Transcript SWFT Presentation (NCMS)

Industry Team
1
Industry Team
Agenda Items
•Industry Team Members
•SWFT Coordinator Role
•SWFT Policy/Metrics
•SWFT Account Requirements
•SWFT User Abilities
•SWFT Process Overview
•SWFT Options for Industry
•SWFT Money Saving Tips
•DISCO Webinars
•Questions
2
Industry Team
The Industry Team (est. 2004)
•
Toni MacDonald (Boeing)
•
Tanya Elliott (CACI)
•
Quinton Wilkes (L-3 Communications)
•
Steven Burke(Lockheed Martin)
•
Rene Haley (Northrop Grumman)
•
Susie Bryant (Raytheon)
•
Carla Peters-Carr (Industry)
•
Shala Romandelvalle (BAE Systems)
•
Sheila Garland (Ball Corporation)
3
Industry Team
INDUSTRY SWFT COORDINATOR
To provide liaison and collaboration between industry and
government agencies to aid in compliance and guidance for
SWFT/eFP roll-out and use within industry.
4
Industry Team
https://www.classmgmt.com/MembersOnly/q_tips.asp
5
Industry Team
326 days until Tuesday, December 31, 2013
6
Industry Team
Department of Defense (DoD)
Moving to Electronic Fingerprints
•
•
•
July 20, 2010, the Under Secretary of Defense
(Intelligence) directed all DoD components to transition
to electronic capture and submission of a full set of
fingerprints in support of all background investigations.
This memorandum was established to greatly speed
capture, submission, and processing time while providing
higher quality images. Industry mandated for compliance
NLT December 31, 2013
(e-Fingerprint memo).
Current version of SWFT is completely web based.
Internet access and Microsoft Internet Explorer 6.0 or
higher are required.
•
Store-and-forward solution
•
In production since July 2009
•
Steady enrollment growth of 15% per month
•
Software enhancements in progress
•
Only a NISP contractor or federal agency can register the
scanning devices with the SWFT and OPM.
More information about SWFT can be found at
https://www.dmdc.osd.mil/psawebdocs/docPage.jsp?p=S
WFT
•
7
Industry Team
SWFT Metrics Jan 2013
February 2013 NCMS/DSS Survey regarding SWFT to be distributed to Industry
8
Industry Team
SWFT Metrics Jan 2013
9
Industry Team
SWFT Account Requirements
• The minimum background investigation for a SWFT user is a NACLC with interim
secret eligibility is required.
• Registered through a cleared company identified in ISFD.
• Separate registration for each Cage Code that the equipment will service is not
required.
• SWFT applicants must complete and submit a DSS Form 273 (SAR). Completed
SAR forms for the primary and backup SWFT Account Managers must be
submitted to the Department of Defense Security Service (DSS) Call Center.
 SAR Form – if one person is responsible for multiple cages within their company, then it is
recommended that the company submits all their eFingerprints under a single Cage Code.
 March 2013 new SWFT user role to identify multiple cage codes and to pull reports on all CAGE
CODEs (current process multiple CAGES are to be registered individually)
• Any scanner or software used for capturing and sending EFTs to SWFT must meet
Federal Bureau of Investigation (FBI) certification guidelines and must be
registered with SWFT and OPM.
10
Industry Team
SWFT USERS
•
•
•
SWFT Users can now associate their user account with more than one Cage Code. This
means that a single person can now upload e-Fingerprints for personnel from multiple
branches of the same company or even from another company. System Access Request
(SAR) has to be submitted for each Cage Code separately.
SWFT users can now select and upload multiple EFT files at a time. This becomes particularly
handy when uploading e-Fingerprints for a group of subjects. In order to be able to utilize
the bulk-upload feature, Adobe Flash Player 9.0.24 or later must be installed and enabled in
your browser.
SWFT Discrepancy report
–
–
–
•
Shows discrepancies between the subject’s biographic data received in the EFT file and the e-QIP data received from
JPAS.
Discrepancies will be shown in the report until corrected or for 14 days (whichever comes sooner).
FSO who initiates the JPAS/e-QIP submission for DISCO's approval must select "I" in the FIPC field. This triggers a
mechanism that delivers necessary e-QIP data to SWFT where they can be matched with the same type of data
obtained from the e-Fingerprint file.
Multiple SWFT status reports have a new column “Received by OPM”. Users can now
confirm that each EFT has been received by OPM, and verify whether it was received
without errors. If the column shows “Rejected by OPM” or an error, the corresponding EFT
should be corrected and re-submitted.
11
Industry Team
Important Information Updates
•
The registration of scanning devices is now done online. SWFT user account is needed to
access the registration web form. Registration and test process can take as little as three
weeks to complete. The Access, Registration and Testing Procedure Guide is available online
on the DMDC SWFT web site.
 The user does not have to wait for the eFP equipment to begin the SWFT account registration
process.
 April 2013 the vetting process will be accomplished through the initiation of the SAR.
•
•
•
•
•
The optimum EFT file size is within 700 – 2,000 KB range for both test and official
submissions. Smaller EFT files may indicate poor fingerprint image quality, and larger EFT
files may cause time-out during the upload operation. Consult the live-scan or card-scan
vendor about the optimal resolution and compression settings of your scanning devices.
Digitally signed e-fingerprint (EFT) files are currently not supported, and will lead to file
rejection if submitted to SWFT and OPM.
March 2013 PKI enabled logon (not mandated) user can still use password login.
TBD – Delayed (5-7 day) eFP release option for late eQIPs (option allows for the record to
be changed).
When providing the subject’s Name in the e-fingerprint (EFT) file, make sure that the Name
Suffix (e.g., Jr., Sr., III, etc.) always comes after the last name. Example of the correct format
for names: Last Name (space) Suffix, (space) First Name (space) Middle Name.
12
SWFT Process
Industry
Site
Scanner
Type Trans
Destinatio
n
Name
SSN
DOB
SWFT
OPM
DoD Fingerprint
Archive
Serving Those Who Serve Our Country
Industry Team
Electronic Fingerprint Capture Options for Industry
(eFP scanners must be on the FBI Product List)
3.1 Option 1: Company Purchases Equipment
This option proposes that Industry companies purchase fingerprint capture devices
and/or fingerprint card scan systems in order to submit electronic fingerprints to SWFT.
Industry companies may purchase equipment using the FBI-certified product list on the
following website: FBI-Product List (https://www.fbibiospecs.org/IAFIS/default.aspx)
•
Company purchase equipment (approximate cost $5000 up)
 Fingerprint scanner and software
- Companies may want to consider purchasing and additional
flat bed scanner to support new hires submitting hard copy
fingerprint forms from remote locations.
 Allows individual companies the ability to submit eFPs to SWFT
 Companies should determine the need for eFP systems dependent upon
frequency of clearance submissions before purchasing
14
Industry Team
3.2 Option 2: Company Sharing Resources
This option provides a solution for multiple companies to share in the cost of purchasing
fingerprint scan devices. Beyond the initial costs, this option may require a recurring
maintenance fee for sustainment to be paid to the entity with operational control over the
solution. Equipment and software should support multiple pre-configured Company profiles.
Electronic fingerprints produced at the shared scanning facility do not have to be submitted to
SWFT from that location. The fingerprint files can be taken to the “home” company, and
submitted to SWFT from the local office. (PII protection and transmission standards should be
adhered to)
• Figure 2 shows that the owning/servicing FSO does not have to be involved to submit the
fingerprints to SWFT. (resource needed to manage SWFT)
•
In Figure 2a the electronic fingerprint file is provided back to the FSO to submit the file to
SWFT. (eFP file can be emailed back to the owning FSO and uploaded into SWFT)
15
Industry Team
3.3 Option 3: Company(s) Offering Service
This option allows Company Purchased Equipment to be offered as a service to support other
companies in submitting electronic fingerprints to SWFT. This option permits a cleared company
to submit electronic fingerprints on behalf of other cleared companies. Cleared companies must
submit a letter of authorization on company letterhead, signed by a Key Management Personnel
(KMP) or corporate official authorizing another cleared company to submit electronic
fingerprints their behalf.
• Service support company may need to consider
Service agreements and terms of use
Billing for service
PII protection policy in place
 Notification to employees that their PII will be stored at another location
 Laws regarding state requirements for PII handling and storage should also be
adhered to
 Availability of use of resources (scheduling)
 Small companies may consider supporting subcontractors who have a contractual
relationship
16
Industry Team
3.4 Option 4: Third Party Vendor Provides Electronic Fingerprint File
This option allows a company to receive the electronic fingerprint file from a third party vendor
that is an FBI approved channeler. The third party vendor collects the fingerprints and saves the
file in the required format to meet FBI standards. The vendor provides the electronic fingerprint
file to the company using agreed upon file transfer methods. The owning/servicing FSO uploads
the file to SWFT. The third party vendor must coordinate through the sponsoring FSO to register
their equipment with SWFT prior to processing any NISP applicants. The third party vendor may
submit electronic fingerprint files to SWFT on behalf of a cleared company with a letter of
authorization.
• If a company chooses to use the services of scanning facility that is operated by a non-NISP
contractor, please verify that the service provider is an FBI approved channeler and that their
equipment has been registered and tested with the SWFT and OPM.
• Police Departments cannot be utilized as a vendor resources for eFPs because live scans are not
registered through SWFT
• Ensure vendors have the available EBT fields available in their software to accurately reflect OPM/FBI
requirements (ensure vendor software has the ability to annotate missing fingers and scars)
• Notification to employees that their PII will be stored at another location
17
Industry Team
3.5 Option 5: Other Government Entities
This option allows Industry to partner with the military services and other government agencies
participating in the NISP (see Appendix C) for electronic fingerprint submissions.
 Military services and government agencies may leverage their electronic processes to submit
directly to OPM.
It is not necessary to use the DSS Submitting Office Number (SON) and Security Office Identifier
(SOI) to submit electronic fingerprints through a government entity. OPM will match the
fingerprint results to the SF86 submission to initiate the background investigation by using the
individual’s social security number. The SF86 submission will incur the investigation cost to DSS
Which includes the FBI fingerprint check.
 Military agencies and recruiting stations have yet to agree to opening up their services to
industry to allow for eFP submissions
18
Industry Team
Implementation Plan
Companies may deploy multiple options depending on how wide spread their
cleared population is, as well as other factors that may apply to their
organization.
 Since Option 5 allows fingerprints to be electronically submitted directly
from a government agency to OPM, SWFT will not track these
submissions.
19
Industry Team
Handling Personally Identifiable Information
Safeguarding Personally Identifiable Information (PII) is the responsibility of
every Federal agency and all users of Federal information and information
systems. As a user of DoD information systems, regardless of whether they
are military, civilian, or a contractor personnel.
 In order to support authorized PII data sharing, DSS recommends the
following:
1) Companies/vendors who wish to provide fingerprint services to other companies enter in
an agreement with each other, allowing the service provider to have their SWFT account be
associated with the other company’s CAGE Code. DMDC will receive a copy of any such
agreement prior to associating SWFT account with CAGE Codes of other/unrelated
companies.
2) In the absence of an agreement, each request for adding a CAGE Code to existing SWFT
account of the service provider will require a separate System Access Request (SAR) validated
by the corporate official or KMP of the company that is seeking the fingerprint services from
the provider.
 Companies sharing resources or using vendors should notify the employee of
where their PII will be stored and how it will be handled (check vendor policies
on PII protection).
20
Industry Team
Money/Time Saving Tips
•
•
•
•
Company legal considerations
– Follow state policy on protection and handling of PII
– PII statement to the employee that their PII will be stored by a vendor
Purchase entire system for large companies/MFOs
– Purchase should be based on need
Buy an FBI approved scanner and the software and scan the hard copy FD 258
– Depends on the need and frequency of the eFPs needing to be taken
– Hard copy prints will not provide immediate feedback of an acceptable eFP image
• FD 258 scanned images have received 0% kickback for bad image
– DSS will discontinue issuance of hard copy fingerprint documents
• Company will need to purchase fingerprint forms
• Users can download the pdf file from Google and purchase card stock to print the card
Use a vendor or company that provides the entire service (ensure vendor has been vetted through
SWFT/OPM as an approved vendor)
– Some vendors have the ability to convert hard copy FD 258s into the eFP file
* SWFT/eFP user should incorporate “vendor time” into the submission scope of the SWFT
process (time allotted to take hard copy FP and submit by overnight mail to vendor and
vendor return of eFP file back to the FSO)
* Cost saving option for CDCs that cannot afford to purchase whole system or software/eFP
scanner portion of system
21
Industry Team
Money/Time Saving Tips
• Ensure the vendor includes software revisions updates in the total purchase price,
upgrade fees (some companies charge full price to come out and make a version
update(s) in the software vs sending the update and allowing the company to make the
upgrade)
• Ensure additional charges in the maintenance agreement are known
Note - Some vendors who are NCMS associate members have discounts for NCMS
members
• Ensure companies coordinate with their IT departments and eFP vendor for software
compatibility issues concerning OS types (Windows 7, XP, 2000, etc)
 Possible issues with patch updates on user machines may change user
permissions within the eFP software (corrective actions - reimage computer and
conduct a complete reinstall of software = additional vendor fees)
• Ability to share eFP software on a network server
• TCN prefix standard is 7-bit ASCII characters, ensure your vendors TCN is compliant
with the industry standard or your eFP product will be incompatible
22
Industry Team
DISCO Webinars
•
DISCO webinars are a series of live web events to address topics related to personnel security
clearances for Industry.
•
DISCO webinars are intended for use by security specialists within the National Industrial
Security Program.
•
AskDISCO webinars are hosted on the Defense Connect Online (DCO) and can be accessed
from any computer with an Internet connection and Adobe's Flash Player.
•
AskDISCO website https://connect.dco.dod.mil/askdisco
•
You do not need to register for a DCO account to attend a CDSE webinar. You may login as
"Guest".
•
Prior to the webinar, ensure your computer/ network connections are properly configured by
going to: https://connect.dco.dod.mil/common/help/en/support/meeting_test.htm
23
Industry Team
Questions?
24