JPAS - Joint Security Awareness Council
Transcription
JPAS - Joint Security Awareness Council
JSAC – DALLAS, TX Presented by: June E. Martin Raytheon April 2008 Objective Provide Overview of JPAS Policy Provide Information Update JPAS e-QIP Suitability/Security Investigation Index (SII) e-Fingerprinting Procedures Governing Use of JPAS by Cleared Contractors Defense Security Service April 2008 • National Industrial Security Program Operating Manual (NISPOM) paragraph 2-200b states that “When the CSA [Cognizant Security Agency] has designated a database as the system of record for contractor eligibility and access, the contractor shall be responsible for annotating and maintaining the accuracy of their employees’ access records. Specific procedures will be provided by the CSA.” The Department of Defense, acting as a CSA, has designated the Joint Personnel Adjudication System (JPAS) as the DoD system of record for contractor eligibility and access. • JPAS is a U.S. Government information system that contains official government records. The information in JPAS must be protected from unauthorized disclosure and used only for authorized purposes. Contractors may only use their JPAS accounts to manage the access records of their employees and consultants, and to verify the access levels and affiliations (e.g., employee of ABC Company) of incoming visitors who require access to classified information. • The following procedures are issued under the authority provided by NISPOM paragraph 2-200b. Contractors shall follow these procedures when using JPAS and shall ensure that authorized users of JPAS have been properly informed about these procedures and any other specific policies governing access to and use of JPAS. 1. Contractors shall accurately maintain the JPAS records pertaining to their employees and consultants. Contractors must expeditiously update these records when changes occur (e.g., termination of employment). 2. Contractors are prohibited from placing false information in JPAS, and DSS will seek appropriate sanctions against contractors and contractor employees who knowingly place false information in JPAS. Procedures Governing Use of JPAS by Cleared Contractors Defense Security Service April 2008 3. DoD issues JPAS accounts exclusively for use by a specific contractor or corporate family of contractors. Persons given access to JPAS as account holders may only use JPAS on behalf of the cleared contractor or corporate family of contractors through which the account was issued. For example, an employee of ABC Company holding a JPAS account issued through ABC Company and who works at a government site is not authorized to use the contractor-granted account in support of the government customer. If the government customer requires the contractor employee to review or update JPAS records on behalf of the government customer, the government customer must provide the JPAS account for the contractor employee to use. 4. The JPAS account manager must be a company employee. The JPAS account manager cannot be a subcontractor or consultant. 5. Contractors may subcontract or obtain consultant support for administering security services. The using contractor will provide a JPAS account to the subcontractor or consultant under the using contractor’s Security Management Office (SMO) for the sole purpose of permitting the subcontractor or consultant to provide security services for the using company. Subcontractors or consultants providing such security services must be under the direct supervision of the using contractor’s FSO or FSO’s designee. 6. Each individual accessing JPAS must have a separate and unique account created by the individual’s JPAS account manager. The account manager must maintain a current record of every JPAS account established. 7. JPAS users may never share their user names, passwords, or other authentication information with any other individual, including anyone who is a designee or an alternate to the account holder. 8. Contractors must not allow any practices that include sharing user names, passwords, or other authentication information, and must have policies in place that guard against such practices. Contractors can establish JPAS accounts for additional users when a reasonable need exists. Procedures Governing Use of JPAS by Cleared Contractors Defense Security Service April 2008 9. Access to JPAS is only authorized by means of company or government-owned equipment with appropriate security controls in place. JPAS users may not access their accounts from personal or home computers. 10. Contractors are not permitted to change an existing date notation in JPAS for the Classified Information Nondisclosure Agreement (SF 312). Contractors must, however, input the date that the SF 312 was signed when JPAS does not reflect a date. 11. Contractors are authorized to verify prospective employees’ eligibility for access to classified information in JPAS prior to an offer of employment being extended. However, contractors may not use JPAS for recruiting purposes. 12. While access to JPAS is only granted to contractors who have a legitimate need for such access in support of classified work being performed for the Government, JPAS is not a classified system. DSS will not grant a facility security clearance (FCL) for the sole purpose of allowing a company or its employees to gain access to JPAS. 13. Any contractor with JPAS access that becomes aware of a violation of these procedures shall immediately report the nature of the violation, the names of the responsible parties, and a description of remedial action taken, to the servicing DSS Industrial Security Representative. NOTE: Violations of the procedures may lead DSS to suspend or withdraw JPAS access, terminate the JPAS account, or exclude culpable companies or persons from access to JPAS for a specified or indefinite period. DSS will also refer information concerning violations of these procedures to other federal agencies for consideration of administrative, civil or criminal sanctions when circumstances warrant. DSS Gateway www.dss.mil The JPAS web site and application access point (https://jpas.dsis.dod.mil) has been decommissioned. All related links, application access and information for JPAS will be available by going to www.dss.mil The DSS website is the link to all DSS applications. Scroll over Applications and scroll up to JPAS (Joint Personnel Adjudication System) In the future, DSS will allow single sign-on, so once you enter the site, your password and user ID will provide access to all authorized DSS applications. JPAS Login Page Login screen The JPAS home page is the entry point to JPAS. Access to JPAS requires a User ID and Password from your Account Manager. Once your JPAS account has been established, single-click on “JPAS Login“ the JPAS Disclosure screen will open. Agree and log in. Request to Research/Recertify/ Upgrade Eligibility (RRU) Submit an RRU to: Request CAF to research, recertify, or upgrade an individual's eligibility Request SSN Correction (DISCO may request copy of SSN card) You can only submit one RRU per person at a time Any JCAVS user within the same Security Management Office (SMO) can cancel an RRU if it has not yet been assigned to an adjudicator Once cancelled, a JCAVS user can resubmit another RRU Industry RRUs should be submitted to DISCO ONLY Eligibility (RRU) 25% of RRUs are for investigation and/or adjudication status checks RRUs are currently taking 60-75 days to process Do NOT submit RRUs for status checks - Call the Customer Call Center @ 888 282-7682 You will be notified of RRU changes by one of the following: RRU Response Notification Eligibility Change Notification Message From CAF It’s okay to respond to CAF via RRU JCAVS Request to Research/Recertify/Upgrade Eligibility To Cancel RRU Select “Cancel Request” Then Click “Save” Incident Reports/Adverse Information Incident Reports allows JCAVS Users to record Incidents and submit electronically to the CAF. Only the JCAVS User that submitted the Incident Report or those with a PSM Net relationship with the Person should be able view the Incident Report details. HOWEVER… Any User Level 2-6 can take on a servicing relationship and view Incident Report details. Workaround – Submit as “Final” report. Be sure to print copy before submitting, once submitted, you will not be able to review the report If you need to submit a “Follow- up” report, initiate another Incident Report and indicate in the description that this is a follow-up to the Incident Report submitted on yymmdd. RECOMMEND NOT TO SUSPEND ACCESS!!! Person Summary Screen Displays "INCIDENT REPORT" An industrial individual may be in-processed at a new entity and given access Visit requests may be submitted for the subject when there is a pending incident report Instances reported that the location to be visited will not honor the visit request How the “visine” is applied to take out the red An adjudicator reviews the report Makes a determination on how to resolve reported issues request an investigation, or decide no additional action is necessary When the issue is resolved or determined it is not of adjudicative significance, the adjudicator closes the incident by updating JPAS The red will be removed Security Management Office Establish Internal Higherarchy Parent/Child Relationship Account Management Function Create/Modify/Update information as applicable Establishing a SMO On main menu select: “Maintain SMO” Enter Search Criteria on SMO you wish to establish Click “search” or “add” Enter required information e-mail not required but recommended Check designated box if required (i.e., Polygraph) PSM Net Validation From the Main Menu select “PSM Net” Will take you to JCAVS Maintain PSM Net Screen Select “Person Categories by Organization” Click “Add” - Will take you to PSM Net Add Organization Category Hit “Select Organization” - Will take you to organization search Select DoD Contractor Companies Enter your cage code (plus *) in last box Click “Search” – selected cage will show up Click blue link indicating cage code; company name will move to top line Click “OK” – Will take you back to “PSM Net Add Org…” Click “Search” Search result will indicate all persons associated with your cage that are not in your PSM Net Determine if each person listed should be in your PSM Net If Yes – In-process and indoctrinate If No – In-process and out-process using the same date; then go to add/modify screen and enter separation date and separation code. At midnight the person will drop out of your PSM Net and will no longer be associated with your Cage Data Validation Once you’ve established your PSM Net, you’ll need to validate the data for each person’s record Social Security Numbers (RRU) Eligibility (RRU) Investigation Date (RRU) Date of Birth (Change yourself) Place of Birth (Change yourself) Marital Status (Change yourself) Indoctrinations (Change yourself) NdA (Change yourself) NdS (Change yourself) Reports Several different types of reports: Personnel Report Periodic Reinvestigations PSM Net “On Demand” Reports Can select One or All Organizations within a SMO Can Sort by Name or SSN Can be downloaded into either PDF or Excel file Frequently Asked Questions (FAQs) Posted on the JPAS Website Applicant Tips for Successful e-QIP Submission on JPAS web page under Documentation JPAS/e-QIP Prime Contract Numbers (September 2007) You will need to enter a contract number for each Investigation Request It should include the contract number itself as well as the identification of the Govt customer requiring the PCL Examples: NAVY: N00019-06-D-0014 AIR FORCE: F00123-05-D-1234 ARMY: SCI: DA 1234-05-D-7819 If requesting an investigation for “SCI access or SAP” access, enter “SCI” or “SAP” between the Govt customer and the contract number If contract number is classified, enter the word “Classified” in place of the contract number If contract number and Govt identification is classified enter only the word “Classified” Do not type “various” or “multiple” in this field See DSS website for additional information on this subject Break in Service Allows the user to indicate that a Break in Service has occurred for the person. The JCAVS user can indicate when a person has had a Break in Service. The Break in Service allows a new Investigation Request to be submitted for a person even though their investigation date may be current. Break in Service To Select Break in Service Select Eligibility Enter Contract Number Check “Break in Service” Then Hit “Determine Invest Type” Signature Pages Signature Pages must be electronically attached to the SF86 before Industry can submit to DISCO Required signature pages include: Certification Page Authorization for Release of Information Medical Release (if subject answers “Yes” to Question #21) Subject’s name now defaults in typed format Rejection rate for incorrect name has been reduced Methods for submission of Signature Pages Fax - can be faxed to JPAS repository by anyone from anywhere Upload - can only be uploaded by JPAS User Uploading appears to be the preferred method Signature Pages not submitted within 60 days of an eQIP submission will cause the eQIP to terminate PSI Automation Signature Pages – FAX FAX (Fax number: 1 866-804-0686) JPAS uses Optical Character Recognition (OCR) to read the investigation request number from the signature page and associates each fax to the correct Investigation Request and document type. DO NOT USE COVER SHEETS (clogs up the system). JPAS Users can print signature pages from JPAS, or the subject can print them from e-QIP once they’ve certified their SF86. Faxed documents are stored in the JPAS repository until the Investigation Request is approved. Documents are sent to OPM upon DISCO Approval. Upon DISCO approval, documents are no longer accessible. PSI Automation Signature Pages – Upload Upload The JCAVS User can browse and select a document from a local or network drive to upload. Documents must be scanned and saved individually prior to upload. The User identifies the type of document and appropriate Investigation Request through selections in JPAS. Documents are uploaded directly to JPAS in real-time and are not stored in the JPAS document repository. All uploaded documents must be in .pdf format and cannot be larger than 1 mg. Only JPAS Users can upload signature pages, JPAS access is required. Add/Modify Invest. Request – Ready for Review, No Documents Note: When you FAX a document the system will read the Investigation Request Number and automatically populate the appropriate document box. Notice the “Submit to DISCO” button is not available Invest. Request Documents – Ready for Review, No Documents When you scan a document, you must select document type and locate the document. Ensure you have a naming scheme which will clearly identify the appropriate document to be uploaded. Add/Modify Investigation Request – Documents attached “Submit to DISCO” button will only be available when required documents are received in JPAS. Invest. Request Documents – Ready for DISCO (JAMS and JCAVS) Signature pages can be viewed and replaced in JPAS and are available for review until approved by DISCO. JPAS displays History of received documents - Method (Fax or Upload), Date and Time, Result (Success or Failure) e-QIP Timelines Initiating Once an Investigation Request is initiated in JPAS, an applicant has 30 days to login to e-QIP and start their PSQ or the Investigation Request is terminated. Once an Investigation Request is initiated in JPAS, an applicant has 90 days after their initial e-QIP login date to complete their PSQ or the Investigation Request is terminated. Reviewing and Approving Once the applicant has completed the PSQ, it must be reviewed and approved by the appropriate agency within 90 days or the Investigation Request is terminated. Pending PSQs An Investigation Request that remains in a Pending Status and is not "Initiated" will be deleted 30 days after creation. Stopped PSQs If an applicant has started to complete a PSQ but the Investigation Request is stopped, it must be resumed within 90 days. If the applicant has not started to complete a PSQ, but the Investigation Request is stopped, it must be resumed within 30 days. Revised PSQs An applicant has 60 days to log into e-QIP and complete updates to their PSQ if revisions are required. PR Requests &Fingerprint Cards If the previous Investigation is annotated as NACLC or ANACI, the Investigation Request will be recognized as a Periodic Investigation. Fingerprint cards are not required If the previous Investigation is annotated as NAC, ENAC, or NACI, the Investigation Request will NOT be recognized as a Periodic Investigation Request. Fingerprint cards are required. Periodic Reinvestigation = Yes if previous investigation is: NACLC ANACI Periodic Reinvestigation = No if previous investigation is: NAC ENAC NACI Releases and Fingerprint Cards Send fingerprint cards to: Mail: e-QIP Rapid Response Team OPM-FIPC PO Box 618 Boyers, PA 16020 New zip code effective 07/07 FedEx: e-QIP Rapid Response Team OPM-FIPC 1137 Branchton Road Boyers, PA 16020 New zip code effective 07/07 e-Fingerprinting DSS is looking into implementing a store-and- forward E-Fingerprint capability that will provide the fingerprint files to OPM Phase I – Beta Testing scheduled for end of June Phase II – Evaluate results of Beta Test Perform SII Search (SII - Suitability/Security Investigations Index) The information contained on the e-clearance screen is “read only” and is used to verify the following info: JPAS Person Information Indicates Last Name, SSN and DOB entered by the user to search for a record. SII Person Information Indicates Last Name, SSN and DOB returned by the SII. SII AKA Names Indicates any AKA information returned by the SII. SII Investigation Summary Indicates investigation information returned by SII. SII Clearance Summary Indicates information returned by SII. SII Messages This portion of the screen displays any messages returned by SII. Note. If the OPM SII database is down, the following text will be displayed under "SII Messages:" The OPM CVS/SII System is NOT available… *PASSCODE ERROR: When initiating an investigation request and names do not match. SII Search - Status Info (Investigation Summary) RECEIVED - The case has been received at OPM via e-QIP and is in the review process prior to being SCHEDULED SCHEDULED - The case is open at OPM and the investigation has started. UNACCEPTABLE - The case does not meet OPM standards and has been rejected. These must be entirely resubmitted. CA CONSIDERED - This is used when during the course of an investigation, information is developed which requires the opening of a new lead that is beyond the normal scope of an investigation at that particular level. It is not necessarily a bad thing, just a need for more information. In some cases OPM uses this when they are waiting for information from outside agencies that has delayed the case. Unlike the CLOSED PENDING designation, these cases are still open and seem to progress reasonably well. CP Closed Pending - The case is closed awaiting information from an outside agency that has taken too long. In some cases this may be due to an inability to perform a subject interview due to deployment of the subject to a location that is not served by OPM. RSI Reopen Security Investigation - When a closed case is reopened as a request from DISCO for additional information before an adjudication is determined. Eligibility Update The NRO is manually loading eligibility info into JPAS for all cases they process effective January 2008 (New and PRs) We no longer have to track the completion to then submit an RRU to DISCO to have the eligibility verified and crossed over Saves Industry time and effort Saves 3-4 months in cycle time RRUs are still required for eligibility updates prior to January 2008 NSA is providing data loads nightly to JPAS and a full refresh of all data once a month
Similar documents
November 2008, Version 6.0 Revised by the JPAS
Defense (DOD) security professionals worldwide. It is a DOD system that uses the internet to connect security personnel around the world with a database managed by DOD Central Adjudication Faciliti...
More information