Document 6509239

Transcription

Document 6509239
NCMS Annual Training Seminar
How to Implement JPAS
JPAS Implementation Team
Tony Ingenito
Northrop Grumman
Vince Jarvie
Lockheed Martin
Gene Krebs
Boeing
Barbara Taylor &
Ellen Suchey
Raytheon
Introduction & History
• U.S. Government System
– Read/write access for Industry?
• OSD & JPAS PMO support Industry
– March/July 2001 Initial Development Industry
Requirements
• Industry Beta Test
– Issues
• “THE MEETING” 3 October 2002
– Must have, should have, would like to have
– Span of control ⇨ PSMNet 30 May 2003
JPAS Prerequisites
• System Requirements
–
–
–
–
Pentium 133 MHz (minimum)
Netscape v4.79 or Internet Explorer v6.x
128 bit encryption enabled
JavaScript, Cookies and SSL enabled
• Connectivity Requirement
– .com, .net, .org, .mil or .gov address
– Firewall must be able to connect to port 443
– Network must have reverse dns lookup enabled
JPAS Prerequisites
• Clearance Requirements (access levels)
• Level II, III and VIII – current SCI access
• Level IV through VII & X – NCLC
w/Credit
• If a required user has a NCLC w/o Credit
– New EPSQ is required with “Requires access to
JPAS” as reason
• PUBLIC KEY INFRASTRUCTURE (PKI)
– Currently, 128 bit SSL is used until PKI
becomes available. Expect to see PKI 10/04
Corporate Commitment & Structure
• Appointment Letter
– Primary & Alternate Account Manager:
• Full names, social security numbers, and contact
information (i.e., telephone numbers, office
addresses, and work email addresses).
– Signed by KMP or Corporate Officer
• Buy in – Implement the “Change” process
–
–
–
–
Corporate Leadership
Business Area Leadership
Security management
Security personnel
Corporate Commitment & Structure
• Resource availability
– Do it right the 1st time
ALWAYS REMEMBER
• JPAS IS THE U.S. GOVERNMENT
OFFICIAL SYSTEM OF RECORD FOR
CLEARANCES!
Corporate Commitment & Structure
• Ethical Conduct
– Valid business purpose
• Loss of Privileges
– Devastating impact
• Business
• Personal
Corporate Commitment & Structure
• SCI Structure
– LEVEL 2 - SCI security personnel at unified
command, DoD agency, military department or major
command/equivalent headquarters. PSM - Net is
determined by the responsible SOIC or designee. (Read
and Write Access)
– LEVEL 3 - SCI security personnel at echelons
subordinate to Level 2 at a particular geographic
location (installation, base, post, naval vessel). PSM Net is determined by the responsible SOIC or designee.
(Read and Write Access)
– LEVEL 8 - SCI Entry control personnel. Individuals
who grant access to SCIF installations, buildings, etc.
Varies according to organizations. (Read Access )
Corporate Commitment & Structure
• Non SCI Structure
– LEVEL 4 - Non-SCI security personnel at unified command, DoD
agency, military department or major command/equivalent
headquarters. PSM - Net is determined by the responsible Security
Officer or designee. (Read and Write Access)
– LEVEL 5 - Non-SCI security personnel at echelons subordinate to
Level 4 at a particular geographic location (installation, base, post,
naval vessel). PSM - Net is determined by the responsible Security
Officer or designee. (Read and Write Access)
– LEVEL 6 - Unit security manager (additional duty) responsible for
security functions as determined by responsible senior security official.
(Read and Write Access)
– LEVEL 7 - Non-SCI Entry control personnel. Individuals who grant
access to installations, buildings, etc. Varies according to
organizations. (Read Access)
Corporate Commitment & Structure
Level 2
Corporate
Office
Access requires
SCI access
Level 3
Integrated
Systems
Electronic
Systems
Information
Technology
Ship
Systems
Newport
News
Level 3 or 4
Busn
Area /
Site / SCI
Busn
Area /
Site / SCI
Busn
Area /
Site / SCI
Busn
Area /
Site / SCI
Busn
Area /
Site / SCI
Busn
Area /
Site / SCI
Busn
Area /
Site / SCI
Busn
Area /
Site / SCI
Busn
Area /
Site / SCI
Busn
Area /
Site / SCI
Level 4 or 5
Sites/
Program
Sites/
Sites/
Program Program
Sites/
Sites/
Program Program
Sites/
Sites/
Program Program
Sites/
Program
Sites/
Program
Sites/
Sites/
Program Program
Sites/
Program
Level 5 or 6
Frequent Frequent Frequent Frequent Frequent Frequent Frequent Frequent
Users
Users
Users
Users
Users
Users
Users
Users
Access requires a Secret –
NCLC/CR
Level 7
Inquiry Only – Guard / Lobby Posts
Frequent Frequent Frequent Frequent
Users
Users
Users
Users
Account Management & Users
• Account Management
– Establish Corporate Account Manager and
alternate.
– Create additional Account Managers necessary to
support your structure (Division, geographic)
– Establishes JPAS user accounts
– Resets passwords, unlocks users or logs users off
– Responsible to maintain signed RFA on users they
grant ID for (will be an auditable item)
– Terminating account when user leaves or no longer
requires access for security related functions.
Account Management & Users
• JPAS Users
– Update capability Level 2 thru 6
– Update employee clearance file (personal info,
create/transfer FSC, Indoc data, terminations,
adverse reporting
– Perform most all Form 562 transactions
– Pay attention to what tab you are viewing
– Receives notification of clearance actions
– Generates organization reports as needed
Account Management & Users
• JPAS Users
– Inquiry level 7 & 10 (non-SCI data)
– Allows for inquires by Guard/Receptionist or
other security users that do not need update
capabilities
– Validate clearance eligibility for visitors
– Inquiry Level 8 (SCI data)
– Allows for inquires by SCI cleared users
– Validates SCI eligibilities and tickets
Training
• Develop Company Training Plan
– Develop JPAS expert for your company
– Develop trainers & alternates to fill your
structure
– Have users first complete the JITA available
online at the JPAS website (https://jpas.osd.mil/)
– Utilize training tools for classroom, lecture, netmeeting before cutting users loose.
– Spend the time and do it right the 1st time
Training Tools
• JPAS Joint
Integrated
Training
Application
(Available
JPAS Home
Page)
Training Tools
• JPAS
Account
Managers
Training
Presentation
(Available
soon)
JPAS Account Manager
(Account Management)
Introduction
JPAS Industry Sub Committee Doc 005 Rev 00 0
Training Tools
• JPAS User
Training
Presentation
(Available
soon)
JPAS User
(Security Management)
Introduction
1JPAS Industry Sub Committee Doc 006 Rev 0 00
1
Training Tools
• JPAS User
How to Book
(Available
soon)
Joint Personnel Adjudication System
THE HOW TO BOOK FOR JPAS
Implementation & Validation
• Implementation Plan
9 Establish team with representatives from each
element
9 Identify Account Manager structure & projected
users
9 Identify potential cost for equipment and software
9 Establish Account Managers & Company Trainers
9 Establish Training sub-team to evaluate and
develop training tools (if required beyond tools
provided)
9 Establish Training plan
9 Establish validation criteria & process
9 Establish user accounts, conduct training
9 Conduct validation & correction process
9 Certify JPAS Files
Implementation & Validation
• Roll-out Schedule
• Data Validation & Corrections
• Current employees (Personal Data, Clearance
Data, Facility Data, Briefing Data)
• Former employees (Separation Data,
Debriefing data)
• Update correct information if incorrect
• Creation of correct industry (Cage Code) if
necessary
• Clean-up of assigned persons to your Cage
Code
Validation Checklist
Non-SCI Access
FIELDS
SOURCE DOCUMENT
UPDATEABLE FIELD
Eligibility
Adjudication & Investigation Summary (JPAS or NG Systems)
No, use RRU function if incorrect
Investigation
LOC
No, use RRU function if incorrect
Comment
NdA Signed
Non Disclosure Agreement or DOD Initial Brief Date
Yes
Attestation Date
Briefing Certification
Yes - Only if no date has been entered
If a date is in place do
nothing. This is the SF312
that DISCO has on file
Only contract required at this
time. It is a good idea for
those that have TS to
complete
Industry(Contractor) Code LOC
Yes - use RRU function if necessary
Only to create your FSC is
not present. A history file is
needed if you replace a FSC
the history is lost
Non-SCI Access (US)
LOC (Clearance level and Date Issued)
Yes
Date of Birth
Place of Birth
Citizenship
LOC
LOC
LOC
Yes
Yes
Yes
FIELDS
Investigation
SOURCE DOCUMENT
Special programs (SCI investigation)
Date that you gave the
access to the person
LOC, Security file, Passport
ect. Don't always believe a
LOC, your records may be
accurate
""
""
SCI Access
UPDATEABLE FIELD
No, use RRU function if incorrect
Comment