Document 6509239
Transcription
Document 6509239
NCMS Annual Training Seminar How to Implement JPAS JPAS Implementation Team Tony Ingenito Northrop Grumman Vince Jarvie Lockheed Martin Gene Krebs Boeing Barbara Taylor & Ellen Suchey Raytheon Introduction & History • U.S. Government System – Read/write access for Industry? • OSD & JPAS PMO support Industry – March/July 2001 Initial Development Industry Requirements • Industry Beta Test – Issues • “THE MEETING” 3 October 2002 – Must have, should have, would like to have – Span of control ⇨ PSMNet 30 May 2003 JPAS Prerequisites • System Requirements – – – – Pentium 133 MHz (minimum) Netscape v4.79 or Internet Explorer v6.x 128 bit encryption enabled JavaScript, Cookies and SSL enabled • Connectivity Requirement – .com, .net, .org, .mil or .gov address – Firewall must be able to connect to port 443 – Network must have reverse dns lookup enabled JPAS Prerequisites • Clearance Requirements (access levels) • Level II, III and VIII – current SCI access • Level IV through VII & X – NCLC w/Credit • If a required user has a NCLC w/o Credit – New EPSQ is required with “Requires access to JPAS” as reason • PUBLIC KEY INFRASTRUCTURE (PKI) – Currently, 128 bit SSL is used until PKI becomes available. Expect to see PKI 10/04 Corporate Commitment & Structure • Appointment Letter – Primary & Alternate Account Manager: • Full names, social security numbers, and contact information (i.e., telephone numbers, office addresses, and work email addresses). – Signed by KMP or Corporate Officer • Buy in – Implement the “Change” process – – – – Corporate Leadership Business Area Leadership Security management Security personnel Corporate Commitment & Structure • Resource availability – Do it right the 1st time ALWAYS REMEMBER • JPAS IS THE U.S. GOVERNMENT OFFICIAL SYSTEM OF RECORD FOR CLEARANCES! Corporate Commitment & Structure • Ethical Conduct – Valid business purpose • Loss of Privileges – Devastating impact • Business • Personal Corporate Commitment & Structure • SCI Structure – LEVEL 2 - SCI security personnel at unified command, DoD agency, military department or major command/equivalent headquarters. PSM - Net is determined by the responsible SOIC or designee. (Read and Write Access) – LEVEL 3 - SCI security personnel at echelons subordinate to Level 2 at a particular geographic location (installation, base, post, naval vessel). PSM Net is determined by the responsible SOIC or designee. (Read and Write Access) – LEVEL 8 - SCI Entry control personnel. Individuals who grant access to SCIF installations, buildings, etc. Varies according to organizations. (Read Access ) Corporate Commitment & Structure • Non SCI Structure – LEVEL 4 - Non-SCI security personnel at unified command, DoD agency, military department or major command/equivalent headquarters. PSM - Net is determined by the responsible Security Officer or designee. (Read and Write Access) – LEVEL 5 - Non-SCI security personnel at echelons subordinate to Level 4 at a particular geographic location (installation, base, post, naval vessel). PSM - Net is determined by the responsible Security Officer or designee. (Read and Write Access) – LEVEL 6 - Unit security manager (additional duty) responsible for security functions as determined by responsible senior security official. (Read and Write Access) – LEVEL 7 - Non-SCI Entry control personnel. Individuals who grant access to installations, buildings, etc. Varies according to organizations. (Read Access) Corporate Commitment & Structure Level 2 Corporate Office Access requires SCI access Level 3 Integrated Systems Electronic Systems Information Technology Ship Systems Newport News Level 3 or 4 Busn Area / Site / SCI Busn Area / Site / SCI Busn Area / Site / SCI Busn Area / Site / SCI Busn Area / Site / SCI Busn Area / Site / SCI Busn Area / Site / SCI Busn Area / Site / SCI Busn Area / Site / SCI Busn Area / Site / SCI Level 4 or 5 Sites/ Program Sites/ Sites/ Program Program Sites/ Sites/ Program Program Sites/ Sites/ Program Program Sites/ Program Sites/ Program Sites/ Sites/ Program Program Sites/ Program Level 5 or 6 Frequent Frequent Frequent Frequent Frequent Frequent Frequent Frequent Users Users Users Users Users Users Users Users Access requires a Secret – NCLC/CR Level 7 Inquiry Only – Guard / Lobby Posts Frequent Frequent Frequent Frequent Users Users Users Users Account Management & Users • Account Management – Establish Corporate Account Manager and alternate. – Create additional Account Managers necessary to support your structure (Division, geographic) – Establishes JPAS user accounts – Resets passwords, unlocks users or logs users off – Responsible to maintain signed RFA on users they grant ID for (will be an auditable item) – Terminating account when user leaves or no longer requires access for security related functions. Account Management & Users • JPAS Users – Update capability Level 2 thru 6 – Update employee clearance file (personal info, create/transfer FSC, Indoc data, terminations, adverse reporting – Perform most all Form 562 transactions – Pay attention to what tab you are viewing – Receives notification of clearance actions – Generates organization reports as needed Account Management & Users • JPAS Users – Inquiry level 7 & 10 (non-SCI data) – Allows for inquires by Guard/Receptionist or other security users that do not need update capabilities – Validate clearance eligibility for visitors – Inquiry Level 8 (SCI data) – Allows for inquires by SCI cleared users – Validates SCI eligibilities and tickets Training • Develop Company Training Plan – Develop JPAS expert for your company – Develop trainers & alternates to fill your structure – Have users first complete the JITA available online at the JPAS website (https://jpas.osd.mil/) – Utilize training tools for classroom, lecture, netmeeting before cutting users loose. – Spend the time and do it right the 1st time Training Tools • JPAS Joint Integrated Training Application (Available JPAS Home Page) Training Tools • JPAS Account Managers Training Presentation (Available soon) JPAS Account Manager (Account Management) Introduction JPAS Industry Sub Committee Doc 005 Rev 00 0 Training Tools • JPAS User Training Presentation (Available soon) JPAS User (Security Management) Introduction 1JPAS Industry Sub Committee Doc 006 Rev 0 00 1 Training Tools • JPAS User How to Book (Available soon) Joint Personnel Adjudication System THE HOW TO BOOK FOR JPAS Implementation & Validation • Implementation Plan 9 Establish team with representatives from each element 9 Identify Account Manager structure & projected users 9 Identify potential cost for equipment and software 9 Establish Account Managers & Company Trainers 9 Establish Training sub-team to evaluate and develop training tools (if required beyond tools provided) 9 Establish Training plan 9 Establish validation criteria & process 9 Establish user accounts, conduct training 9 Conduct validation & correction process 9 Certify JPAS Files Implementation & Validation • Roll-out Schedule • Data Validation & Corrections • Current employees (Personal Data, Clearance Data, Facility Data, Briefing Data) • Former employees (Separation Data, Debriefing data) • Update correct information if incorrect • Creation of correct industry (Cage Code) if necessary • Clean-up of assigned persons to your Cage Code Validation Checklist Non-SCI Access FIELDS SOURCE DOCUMENT UPDATEABLE FIELD Eligibility Adjudication & Investigation Summary (JPAS or NG Systems) No, use RRU function if incorrect Investigation LOC No, use RRU function if incorrect Comment NdA Signed Non Disclosure Agreement or DOD Initial Brief Date Yes Attestation Date Briefing Certification Yes - Only if no date has been entered If a date is in place do nothing. This is the SF312 that DISCO has on file Only contract required at this time. It is a good idea for those that have TS to complete Industry(Contractor) Code LOC Yes - use RRU function if necessary Only to create your FSC is not present. A history file is needed if you replace a FSC the history is lost Non-SCI Access (US) LOC (Clearance level and Date Issued) Yes Date of Birth Place of Birth Citizenship LOC LOC LOC Yes Yes Yes FIELDS Investigation SOURCE DOCUMENT Special programs (SCI investigation) Date that you gave the access to the person LOC, Security file, Passport ect. Don't always believe a LOC, your records may be accurate "" "" SCI Access UPDATEABLE FIELD No, use RRU function if incorrect Comment