510 likes | 780 Views
JPAS Updates. Toni MacDonald – Boeing Presented to: NCMS - Channel Islands Chapter 19 October 2011. DISCO Relocation. Defense Industrial Security Clearance Office (DISCO) has moved from Columbus, OH to Ft. Meade, MD – effective August 1, 2011
E N D
JPAS Updates Toni MacDonald – Boeing Presented to: NCMS - Channel Islands Chapter 19 October 2011
DISCO Relocation • Defense Industrial Security Clearance Office (DISCO) has moved from Columbus, OH to Ft. Meade, MD – effective August 1, 2011 • Nondisclosure Agreements (SF 312) should be forwarded to the new mailing address for DISCO below: Defense Security Service Defense Industrial Security Clearance Office (DISCO) Attention: Document Preparation Office 600 10th Street Fort George G. Meade, MD 20755-5131
ENROL/STEPP • ENROL is now known as STEPP - Security Training, Education and Professionalization Portal URL: http://www.dss.mil/diss/enrol-intro.html
Training • JPAS Training for Security Professionals – Course No. PS123.16 (8 hr web-based) • All JPAS documentation will be removed from the DSS website. It will only be available in the tutorial within JPAS • DSS Personally Identifiable Information (PII) – Course No. DS-IF101.06 (45 min web-based) • eQIP – Multiple courses to include: Initiating, Managing, Reviewing, and Solutions to Common Issues • Industrial Security Facility Database (ISFD) – Course No. IS111.06 (5 hr web-based) • Link to STEPP: The following link will take you to the Defense Security Service (DSS) STEPP system: https://stepp.dss.mil/SelfRegistration/Login where you can register for the courses or create a new account. For additional information regarding a STEPP account, contact the DoD Security Service Center, 1-888-282-7682, occ.cust.serv@dss.mil; for information about the course content contact IA/CND at DSSIACND@dss.mil
JPAS Websites via DMDC www.dmdc.osd.mil/psawebdocs(DMDC Home Page) https://jpasapp.dmdc.osd.mil/JPAS/JPASDisclosure
User Profile Screen (4/2/11) • JPAS User Profile screen allows JPAS users to view and edit their own personal identification, security management office (SMO), and contact information • The JPAS User Profile screen is displayed the first time the user gains access to JPAS by category/level and every six months thereafter Screenshot Removed
Signature Pages • Fax Server disabled May 2011 • JPAS users should use the Scan and Upload method to submit signature pages: • SF86 Certification • Authorization for Release of Information, and/or • Authorization for Release of Medical Information (when applicable) • Fair Credit Reporting (new form eftv 8/11) • All documents must bear the appropriate OPM Request ID Number. • All uploaded documents must be in .pdf format and cannot be larger than 1 mg.
Required Signature Pages Authorization for Release of Information Required Fair Credit Reporting Required for submissions with 2010 SF86 Certification Page Required
Additional Signature Page Medical Release Required only if subj answers “Yes” to #21
Log-in Changes • Prior to JPAS Release 4.3.0.0, JPAS users could log-in using: • User ID and password or • Common Access Card (CAC) • As of 27 August 2011, In addition to the above, users can log-in using either of the following methods: • A Federal Agency PIV card • A Medium Token Assurance or Medium Hardware Assurance Public Key Infrastructure (PKI) smart • A DoD-approved PKI certificate on a corporate smart card • A PIV-Interoperable (PIV-I) smart card from a DoD-approved PIV-I smart card provider Note: JPAS will not enforce the use of any particular log-in method.
Prime Contract Numbers • Removed the Prime Contract Number field from the Determine Investigation Type section of the Determine Initiation Scope screen • Prime Contract Number and Cage Code fields are displayed in the Initiation Scope sections of the Determine Investigation Scope screen • No more than 30 characters (must be alphanumeric for 2010 SF86 investigation requests) no dashes, no spaces Screenshots Removed
Extra Coverage / FIPC Screenshot Removed • Code 7 – indicates FPC not required • Code I – indicates FPC electronic transmission • Code J – indicates FPC mailed (must be mailed within 14 days) to: • Investigative Request Rapid Response Team • OPM-FIPC • PO Box 618 • Boyers, PA 16020-0618
Additional Request Info • Enter Requester e-mail and phone number • Include Secondary Requesting Official and phone number Screenshot Removed
Deployment/Change of Station • Added the Deployment/Permanent Change of Station sub-section to • Entering data into these fields is optional, but if data is entered, all of the related fields are required with the exception of the Point of Contact at Location and Phone fields Screenshot Removed
Investigation Request Status • Mandatory Release Forms: Fair Credit, SF86 Cert, Info Release • Ensure box is checked for all mandatory forms • All forms must be attached before you can submit to DISCO Screenshot Removed
Document Review • Document History shows which signature page has been uploaded and when it was uploaded • Fax Server disabled – all documents muse be scanned and uploaded Screenshot Removed
Nda Forms (09/09/11) Organizational Information Required on an SF312 As of Oct. 1, 2011, the Defense Industrial Security Clearance Office will no longer accept an SF312, Classified Information Nondisclosure Agreement, without the organizational information (located in block 11). Please ensure all required blocks are complete or the SF312 will be considered incomplete and returned for correction.
New 2010 SF 86 Form • The 2010 SF86 form will be the default for investigation requests initiated after 29 August 2011 • Investigation requests initiated prior to August 29 will use the 2008 SF86 even if the form is returned for additional information • Access to the investigation request functionality via JPAS remains the same • JCAVS User Levels remain the same: Levels 2 – 6 • Various changes made within JPAS investigation request functionality to accommodate the new SF86 form • New signature page “Fair Credit Reporting Disclosure” is required for all 2010 SF86 submissions • Branching questions allow applicants to provide more detailed information about their background • A new Navigation screen replaces the navigation drop down menu. You can select sections of the form from the drop down menu at the top of the screen, and then navigate to various sub sections • Employee information from the old SF86 is expected to migrate to the new form
Some of the Changes • Average completion time approx 150 min vs. 120 min • The employee must read Agreement and answer “Yes” before they will be allowed to move on. If they answer “No” they will get an error message • State and country of birth is required, even if born in US • Passport information is required if employee possesses a US passport • Additional citizenship information required if born abroad, if naturalized citizen, or if “Not a US citizen” is selected • Ten years of history required for where you have lived, regardless of investigation type • Must list point of contact if you attended school within past 3 years • Additional selections for employment activities • Two separate screens for Selective Service Record • Detailed information required for Military History • Additional entries for People who Know you Well • Additional information required for Marital Status; detailed information required if Annulled, Divorced, or Widowed
Some of the Changes (cont) • Must select checkbox for all relatives that apply, if “married is checked, must check mother-in-law and father-in-law before you can move forward • Other names used by relatives is required, as well as dates used and why name is used • Additional information required for Foreign Contacts, Foreign Activity and Foreign Travel • Police Records Questions have been combined – “YES” requires additional information • Investigations and Clearance questions will be asked individually, “Yes” requires additional information • More specific questions are asked on Financial Records • Non-Criminal Court Actions require 10 years history vs. 7 • Employees will have to log in with SSN and will have to add SSN to bottom of each signature page
SF86 Reference Material • The Center for Development of Security Excellence (CDSE) has developed on-line reference material for JPAS users to help them become familiar with using the new 2010 SF 86. • The following links are provided by CDSE on the • Security-Related Brochures and Guides • Quick Reference Guide (QRG) for the Newly Updated SF-86 • Provides overview, types of information, detailed section review and references, including the printable form • Applicant Tips for Successful e-QIP • How to avoid common mistakes • http://www.dss.mil/seta/security_brochures_and_guides.html • PDF (writeable) version is available on OPM’s website (127 pages)
Reports FAQs Cognos is that software program that generates JPAS reports. • I receive a Cognos screen asking for a userid and password when I try to run reports. When I enter my JPAS userid and password, I continue to receive an error. What should I do? • Send e-mail to DoD Service Center indicating “Userid not recognized by report server” • How do I convert a Comma Separated Values (.CSV) file into an Excel spreadsheet? • Will my connection with JPAS timeout while I am running reports? • How do I convert an Excel spreadsheet into a .PDF file? • I am using Internet Explorer and my report is not displaying, how do I correct this? https://www.dmdc.osd.mil/psawebdocs/docRequest//filePathNm=PSA/appId=560/app_key_id=1559jsow24d/siteId=7/ediPnId=0/userId=public/fileNm=JPAS_Reports_FAQs+%2809262011%29.pdf
Approved Vendors DoD ECA currently approved vendors: • IdenTrust, Inc. Web Site: http://www.identrust.com/certificates/eca/index.html Email: helpdesk@identrust.com Phone: 888.882.1104 • Operational Research Consultants, Inc Web Site: http://www.eca.orc.com/ Email: ecahelp@orc.com Phone: 800.816.5548 • VeriSign, Inc. Web Site: https://eca.verisign.com/ Email: eca-support@verisign.com
JPAS Logon Methods • Important Dates • CAC-enabled JPAS deployed January 2011 • PKI-enabled JPAS deployed August 2011 • Username and password will be removed January 2012 • PKI Logon Methods authorized for access • The DoD CAC • Personal Identity Verification (PIV) cards • Medium Token Assurance or Medium Hardware Assurance PKI certificate on a smartcard issued via the External Certification Authority (ECA) PKI Program • Regardless of logon method, access to JPAS will be validated • JPAS user ID/password must be valid and active
Logging in with PKI Cert Screenshot Removed • Select CAC/PIV Log in • Hit Return key and you will end up at the Self-Registration Screen
PKI Self Registration • Self Registration • Each user will be required to register their own certificates • JPAS will display a new Self Registration page to allow users to associate their Non-CAC (PIV, PIV-I or smart card) to their active JPAS user ID and password • JPAS will store user ID association to only one Non-CAC at a time • JPAS will only present this page to users whose Non-CAC is not already stored in JPAS • Detailed error messages will be presented to the user if problems are encountered during the log-in process
PKI Self Registration Screen Screenshot Removed
Confirming PKI Certificate Info Screenshots Removed You will be asked to confirm your certificate You will be asked to enter your passcode Once you enter passcode you will be logged in to JPAS
When using your PKI smartcard… • The system will not: • Require a user to change the password • Check for a password expiration date • Display the countdown of password expiration • Lock the JPAS user account for unsuccessful log-in attempts • Regardless of log-in method, JPAS authorization processing remains the same. JPAS will determine the user’s access rights based on the access rights assigned to the user ID. • User id/passwords will be removed in January 2012
JPAS Inactivity Screenshot Removed • Users will be required to log in at least once every 60 days or their account will become inactive and locked • If a user does not login within 90 days, their account will be terminated in accordance with DoD regulations • The process to request an account will start over with submitting a new SAR and obtaining management approval
Technical Support • For assistance with JPAS PKI login issues, contact your local IT support or the vendor who issued your certificate • The DoD Call Center cannot provide PKI technical support or troubleshooting • There is a PKI Technical Troubleshooting Guide available on DMDC website: https://www.dmdc.osd.mil/psawebdocs/docPage.jsp?p=JPAS • If you still have issues and have exhausted all possibilities, submit e-mail to: jpas.helpdesk@osd.pentagon.mil Be sure to include the following information in your e-mail: • Your First and Last Name • JPAS User Account ID. (Do not send the password or your SSN) • A detailed description of what you have tried using the techniques above and the errors (if any) for each technique • Operating system and web browser that is being used • Type of certificate you are using • The digital certificate export (see here for more information) • They will NOT respond to those that have not tried all steps.
Audit Capabilities • JPAS will audit data inserted, updated, or deleted within select tables in the JPAS database. This change provides a means to track data changes at the field level for any JPAS table that contains the field 'lastUpdatedBy‘ • Changes made within a text field will not be captured during this phase of auditing • JPAS will retain audit log data for up to one year • Security Manager/FSO can request copy of audit log from DMDC via appropriate PMO
Common Access Card (CAC) • The Common Access Card (CAC) is a United States Department of Defense (DoD) smart card issued as standard identification for active-duty military personnel, reserve personnel, civilian employees, other non-DoD government employees, state employees of the National Guard, and eligible contractor personnel. • Not all of DoD Industry personnel are eligible for CAC
Who qualifies for a CAC? • Active Duty service members • DoD civilian employees • DoD contractors that are under DoD contract and sponsored by a DoD Service or Agency • DoD Contractors may obtain CACs if their government sponsor deems it necessary and fulfill one of the three requirements: 1. Be active duty, reservist, or a DOD civilian 2. The user must work on site at a military or government installation 3. User is a DoD contractor that works on GFE equipment
I have a CAC card, do I still need PKI? • If an active duty/reservist/DOD civilian is issued a CAC, can they use their CAC if they are in JPAS in a different role (e.g. contractor)? E.g. John Smith is a security consultant for ABC Company part-time. John uses his government issued CAC to access JPAS for the work he's performing for ABC Company. Is this an authorized use of the CAC as many users will fall under this category? • a. The use of a Military/Civilian CAC in the performance of an Industry role is against DoD Policy and will be considered misuse of Government property. Please see the Federal Code of Regulations § 2635.704-Use of Government property. • (a) Standard. An employee has a duty to protect and conserve Government property and shall not use such property, or allow its use, for other than authorized purposes.
Sharing Accounts Sharing USB Tokens, smartcards, and username/password is a violation of DoD Regulations, NISPOM, and the Privacy Act of 1974 If you share any of these items, your account will be terminated If you are in Industry, a notification letter will be sent to all of your contracts with the DoD that you have received a security violation on a Government application Sharing JPAS accounts is PROHIBITED. JPAS accounts are unique to only one person; there are NO company accounts. If you have a company account, you need to STOP using it immediately
JPAS PKI Frequently Asked Questions https://www.dmdc.osd.mil/psawebdocs/docRequest//filePathNm=PSA/appId=560/app_key_id=1559jsow24d/siteId=7/ediPnId=0/userId=public/fileNm=JPAS_PKI_FAQs%2824AUG2011%29.pdf PKI FAQs Section 1: General Questions Section 2: Common Access Card (CAC) and Public Key (PKI Enabling Questions Section 3: Technical Questions (when attempting to log on with a CAC/PIV) Section 4: Defining Terms for PK-Logon Section 5: List of Agencies who distribute PIVs to their employees
Secure Web Fingerprint Transmission (SWFT) • SWFT is a secure web-based system that allows cleared contractors to submit electronic fingerprints (eFPCs) to DSS for release to OPM based on approval of a JPAS/e-QIP submission • SWFT will reduce fingerprint rejection rates and eliminate delays associated with mailing paper cards • DSS launched full production of SWFT in August 2009 • SWFT transferred from DSS to DMDC in August 2010 • Approximately 25 cleared companies are already using SWFT • In July 2010 a USD(I) memo came out directing DoD components to transition to electronic fingerprint transmission in support of all background investigations by 31 December 2013 • DSS will work in conjunction with industry, OPM, and other Government entities to meet the 31 December 2013 implementation date
SWFT Requirements • You must have your FBI approved ten-print live scan systems or card scanners; then you must obtain the DSS Configuration Guide from the SWFT Coordinator. • Registration: All ten-print live scan and card equipment must be certified by the FBI and registered with OPM. • Application Access: All SWFT users must complete a System Access Request (SAR) form. • Testing: All ten-print live scan and card reader equipment must be tested with OPM’s Store and Forward test server. • There are many vendors who offer equipment to support the electronic submission of electronic fingerprints • Information on certified fingerprint systems may be found at http://www.fbibiospecs.org/fbibiometric/iafis/default.aspx • SWFT website: https://www.dmdc.osd.mil/psawebdocs/docPage.jsp?p=SWFT
How SWFT Works DSS OPM Sites With e-print capability • eFPCs are captured at the local facility, then saved and stored on a local hard drive • Click the LSMS icon and select “New” to begin process • Enter requested information (current date, personal/physical description) • Capture and save print images via Guardian e-print station • Log in to SWFT, locate prints you wish to upload and submit to DSS via Biometric Up loader • eFPCs are forwarded to the DSS store and forward server • DSS will receive prints electronically and will cross check with e-QIP and JPAS • DSS will forward ePFC to OPM • OPM will schedule and open the investigation Sites with scanner capability • Capture prints using current/ink stamp system • Scan hard copy prints via approved scanner • Encrypt and e-mail prints to designated site • Designated site will convert to electronic file and forward to DSS Sites without scanner capability • Capture prints using current/ink stamp system • Mail hard copy prints to Designated site • Designated site will scan and convert hard copy prints to electronic file • Designated site will upload and submit prints to DSS via Biometric Up loader
Federal Information Processing Codes(FIPC) • When initiating Investigation Requests, indicate how fingerprint cards will be submitted: • Code 7 – indicates FPC not required • Code I – indicates FPC electronic transmission* • Code J – indicates FPC mailed Screenshot Removed
JPAS Today Joint Access Management System (JAMS) + Joint Clearance Access Verification System (JCAVS) = Joint Personnel Adjudication Verification System (JPAS) JPAS Present and Future JPAS Future Case Adjudication Tracking System (CATS) + Joint Verification System (JVS) = Defense Information Systems Security (DISS)
JPAS Industry Team • The JPAS Industry Team was established in 2004 and consists of representatives from the following companies: • Boeing – Toni MacDonald • CACI – Tanya Elliott • L-3 Communications – Quinton Wilkes, Clyde Sayler • Lockheed Martin – Wanda Walls • Northrop Grumman – Rene Haley • Raytheon – Susie Bryant • SAIC – Carla Peters-Carr • Schafer Corporation – Rhonda Peyton
JPAS Industry Team Contact Info Industry Team PMOs Quinton Wilkes – Team Lead quinton.wilkes@L-3com.com Tanya Elliott telliott@caci.com Education & Training Sub Team Toni MacDonald – Team Lead renita.macdonald@boeing.com Clyde Sayler clyde.j.sayler@L-3com.com Rhonda Peyton rpeyton@schaferalb.com Carla Peters-Carr Carla.s.peters-carr@saic.com JPAS Industry Sub Team Tanya Elliott – Team Lead telliott@caci.com Susie Bryant smbryant@raytheon.com Rene Haley Rene.haley@ngc.com Wanda Walls wanda.walls@lmco.com DoD Customer Call Center 888 282-7682
Additional Contact Information JPAS Industry PMOs Quinton Wilkes703-626-6187quinton.wilkes@L-3com.com Tanya Elliott410-782-8108 (office)telliott@caci.com Air Force Account Managers Mr. Charles Clemmercharles.clemmer@pentagon.af.mil202-767-0484DSN: 297-0484 Army Account ManagersDenise Brannon, Army Functional ManagerDeborah.Brannon@us.army.milphone: 301.677.6374DSN: 622.6374Fax: 301.677.3128DSN: 622.3128 Susan M Rogers, Army Primary Account ManagerSusan.M.Rogers@us.army.milphone: 301.677.7035DSN: 622.7035 Navy Account ManagersRoxanne Chrisman, Navy JCAVS Program Manager roxanne.chrisman@navy.milPhone:202-433-8869 DSN: 288-8869 Fax: 202-433-8849 Marine Corps Account ManagersJill Baker, USMC Account ManagerJill.Baker@usmc.milPhone: 703.692.0157DSN: 222-0157Fax: 703.614.6538