JPAS Industry Sub Team - NCMS
Download
Report
Transcript JPAS Industry Sub Team - NCMS
Toni MacDonald – Boeing
Presented to:
NCMS - Channel Islands Chapter
19 October 2011
October 2011 -Page 1
DISCO Relocation
Defense Industrial Security Clearance Office (DISCO) has moved from
Columbus, OH to Ft. Meade, MD – effective August 1, 2011
Nondisclosure Agreements (SF 312) should be forwarded to the new mailing
address for DISCO below:
Defense Security Service
Defense Industrial Security Clearance Office (DISCO)
Attention: Document Preparation Office
600 10th Street
Fort George G. Meade, MD 20755-5131
October 2011 -Page 2
ENROL/STEPP
ENROL is now known as STEPP - Security Training, Education and
Professionalization Portal
URL: http://www.dss.mil/diss/enrol-intro.html
October 2011 -Page 3
Training
JPAS Training for Security Professionals – Course No. PS123.16 (8 hr web-based)
All JPAS documentation will be removed from the DSS website. It will only be
available in the tutorial within JPAS
DSS Personally Identifiable Information (PII) – Course No. DS-IF101.06 (45 min webbased)
eQIP – Multiple courses to include: Initiating, Managing, Reviewing, and Solutions to
Common Issues
Industrial Security Facility Database (ISFD) – Course No. IS111.06 (5 hr web-based)
Link to STEPP: The following link will take you to the Defense Security Service (DSS)
STEPP system: https://stepp.dss.mil/SelfRegistration/Login where you can register for the
courses or create a new account.
For additional information regarding a STEPP account, contact the DoD Security Service
Center, 1-888-282-7682, [email protected]; for information about the course content
contact IA/CND at [email protected]
October 2011 -Page 4
JPAS Websites via DMDC
www.dmdc.osd.mil/psawebdocs (DMDC Home Page)
https://jpasapp.dmdc.osd.mil/JPAS/JPASDisclosure
October 2011 -Page 5
User Profile Screen (4/2/11)
JPAS User Profile screen allows JPAS users to view and edit their own
personal identification, security management office (SMO), and contact
information
The JPAS User Profile screen is displayed the first time the user gains
access to JPAS by category/level and every six months thereafter
October 2011 -Page 6
Signature Pages
Fax Server disabled May 2011
JPAS users should use the Scan and Upload method to submit
signature pages:
SF86 Certification
Authorization for Release of Information, and/or
Authorization for Release of Medical Information (when applicable)
Fair Credit Reporting (new form eftv 8/11)
All documents must bear the appropriate OPM Request ID Number.
All uploaded documents must be in .pdf format and cannot be larger
than 1 mg.
October 2011 -Page 7
Required Signature Pages
Certification Page
Required
Authorization for Release of Information
Required
Fair Credit Reporting
Required for submissions with 2010 SF86
October 2011 -Page 8
Additional Signature Page
Medical Release
Required only if subj answers “Yes” to #21
October 2011 -Page 9
Log-in Changes
Prior to JPAS Release 4.3.0.0, JPAS users could log-in using:
User ID and password or
Common Access Card (CAC)
As of 27 August 2011, In addition to the above, users can log-in using
either of the following methods:
A Federal Agency PIV card
A Medium Token Assurance or Medium Hardware Assurance Public Key
Infrastructure (PKI) smart
A DoD-approved PKI certificate on a corporate smart card
A PIV-Interoperable (PIV-I) smart card from a DoD-approved PIV-I smart
card provider
Note: JPAS will not enforce the use of any particular log-in method.
October 2011 -Page 10
CHANGES TO INVESTIGATION
REQUESTS
October 2011 -Page 11
Prime Contract Numbers
Removed the Prime Contract Number field from the Determine Investigation
Type section of the Determine Initiation Scope screen
Prime Contract Number and Cage Code fields are displayed in the Initiation
Scope sections of the Determine Investigation Scope screen
No more than 30 characters (must be alphanumeric for 2010 SF86 investigation requests) no dashes, no spaces
October 2011 -Page 12
Extra Coverage / FIPC
Code 7 – indicates FPC not required
Code I – indicates FPC electronic transmission
Code J – indicates FPC mailed (must be mailed within 14 days) to:
Investigative Request Rapid Response Team
OPM-FIPC
PO Box 618
Boyers, PA 16020-0618
October 2011 -Page 13
Additional Request Info
Enter Requester e-mail and phone number
Include Secondary Requesting Official and phone number
October 2011 -Page 14
Deployment/Change of Station
Added the Deployment/Permanent Change of Station sub-section to
Entering data into these fields is optional, but if data is entered, all of the
related fields are required with the exception of the Point of Contact at Location
and Phone fields
October 2011 -Page 15
Investigation Request Status
Mandatory Release Forms: Fair Credit, SF86 Cert, Info Release
Ensure box is checked for all mandatory forms
All forms must be attached before you can submit to DISCO
October 2011 -Page 16
Document Review
Fax Server disabled – all documents muse be scanned and uploaded
Document History shows which signature page has been uploaded and
when it was uploaded
October 2011 -Page 17
Nda Forms
(09/09/11) Organizational Information Required on an SF312
As of Oct. 1, 2011, the Defense Industrial Security Clearance Office will no
longer accept an SF312, Classified Information Nondisclosure Agreement,
without the organizational information (located in block 11). Please ensure all
required blocks are complete or the SF312 will be considered incomplete and
returned for correction.
October 2011 -Page 18
2010 SF86 FORM - CHANGES
October 2011 -Page 19
New 2010 SF 86 Form
The 2010 SF86 form will be the default for investigation requests initiated after
29 August 2011
Investigation requests initiated prior to August 29 will use the 2008 SF86 even if the
form is returned for additional information
Access to the investigation request functionality via JPAS remains the same
JCAVS User Levels remain the same: Levels 2 – 6
Various changes made within JPAS investigation request functionality to
accommodate the new SF86 form
New signature page “Fair Credit Reporting Disclosure” is required for all 2010 SF86
submissions
Branching questions allow applicants to provide more detailed information about their
background
A new Navigation screen replaces the navigation drop down menu. You can select
sections of the form from the drop down menu at the top of the screen, and then
navigate to various sub sections
Employee information from the old SF86 is expected to migrate to the new form
October 2011 -Page 20
Some of the Changes
Average completion time approx 150 min vs. 120 min
The employee must read Agreement and answer “Yes” before they will be allowed to
move on. If they answer “No” they will get an error message
State and country of birth is required, even if born in US
Passport information is required if employee possesses a US passport
Additional citizenship information required if born abroad, if naturalized citizen, or if “Not a
US citizen” is selected
Ten years of history required for where you have lived, regardless of investigation type
Must list point of contact if you attended school within past 3 years
Additional selections for employment activities
Two separate screens for Selective Service Record
Detailed information required for Military History
Additional entries for People who Know you Well
Additional information required for Marital Status; detailed information required if Annulled,
Divorced, or Widowed
October 2011 -Page 21
Some of the Changes (cont)
Must select checkbox for all relatives that apply, if “married is checked, must
check mother-in-law and father-in-law before you can move forward
Other names used by relatives is required, as well as dates used and why name
is used
Additional information required for Foreign Contacts, Foreign Activity and
Foreign Travel
Police Records Questions have been combined – “YES” requires additional
information
Investigations and Clearance questions will be asked individually, “Yes”
requires additional information
More specific questions are asked on Financial Records
Non-Criminal Court Actions require 10 years history vs. 7
Employees will have to log in with SSN and will have to add SSN to bottom of
each signature page
October 2011 -Page 22
SF86 Reference Material
The Center for Development of Security Excellence (CDSE) has developed online reference material for JPAS users to help them become familiar with using
the new 2010 SF 86.
The following links are provided by CDSE on the
Security-Related Brochures and Guides
Quick Reference Guide (QRG) for the Newly Updated SF-86
Provides overview, types of information, detailed section review and
references, including the printable form
Applicant Tips for Successful e-QIP
How to avoid common mistakes
http://www.dss.mil/seta/security_brochures_and_guides.html
PDF (writeable) version is available on OPM’s website (127 pages)
October 2011 -Page 23
Reports FAQs
Cognos is that software program that generates JPAS reports.
1. I receive a Cognos screen asking for a userid and password when I try to run
reports. When I enter my JPAS userid and password, I continue to receive an
error. What should I do?
Send e-mail to DoD Service Center indicating “Userid not recognized by
report server”
2. How do I convert a Comma Separated Values (.CSV) file into an Excel
spreadsheet?
3. Will my connection with JPAS timeout while I am running reports?
4. How do I convert an Excel spreadsheet into a .PDF file?
5. I am using Internet Explorer and my report is not displaying, how do I correct
this?
https://www.dmdc.osd.mil/psawebdocs/docRequest//filePathNm=PSA/appId=560/app_key_id=1559jsow24d/siteId=7/ediP
nId=0/userId=public/fileNm=JPAS_Reports_FAQs+%2809262011%29.pdf
October 2011 -Page 24
JPAS PKI IMPLEMENTATION
October 2011 -Page 25
Approved Vendors
DoD ECA currently approved vendors:
IdenTrust, Inc.
Web Site: http://www.identrust.com/certificates/eca/index.html
Email: [email protected]
Phone: 888.882.1104
Operational Research Consultants, Inc
Web Site: http://www.eca.orc.com/
Email: [email protected]
Phone: 800.816.5548
VeriSign, Inc.
Web Site: https://eca.verisign.com/
Email: [email protected]
October 2011 -Page 26
JPAS Logon Methods
Important Dates
CAC-enabled JPAS deployed January 2011
PKI-enabled JPAS deployed August 2011
Username and password will be removed January 2012
PKI Logon Methods authorized for access
The DoD CAC
Personal Identity Verification (PIV) cards
Medium Token Assurance or Medium Hardware Assurance PKI
certificate on a smartcard issued via the External Certification
Authority (ECA) PKI Program
Regardless of logon method, access to JPAS will be validated
JPAS user ID/password must be valid and active
October 2011 -Page 27
Logging in with PKI Cert
Select CAC/PIV Log in
Hit Return key and you will end up at the Self-Registration Screen
October 2011 -Page 28
PKI Self Registration
Self Registration
Each user will be required to register their own certificates
JPAS will display a new Self Registration page to allow users to
associate their Non-CAC (PIV, PIV-I or smart card) to their active
JPAS user ID and password
JPAS will store user ID association to only one Non-CAC at a time
JPAS will only present this page to users whose Non-CAC is not
already stored in JPAS
Detailed error messages will be presented to the user if problems are
encountered during the log-in process
October 2011 -Page 29
PKI Self Registration Screen
October 2011 -Page 30
Confirming PKI Certificate Info
You will be asked to confirm your certificate
You will be asked to enter your passcode
Once you enter passcode you will be logged in to JPAS
October 2011 -Page 31
When using your PKI smartcard…
The system will not:
Require a user to change the password
Check for a password expiration date
Display the countdown of password expiration
Lock the JPAS user account for unsuccessful log-in attempts
Regardless of log-in method, JPAS authorization processing remains
the same. JPAS will determine the user’s access rights based on the
access rights assigned to the user ID.
User id/passwords will be removed in January 2012
October 2011 -Page 32
JPAS Inactivity
Users will be required to log in at least once every 60 days or their
account will become inactive and locked
If a user does not login within 90 days, their account will be
terminated in accordance with DoD regulations
The process to request an account will start over with submitting a
new SAR and obtaining management approval
October 2011 -Page 33
Technical Support
For assistance with JPAS PKI login issues, contact your local IT support or the
vendor who issued your certificate
The DoD Call Center cannot provide PKI technical support or troubleshooting
There is a PKI Technical Troubleshooting Guide available on DMDC website:
https://www.dmdc.osd.mil/psawebdocs/docPage.jsp?p=JPAS
If you still have issues and have exhausted all possibilities, submit e-mail to:
[email protected]
Be sure to include the following information in your e-mail:
Your First and Last Name
JPAS User Account ID. (Do not send the password or your SSN)
A detailed description of what you have tried using the techniques above and the errors (if any)
for each technique
Operating system and web browser that is being used
Type of certificate you are using
The digital certificate export (see here for more information)
They will NOT respond to those that have not tried all steps.
October 2011 -Page 34
Audit Capabilities
JPAS will audit data inserted, updated, or deleted within select tables in
the JPAS database. This change provides a means to track data
changes at the field level for any JPAS table that contains the field
'lastUpdatedBy‘
Changes made within a text field will not be captured during this phase
of auditing
JPAS will retain audit log data for up to one year
Security Manager/FSO can request copy of audit log from DMDC via
appropriate PMO
October 2011 -Page 35
Common Access Card (CAC)
The Common Access Card (CAC) is a United States Department of
Defense (DoD) smart card issued as standard identification for activeduty military personnel, reserve personnel, civilian employees, other
non-DoD government employees, state employees of the National
Guard, and eligible contractor personnel.
Not all of DoD Industry personnel are eligible for CAC
October 2011 -Page 36
Who qualifies for a CAC?
Active Duty service members
DoD civilian employees
DoD contractors that are under DoD contract and sponsored by a
DoD Service or Agency
DoD Contractors may obtain CACs if their government sponsor
deems it necessary and fulfill one of the three requirements:
1. Be active duty, reservist, or a DOD civilian
2. The user must work on site at a military or government
installation
3. User is a DoD contractor that works on GFE equipment
October 2011 -Page 37
I have a CAC card, do I still need PKI?
If an active duty/reservist/DOD civilian is issued a CAC, can they use
their CAC if they are in JPAS in a different role (e.g. contractor)? E.g.
John Smith is a security consultant for ABC Company part-time. John
uses his government issued CAC to access JPAS for the work he's
performing for ABC Company. Is this an authorized use of the CAC as
many users will fall under this category?
a. The use of a Military/Civilian CAC in the performance of an Industry role is
against DoD Policy and will be considered misuse of Government property.
Please see the Federal Code of Regulations § 2635.704-Use of Government
property.
(a) Standard. An employee has a duty to protect and conserve Government
property and shall not use such property, or allow its use, for other than
authorized purposes.
October 2011 -Page 38
Sharing Accounts
Sharing USB Tokens, smartcards, and username/password is a violation
of DoD Regulations, NISPOM, and the Privacy Act of 1974
If you share any of these items, your account will be terminated
If you are in Industry, a notification letter will be sent to all of your
contracts with the DoD that you have received a security violation on a
Government application
Sharing JPAS accounts is PROHIBITED. JPAS accounts are unique to
only one person; there are NO company accounts. If you have a
company account, you need to STOP using it immediately
October 2011 -Page 39
JPAS PKI Frequently Asked Questions
https://www.dmdc.osd.mil/psawebdocs/docRequest//filePathNm=PSA/appId=56
0/app_key_id=1559jsow24d/siteId=7/ediPnId=0/userId=public/fileNm=JPAS_PK
I_FAQs%2824AUG2011%29.pdf
PKI FAQs
Section 1: General Questions
Section 2: Common Access Card (CAC) and Public Key (PKI Enabling Questions
Section 3: Technical Questions (when attempting to log on with a CAC/PIV)
Section 4: Defining Terms for PK-Logon
Section 5: List of Agencies who distribute PIVs to their employees
October 2011 -Page 40
SECURE WEB FINGERPRINT
TRANSMISSION (SWFT)
October 2011 -Page 41
Secure Web Fingerprint Transmission
(SWFT)
SWFT is a secure web-based system that allows cleared contractors to
submit electronic fingerprints (eFPCs) to DSS for release to OPM based on
approval of a JPAS/e-QIP submission
SWFT will reduce fingerprint rejection rates and eliminate delays
associated with mailing paper cards
DSS launched full production of SWFT in August 2009
SWFT transferred from DSS to DMDC in August 2010
Approximately 25 cleared companies are already using SWFT
In July 2010 a USD(I) memo came out directing DoD components to
transition to electronic fingerprint transmission in support of all
background investigations by 31 December 2013
DSS will work in conjunction with industry, OPM, and other Government
entities to meet the 31 December 2013 implementation date
October 2011 -Page 42
SWFT Requirements
You must have your FBI approved ten-print live scan systems or card
scanners; then you must obtain the DSS Configuration Guide from the
SWFT Coordinator.
1. Registration: All ten-print live scan and card equipment must be certified by
the FBI and registered with OPM.
2. Application Access: All SWFT users must complete a System Access Request
(SAR) form.
3. Testing: All ten-print live scan and card reader equipment must be tested with
OPM’s Store and Forward test server.
There are many vendors who offer equipment to support the electronic
submission of electronic fingerprints
Information on certified fingerprint systems may be found at
http://www.fbibiospecs.org/fbibiometric/iafis/default.aspx
SWFT website: https://www.dmdc.osd.mil/psawebdocs/docPage.jsp?p=SWFT
October 2011 -Page 43
How SWFT Works
Sites With e-print capability
eFPCs are captured at the local facility, then saved and stored on a local hard drive
Click the LSMS icon and select “New” to begin process
Enter requested information (current date, personal/physical description)
Capture and save print images via Guardian e-print station
Log in to SWFT, locate prints you wish to upload and submit to DSS via Biometric Up loader
eFPCs are forwarded to the DSS store and forward server
DSS will receive prints electronically and will cross check with e-QIP and JPAS
DSS will forward ePFC to OPM
OPM will schedule and open the investigation
Sites with scanner capability
Capture prints using current/ink stamp system
Scan hard copy prints via approved scanner
Encrypt and e-mail prints to designated site
Designated site will convert to electronic file and forward to DSS
DSS
OPM
Sites without scanner capability
Capture prints using current/ink stamp system
Mail hard copy prints to Designated site
Designated site will scan and convert hard copy prints to electronic file
Designated site will upload and submit prints to DSS via Biometric Up loader
October 2011 -Page 44
Federal Information Processing Codes
(FIPC)
When initiating Investigation Requests, indicate how fingerprint
cards will be submitted:
Code 7 – indicates FPC not required
Code I – indicates FPC electronic transmission*
Code J – indicates FPC mailed
October 2011 -Page 45
JPAS Present and Future
JPAS Today
JPAS Future
Joint Access Management System
(JAMS)
Case Adjudication Tracking System
(CATS)
+
+
Joint Clearance Access Verification
System (JCAVS)
Joint Verification System (JVS)
=
=
Joint Personnel Adjudication Verification
System (JPAS)
Defense Information Systems Security
(DISS)
October 2011 -Page 46
CONTACT INFORMATION
October 2011 -Page 47
JPAS Industry Team
The JPAS Industry Team was established in 2004 and consists of
representatives from the following companies:
Boeing – Toni MacDonald
CACI – Tanya Elliott
L-3 Communications – Quinton Wilkes, Clyde Sayler
Lockheed Martin – Wanda Walls
Northrop Grumman – Rene Haley
Raytheon – Susie Bryant
SAIC – Carla Peters-Carr
Schafer Corporation – Rhonda Peyton
October 2011 -Page 48
JPAS Industry Team Contact Info
Industry Team
PMOs
Education & Training
Sub Team
JPAS Industry
Sub Team
Quinton Wilkes – Team Lead
[email protected]
Toni MacDonald – Team Lead
[email protected]
Tanya Elliott – Team Lead
[email protected]
Tanya Elliott
[email protected]
Clyde Sayler
[email protected]
Susie Bryant
[email protected]
Rhonda Peyton
[email protected]
Rene Haley
[email protected]
Carla Peters-Carr
[email protected]
Wanda Walls
[email protected]
DoD Customer Call Center
888 282-7682
October 2011 -Page 49
Additional Contact Information
JPAS Industry PMOs
Quinton Wilkes
703-626-6187
[email protected]
Tanya Elliott
410-782-8108 (office)
[email protected]
Army Account Managers
Denise Brannon, Army Functional Manager
[email protected]
phone: 301.677.6374
DSN: 622.6374
Fax: 301.677.3128
DSN: 622.3128
Susan M Rogers, Army Primary Account Manager
[email protected]
phone: 301.677.7035
DSN: 622.7035
Air Force Account Managers
Mr. Charles Clemmer
[email protected]
202-767-0484
DSN: 297-0484
Navy Account Managers
Roxanne Chrisman, Navy JCAVS Program Manager
[email protected]
Phone:202-433-8869
DSN: 288-8869
Fax: 202-433-8849
Marine Corps Account Managers
Jill Baker, USMC Account Manager
[email protected]
Phone: 703.692.0157
DSN: 222-0157
Fax: 703.614.6538
October 2011 -Page 50
October 2011 -Page 51