JPAS - Joint Security Awareness Council

Transcription

JPAS - Joint Security Awareness Council
JSAC – DALLAS, TX
Presented by:
June E. Martin
Raytheon
April 2008
Objective
 Provide Overview of JPAS Policy
 Provide Information Update
 JPAS
 e-QIP
 Suitability/Security Investigation Index (SII)
 e-Fingerprinting
Procedures Governing Use of JPAS by Cleared Contractors
Defense Security Service
April 2008
•
National Industrial Security Program Operating Manual (NISPOM) paragraph 2-200b states that “When the
CSA [Cognizant Security Agency] has designated a database as the system of record for contractor
eligibility and access, the contractor shall be responsible for annotating and maintaining the accuracy of
their employees’ access records. Specific procedures will be provided by the CSA.” The Department of
Defense, acting as a CSA, has designated the Joint Personnel Adjudication System (JPAS) as the DoD
system of record for contractor eligibility and access.
•
JPAS is a U.S. Government information system that contains official government records. The information
in JPAS must be protected from unauthorized disclosure and used only for authorized purposes.
Contractors may only use their JPAS accounts to manage the access records of their employees and
consultants, and to verify the access levels and affiliations (e.g., employee of ABC Company) of incoming
visitors who require access to classified information.
•
The following procedures are issued under the authority provided by NISPOM paragraph 2-200b.
Contractors shall follow these procedures when using JPAS and shall ensure that authorized users of
JPAS have been properly informed about these procedures and any other specific policies governing
access to and use of JPAS.
1. Contractors shall accurately maintain the JPAS records pertaining to their employees and consultants.
Contractors must expeditiously update these records when changes occur (e.g., termination of
employment).
2. Contractors are prohibited from placing false information in JPAS, and DSS will seek appropriate sanctions
against contractors and contractor employees who knowingly place false information in JPAS.
Procedures Governing Use of JPAS by Cleared Contractors
Defense Security Service
April 2008
3.
DoD issues JPAS accounts exclusively for use by a specific contractor or corporate family of
contractors. Persons given access to JPAS as account holders may only use JPAS on behalf of the
cleared contractor or corporate family of contractors through which the account was issued. For
example, an employee of ABC Company holding a JPAS account issued through ABC Company and
who works at a government site is not authorized to use the contractor-granted account in support of
the government customer. If the government customer requires the contractor employee to review or
update JPAS records on behalf of the government customer, the government customer must provide
the JPAS account for the contractor employee to use.
4.
The JPAS account manager must be a company employee. The JPAS account manager cannot be a
subcontractor or consultant.
5.
Contractors may subcontract or obtain consultant support for administering security services. The
using contractor will provide a JPAS account to the subcontractor or consultant under the using
contractor’s Security Management Office (SMO) for the sole purpose of permitting the subcontractor or
consultant to provide security services for the using company. Subcontractors or consultants
providing such security services must be under the direct supervision of the using contractor’s FSO or
FSO’s designee.
6.
Each individual accessing JPAS must have a separate and unique account created by the individual’s
JPAS account manager. The account manager must maintain a current record of every JPAS account
established.
7.
JPAS users may never share their user names, passwords, or other authentication information with any
other individual, including anyone who is a designee or an alternate to the account holder.
8.
Contractors must not allow any practices that include sharing user names, passwords, or other
authentication information, and must have policies in place that guard against such practices.
Contractors can establish JPAS accounts for additional users when a reasonable need exists.
Procedures Governing Use of JPAS by Cleared Contractors
Defense Security Service
April 2008
9.
Access to JPAS is only authorized by means of company or government-owned equipment with
appropriate security controls in place. JPAS users may not access their accounts from personal or
home computers.
10.
Contractors are not permitted to change an existing date notation in JPAS for the Classified
Information Nondisclosure Agreement (SF 312). Contractors must, however, input the date that the SF
312 was signed when JPAS does not reflect a date.
11.
Contractors are authorized to verify prospective employees’ eligibility for access to classified
information in JPAS prior to an offer of employment being extended. However, contractors may not
use JPAS for recruiting purposes.
12.
While access to JPAS is only granted to contractors who have a legitimate need for such access in
support of classified work being performed for the Government, JPAS is not a classified system. DSS
will not grant a facility security clearance (FCL) for the sole purpose of allowing a company or its
employees to gain access to JPAS.
13.
Any contractor with JPAS access that becomes aware of a violation of these procedures shall
immediately report the nature of the violation, the names of the responsible parties, and a description
of remedial action taken, to the servicing DSS Industrial Security Representative.
NOTE: Violations of the procedures may lead DSS to suspend or withdraw JPAS access, terminate the JPAS
account, or exclude culpable companies or persons from access to JPAS for a specified or indefinite
period. DSS will also refer information concerning violations of these procedures to other federal
agencies for consideration of administrative, civil or criminal sanctions when circumstances warrant.
DSS Gateway
www.dss.mil
 The JPAS web site and application
access point
(https://jpas.dsis.dod.mil) has been
decommissioned.
 All related links, application access
and information for JPAS will be
available by going to www.dss.mil
 The DSS website is the link to all DSS
applications.
 Scroll over Applications and scroll up
to JPAS (Joint Personnel
Adjudication System)
 In the future, DSS will allow single
sign-on, so once you enter the site,
your password and user ID will
provide access to all authorized DSS
applications.
JPAS Login Page
 Login screen
 The JPAS home page is
the entry point to JPAS.
Access to JPAS requires
a User ID and Password
from your Account
Manager.
 Once your JPAS account
has been established,
single-click on “JPAS
Login“ the JPAS
Disclosure screen will
open. Agree and log in.
Request to Research/Recertify/
Upgrade Eligibility (RRU)
Submit an RRU to:
 Request CAF to research, recertify, or upgrade an individual's





eligibility
Request SSN Correction (DISCO may request copy of SSN
card)
You can only submit one RRU per person at a time
Any JCAVS user within the same Security Management Office
(SMO) can cancel an RRU if it has not yet been assigned to an
adjudicator
Once cancelled, a JCAVS user can resubmit another RRU
Industry RRUs should be submitted to DISCO ONLY
Eligibility (RRU)
 25% of RRUs are for investigation and/or
adjudication status checks
 RRUs are currently taking 60-75 days to process
 Do NOT submit RRUs for status checks - Call the
Customer Call Center @ 888 282-7682
 You will be notified of RRU changes by one of the
following:
 RRU Response Notification
 Eligibility Change Notification
 Message From CAF
It’s okay to respond to CAF via RRU
JCAVS Request to
Research/Recertify/Upgrade Eligibility
To Cancel RRU
Select “Cancel Request”
Then Click “Save”
Incident Reports/Adverse Information
 Incident Reports allows JCAVS
Users to record Incidents and
submit electronically to the CAF.
 Only the JCAVS User that
submitted the Incident Report or
those with a PSM Net relationship
with the Person should be able
view the Incident Report details.
HOWEVER…
 Any User Level 2-6 can take on a
servicing relationship and view
Incident Report details.
 Workaround – Submit as “Final”
report. Be sure to print copy
before submitting, once
submitted, you will not be able to
review the report
 If you need to submit a “Follow-
up” report, initiate another
Incident Report and indicate in the
description that this is a follow-up
to the Incident Report submitted
on yymmdd.
 RECOMMEND NOT TO SUSPEND
ACCESS!!!
Person Summary Screen Displays
"INCIDENT REPORT"
 An industrial individual may be in-processed at a new entity and
given access
 Visit requests may be submitted for the subject when there is a
pending incident report
 Instances reported that the location to be visited will not honor
the visit request
 How the “visine” is applied to take out the red
 An adjudicator reviews the report
 Makes a determination on how to resolve reported issues
 request an investigation, or
 decide no additional action is necessary
 When the issue is resolved or determined it is not of
adjudicative significance, the adjudicator closes the incident
by updating JPAS
 The red will be removed
Security Management Office
 Establish Internal Higherarchy
 Parent/Child Relationship
 Account Management Function
 Create/Modify/Update information as applicable
Establishing a SMO
On main menu select: “Maintain SMO”
 Enter Search Criteria on SMO you wish to establish
 Click “search” or “add”
 Enter required information
 e-mail not required but recommended
 Check designated box if required (i.e., Polygraph)
PSM Net Validation
 From the Main Menu select “PSM Net”
 Will take you to JCAVS Maintain PSM Net Screen
 Select “Person Categories by Organization”
 Click “Add” - Will take you to PSM Net Add Organization Category
 Hit “Select Organization” - Will take you to organization search
 Select DoD Contractor Companies
 Enter your cage code (plus *) in last box
 Click “Search” – selected cage will show up
 Click blue link indicating cage code; company name will move to top line
 Click “OK” – Will take you back to “PSM Net Add Org…”
 Click “Search”
 Search result will indicate all persons associated with your cage that are not in
your PSM Net
 Determine if each person listed should be in your PSM Net
 If Yes – In-process and indoctrinate
 If No – In-process and out-process using the same date; then go to add/modify
screen and enter separation date and separation code. At midnight the person
will drop out of your PSM Net and will no longer be associated with your Cage
Data Validation
 Once you’ve established your PSM Net, you’ll
need to validate the data for each person’s
record
 Social Security Numbers
(RRU)
 Eligibility
(RRU)
 Investigation Date
(RRU)
 Date of Birth
(Change yourself)
 Place of Birth
(Change yourself)
 Marital Status
(Change yourself)
 Indoctrinations
(Change yourself)
 NdA
(Change yourself)
 NdS
(Change yourself)
Reports
 Several different types of reports:
 Personnel Report
 Periodic Reinvestigations
 PSM Net
 “On Demand” Reports
 Can select One or All Organizations within a SMO
 Can Sort by Name or SSN
 Can be downloaded into either PDF or Excel file
Frequently Asked Questions (FAQs)
 Posted on the JPAS Website
 Applicant Tips for Successful e-QIP
Submission on JPAS web page under
Documentation
JPAS/e-QIP
Prime Contract Numbers
(September 2007)

You will need to enter a contract number for each Investigation Request

It should include the contract number itself as well as the identification of the Govt customer
requiring the PCL

Examples:

NAVY: N00019-06-D-0014

AIR FORCE: F00123-05-D-1234

ARMY: SCI: DA 1234-05-D-7819



If requesting an investigation for “SCI access or SAP” access, enter “SCI” or “SAP” between the Govt customer and
the contract number

If contract number is classified, enter the word “Classified” in place of the contract number

If contract number and Govt identification is classified enter only the word “Classified”
Do not type “various” or “multiple” in this field
See DSS website for additional information on this subject
Break in Service
 Allows the user to indicate that a Break in Service
has occurred for the person.
 The JCAVS user can indicate when a person has had a
Break in Service.
 The Break in Service allows a new Investigation
Request to be submitted for a person even though their
investigation date may be current.
Break in Service
To Select Break in Service
Select Eligibility
Enter Contract Number
Check “Break in Service”
Then Hit “Determine Invest Type”
Signature Pages
 Signature Pages must be electronically attached to the SF86
before Industry can submit to DISCO
 Required signature pages include:
 Certification Page
 Authorization for Release of Information
 Medical Release (if subject answers “Yes” to Question #21)
 Subject’s name now defaults in typed format
 Rejection rate for incorrect name has been reduced
 Methods for submission of Signature Pages
 Fax - can be faxed to JPAS repository by anyone from
anywhere
 Upload - can only be uploaded by JPAS User
 Uploading appears to be the preferred method
 Signature Pages not submitted within 60 days of an eQIP
submission will cause the eQIP to terminate
PSI Automation Signature Pages – FAX
FAX (Fax number: 1 866-804-0686)
 JPAS uses Optical Character Recognition (OCR) to read the
investigation request number from the signature page and
associates each fax to the correct Investigation Request and
document type.
 DO NOT USE COVER SHEETS (clogs up the system).
 JPAS Users can print signature pages from JPAS, or the
subject can print them from e-QIP once they’ve certified their
SF86.
 Faxed documents are stored in the JPAS repository until the
Investigation Request is approved. Documents are sent to
OPM upon DISCO Approval.
 Upon DISCO approval, documents are no longer accessible.
PSI Automation Signature Pages – Upload
Upload
 The JCAVS User can browse and select a document from
a local or network drive to upload. Documents must be
scanned and saved individually prior to upload.
 The User identifies the type of document and appropriate
Investigation Request through selections in JPAS.
 Documents are uploaded directly to JPAS in real-time and
are not stored in the JPAS document repository.
 All uploaded documents must be in .pdf format and
cannot be larger than 1 mg.
 Only JPAS Users can upload signature pages, JPAS
access is required.
Add/Modify Invest. Request –
Ready for Review, No Documents
 Note: When you FAX a document the system will read the Investigation Request Number and
automatically populate the appropriate document box.
 Notice the “Submit to DISCO” button is not available
Invest. Request Documents –
Ready for Review, No Documents
 When you scan a document, you must select document type and locate the document. Ensure you
have a naming scheme which will clearly identify the appropriate document to be uploaded.
Add/Modify Investigation Request –
Documents attached
“Submit to DISCO” button will only be available when required documents are received in JPAS.
Invest. Request Documents –
Ready for DISCO (JAMS and JCAVS)
 Signature pages can be viewed and replaced in JPAS and are available for review until approved
by DISCO.
 JPAS displays History of received documents - Method (Fax or Upload), Date and Time, Result
(Success or Failure)
e-QIP Timelines

Initiating
Once an Investigation Request is initiated in JPAS, an applicant has 30 days to login to e-QIP and start
their PSQ or the Investigation Request is terminated.
Once an Investigation Request is initiated in JPAS, an applicant has 90 days after their initial e-QIP login
date to complete their PSQ or the Investigation Request is terminated.

Reviewing and Approving
Once the applicant has completed the PSQ, it must be reviewed and approved by the appropriate agency
within 90 days or the Investigation Request is terminated.

Pending PSQs
An Investigation Request that remains in a Pending Status and is not "Initiated" will be deleted 30 days
after creation.

Stopped PSQs
If an applicant has started to complete a PSQ but the Investigation Request is stopped, it must be
resumed within 90 days.
If the applicant has not started to complete a PSQ, but the Investigation Request is stopped, it must be
resumed within 30 days.

Revised PSQs
An applicant has 60 days to log into e-QIP and complete updates to their PSQ if revisions are required.
PR Requests &Fingerprint Cards
 If the previous Investigation is annotated as NACLC or ANACI, the
Investigation Request will be recognized as a Periodic Investigation.
 Fingerprint cards are not required
 If the previous Investigation is annotated as NAC, ENAC, or NACI, the
Investigation Request will NOT be recognized as a Periodic
Investigation Request.
 Fingerprint cards are required.
Periodic Reinvestigation = Yes
if previous investigation is:
NACLC
ANACI
Periodic Reinvestigation = No
if previous investigation is:
NAC
ENAC
NACI
Releases and Fingerprint Cards
 Send fingerprint cards to:
Mail:
e-QIP Rapid Response Team
OPM-FIPC
PO Box 618
Boyers, PA 16020
New zip code effective 07/07
FedEx:
e-QIP Rapid Response Team
OPM-FIPC
1137 Branchton Road
Boyers, PA 16020
New zip code effective 07/07
e-Fingerprinting
 DSS is looking into implementing a store-and-
forward E-Fingerprint capability that will provide
the fingerprint files to OPM
 Phase I – Beta Testing scheduled for end of
June
 Phase II – Evaluate results of Beta Test
Perform SII Search
(SII - Suitability/Security Investigations Index)
The information contained on the e-clearance
screen is “read only” and is used to verify the
following info:
 JPAS Person Information





Indicates Last Name, SSN and DOB entered by
the user to search for a record.
SII Person Information
Indicates Last Name, SSN and DOB returned
by the SII.
SII AKA Names
Indicates any AKA information returned by the
SII.
SII Investigation Summary
Indicates investigation information returned by
SII.
SII Clearance Summary
Indicates information returned by SII.
SII Messages
This portion of the screen displays any
messages returned by SII.
Note. If the OPM SII database is down, the following
text will be displayed under "SII Messages:" The OPM
CVS/SII System is NOT available…
*PASSCODE ERROR: When
initiating an investigation request
and names do not match.
SII Search - Status Info
(Investigation Summary)
 RECEIVED - The case has been received at OPM via e-QIP and is in the review





process prior to being SCHEDULED
SCHEDULED - The case is open at OPM and the investigation has started.
UNACCEPTABLE - The case does not meet OPM standards and has been rejected.
These must be entirely resubmitted.
CA CONSIDERED - This is used when during the course of an investigation,
information is developed which requires the opening of a new lead that is beyond the
normal scope of an investigation at that particular level. It is not necessarily a bad
thing, just a need for more information. In some cases OPM uses this when they are
waiting for information from outside agencies that has delayed the case. Unlike the
CLOSED PENDING designation, these cases are still open and seem to progress
reasonably well.
CP Closed Pending - The case is closed awaiting information from an outside
agency that has taken too long. In some cases this may be due to an inability to
perform a subject interview due to deployment of the subject to a location that is not
served by OPM.
RSI Reopen Security Investigation - When a closed case is reopened as a request
from DISCO for additional information before an adjudication is determined.
Eligibility Update
 The NRO is manually loading eligibility info into JPAS for all
cases they process effective January 2008 (New and PRs)
 We no longer have to track the completion to then submit an
RRU to DISCO to have the eligibility verified and crossed
over
 Saves Industry time and effort
 Saves 3-4 months in cycle time
 RRUs are still required for eligibility updates prior to January
2008
 NSA is providing data loads nightly to JPAS and a full refresh
of all data once a month