com.com
Toni MacDonald – Team Lead
renita.macdonald@boeing.com
Tanya Elliott – Team Lead
telliott@caci.com
Tanya Elliott
telliott@caci.com
Wanda Walls
wanda.walls@lmco.com
Susie Bryant
smbryant@raytheon.com
Toni MacDonald
renita.macdonald@boeing.com
Clyde Sayler
clyde.j.sayler@L-3com.com
Rene Haley
Rene.haley@ngc.com
Rhonda Peyton
rpeyton@schaferalb.com
Carla Peters-Carr
CARLA.S.PETERS-CARR@saic.com
Customer Call Center
888 282-7682
Download