Secure Web Fingerprint Transaction (SWFT) Frequently Asked Questions

Transcription

1 Defense Manpower Data Center Personnel Security and Assurance Secure Web Fingerprint Transaction (SWFT) Frequently Asked Questions Version 1.4 March 1, 2017 Contract Number: GS00Q09BGD0027 Task Order: GSQ0316DS0057 SWF.1084.U*5 Prepared by

2 REVISION HISTORY Date Version Number Section Comments CM # Name 2/23/ All Initial draft SWF.1084.U*5 SWFT Team 2/23/ All Technical Writer review SWF.1084.U*5 TW Team 2/28/ All Updates from DMDC PM SWF.1084.U*5 SWFT Team Note: The controlled master of this document is available on-line. Hard copies of this document are for information only and are not subject to document control. DOCUMENT INFORMATION Required Information Definition Document Title: Document ID: Personnel Security/Assurance (PSA) Systems Support Secure Web Fingerprint Transaction (SWFT) Frequently Asked Questions SWF.1084.U*5 Version: Version 1.4 Approval Date: March 1, 2017 Location: Owner: Author: Approved by: GOVERNMENT PURPOSE RIGHTS SharePoint - SWFT Documents\Documentation\SWFT Release 7.2.2\SWFT Frequently Asked Questions PSA Systems Support Team PSA Systems Support Team PSA Systems Support Team The Government's rights to use, modify, reproduce, release, perform, display, or disclose these technical data are restricted by paragraph (b)(2) of the Rights in Technical Data-Noncommercial Items clause contained in the DMDC PSA Systems Support contract GS00Q09BGD0027. Any reproduction of technical data or portions thereof marked with this legend must also reproduce the markings. i

3 Secure Web Fingerprint Transaction (SWFT) Frequently Asked Questions Contents Index... 1 Questions about Access, System Requirements, and User Guide What is SWFT? What is efp Enrollment (SWFT+)? Who can use SWFT? Who can use SWFT Plus Enrollment (SWFT+)? How do I obtain a SWFT account? What are the minimum security requirements for obtaining a SWFT account? Where can I find the Personnel Security System Access Request (PSSAR) form? How recent must the training certificates that I submit with my PSSAR be? Can I PSSARs to the SWFT Helpdesk? How often must I log into my account in order to avoid my account being locked or terminated? What do I do if my account has been locked or terminated? As an Organization or Site Administrator, how do I reinstate a user who has had his or her account terminated due to 45 days of inactivity? What are the system requirements for SWFT? Does an Organization need to have a fingerprint capture device (livescan or card scan) before they can obtain a SWFT account? Is there a User Guide for the SWFT system? My Organization will be utilizing another cleared Organization/Third Party Vendor s equipment for creating efp files. Which part of the Access, Registration, and Testing Procedures is relevant for our situation?... 3 Questions about the Equipment What fingerprint scanning hardware and software can be used? What are the requirements for scanner configuration and settings? My Organization is a Third Party Vendor whose fingerprint scanner is being sponsored for production use by a cleared DoD contractor. Will I have to re-register the same fingerprint scanner each time I provide services to other authorized SWFT Users? My Organization will be utilizing a cleared Organization/Third Party Vendor s equipment for creating efp files. Will they be able to submit efps on our behalf? What is the policy for getting server-based/web-based fingerprint systems registered and tested? What is the timeline for scanner registration and approval? Can I submit efps to the Authorized Destination if I never submit a Test efp?... 5 Questions about the Fingerprints Do the efps ever get deleted from SWFT? Are both rolled fingerprints and flat fingerprints accepted? How do I complete fingerprints for an amputee?... 5 ii

4 27. How are the fingerprint files matched with the Electronic Questionnaires for Investigations Processing (e-qip)? What makes up the Transaction Control Number (TCN)? Does the investigation number need to be included in the efp file? What data is entered in the Social Security Number (SSN) field if a person is a Foreign National and does not have a SSN? Can the SWFT support staff change biographic information that was entered incorrectly in an efp file? My efp s processing is taking a long time. How can I find out why?... 6 iii

5 Index Topic Question Number Acceptable fingerprint types 25, 26 Access 1, 2, 3, 4, 5, 13 Account Policies 6, 9, 10 Account Reinstatement 11 Documentation 15 e-qip 27, 29 Editing efps 31 efp Submission and Status 32 Foreign Nationals 30 Obtaining SWFT Account 5 PSSAR 7 Record Retention 24 Scanner Registration Process 16, 18, 21, 22, 23 Scanner Types Supported 17 Server-based Systems 21 System Requirements 12 TCN 28 Third Party Providers 14, 19, 20 Training Requirements 8 Questions about Access, System Requirements, and User Guide 1. What is SWFT? ANSWER - The Secure Web Fingerprint Transaction (SWFT) is a Department of Defense (DoD) enterprise system for centralized collection and distribution of electronic fingerprints for applicants requiring a background check. SWFT eliminates the need for paper-based capture and handling of fingerprints, expedites the background check process by reducing invalid fingerprint submissions, provides end-to-end accountability for sensitive Personally Identifiable Information (PII) data, and implements stringent security standards. 2. What is efp Enrollment or what is SWFT+? ANSWER - SWFT Plus Enrollment (SWFT+) is a DoD enterprise system for web-based collection and distribution of electronic fingerprints. The SWFT+ system provides centralized enrollment of electronic fingerprints, with the capacity to transmit fingerprints to critical Investigative Service Providers (ISPs) and other authorized government entities. SWFT+ frees its users from maintaining their own software for enrolling the biographic and biometric data. Users are responsible only for providing their own fingerprint capture device and software development kit (SDK). 1

6 3. Who can use SWFT? ANSWER - All DoD Components and cleared DoD Industry companies that participate in the National Industrial Security Program (NISP). 4. Who can use SWFT Plus Enrollment (SWFT+)? ANSWER - All DoD Components. The Office of the Under Secretary of Defense for Intelligence OUSD(I) released a memorandum (available at directing all DoD services and agencies to work directly with DMDC on migrating their existing and future fingerprint equipment to SWFT+ and taking advantage of the SWFT+ capability. 5. How do I obtain a SWFT account? ANSWER - Please refer to the SWFT Access, Registration and Testing Procedures. The document is available at Click on the Access, Reg, Test Guide link in the Access Request section of the PSA SWFT Web page. 6. What are the minimum security requirements for obtaining a SWFT account? ANSWER - In order to receive a SWFT account, a potential user must have a favorable security clearance eligibility determination. SWFT requires a minimum of Interim Secret eligibility. Applicants should not submit a Personnel Security System Access Request (PSSAR) form until they have been granted at least an Interim Secret Clearance. 7. Where can I find the Personnel Security System Access Request (PSSAR) form? ANSWER - The document is available at Click on the PSSAR Form in the Access Request section. 8. How recent must the training certificates that I submit with my PSSAR be? ANSWER - Training certificates must be less than 12 months old when submitted with your PSSAR form. 9. Can I PSSARs to the SWFT Helpdesk? ANSWER - Only PSSARs requesting an account for the Organization Administrator are submitted to Defense Manpower Data Center (DMDC) Contact Center via encrypted to: dmdc.contactcenter@mail.mil. PSSARs for Site Administrator accounts must be submitted directly to your Organization Administrator, and PSSARs for regular User accounts should be submitted to your Site Administrator or your Organization Administrator, if permitted. 10. How often must I log into my account in order to avoid my account being locked or terminated? ANSWER - Users must log into their accounts at least once in 30 days in order to avoid their account being locked. Accounts that are not accessed within 45 days of the last login will be terminated. 2

7 11. What do I do if my account has been locked or terminated? ANSWER - Only an account that has been locked can be reactivated. Terminated accounts will require a new PSSAR to be submitted to the appropriate account administrator. Standard users should contact their Site or Organization Administrators. Organization Administrators must contact the Executive Administrator at the DMDC Contact Center. 12. As an Organization or Site Administrator, how do I reinstate a user who has had his or her account terminated due to 45 days of inactivity? ANSWER - If a SWFT User in your Organization has had their account terminated, you will need to create a new account for that user once you have received a completed PSSAR from that user. You will not be able to reuse the user s previous Login ID. 13. What are the system requirements for SWFT? ANSWER - The only requirement is internet access and a compatible web browser. SWFT currently supports only Microsoft Internet Explorer 9.0 or above. Other browsers may work as well. Optionally, in order to be able to upload multiple electronic fingerprints (efps) at a time, Adobe Flash Player 11 or higher must be installed and enabled. A free download is available at: Prior to installing Adobe Flash Player please check your Organization s Information Technology (IT) policy. Users of SWFT+ also require Java Runtime Engine (JRE) version 1.7 and higher, and SDK for fingerprint capture device (see more detailed information at Does an Organization need to have a fingerprint capture device (livescan or card scan) before they can obtain a SWFT account? ANSWER - No, your Organization does not have to own or sponsor any scanning devices in order to obtain a SWFT account for the organization. User accounts and device registrations can be added to such organization accounts later or not at all if fingerprints will be submitted on behalf of your organization by a service provider. 15. Is there a User Guide for the SWFT system? ANSWER - A User Guide is available online in the Help section of the SWFT web application. Log into the SWFT and click the Help button that is available on each web page. The User Guide is For Official Use Only (FOUO), and is not available to the general public. 16. My Organization will be utilizing another cleared Organization/Third Party Vendor s equipment for creating efp files. Which part of the Access, Registration, and Testing Procedures is relevant for our situation? ANSWER - If your Organization will only submit the efps, then only the Access section of the SWFT Access, Registration, and Testing Procedures is relevant to your situation. However, your Organization must verify that the Organization/Third Party Vendor that will generate the efps for you had their equipment registered and approved for production with SWFT. Consult the User Guide for details. 3

8 Questions about the Equipment 4 (SWFT) Frequently Asked Questions 17. What fingerprint scanning hardware and software can be used? ANSWER - The Federal Bureau of Investigation (FBI) maintains a list of certified products, which is available on the FBI Biometric Specifications (BioSpecs) website under Certifications: SWFT Users may choose to acquire any certified product that supports Type-4 fingerprint images. Users of SWFT+ should refer to the list of supported devices that is available at in section efp Enrollment (SWFT+). 18. What are the requirements for scanner configuration and settings? ANSWER - The device must be configured to capture Type-4 fingerprint images. There are also other configuration items and settings that are required by the FBI and the investigative service providers. Please consult the SWFT Scanner Configuration and Registration Guide that is available in the Help section of the SWFT web application. 19. My Organization is a Third Party Vendor whose fingerprint scanner is being sponsored for production use by a cleared DoD contractor. Will I have to re-register the same fingerprint scanner each time I provide services to other authorized SWFT Users? ANSWER - Fingerprint scanning workstations have to be registered and tested only once. They do not have to be re-registered or re-tested separately for each of your clients. Provide to your customers the manufacturer and serial number of your scanners, or provide them your Org/CAGE Code or the Org/CAGE Code of the Organization that sponsored the registration of your devices so that your customers can verify in SWFT that your equipment has been registered and approved for use. Note that any change in your sponsoring organization or change in the system (e.g., software patches or upgrade, hardware replacement, scanner relocation, and so on) requires the equipment to be retested. 20. My Organization will be utilizing a cleared Organization/Third Party Vendor s equipment for creating efp files. Will they be able to submit efps on our behalf? ANSWER - Yes, another Organization that already has a SWFT account can submit efps on your behalf. There are two available options which are detailed in the SWFT Access, Registration and Testing Procedures document available at: What is the policy for getting server-based/web-based fingerprint systems registered and tested? ANSWER - Server-based/web-based fingerprint systems typically involve two components: 1) One or more fingerprint scanning devices; 2) Server that integrates fingerprint images and biographic data and generates the electronic fingerprint file. Multiple scanning devices can be connected to a single server. At least one scanner-server pair must be registered and tested with SWFT. The registration must prove that the hardware and software components in the server-based/web-based system meet the FBI certification

9 guidelines. The test of the scanner-server pair must prove that the system is properly configured and generates efp files that comply with the FBI Electronic Biometric Transmission Specification (EBTS) and DMDC requirements. Additional scanning devices that communicate with the server must be registered, but do not have to be tested. Scanning devices that will connect to an already registered and tested server- based system must include in the registration form a reference to the registered scanner/server platform. 22. What is the timeline for scanner registration and approval? ANSWER - It usually takes less than two weeks to complete the scanner registration process and receive approval to operate in the production environment. The time frame is contingent upon timely responses to actions requested by the SWFT Coordinator. 23. Can I submit efps to the Authorized Destination if I never submit a Test efp? ANSWER - No. Submitting an efp from a device that has not been tested and approved for production could result in rejection of the fingerprint transaction and adverse action against the SWFT user and/or Organization. Questions about the Fingerprints 24. Do the efps ever get deleted from SWFT? ANSWER - Each efp that was processed by SWFT is temporarily archived and then purged in accordance with directives from the National Archives and Records Administration (NARA). 25. Are both rolled fingerprints and flat fingerprints accepted? ANSWER - Tenprint Type-4 images in EBTS transactions contain: Ten rolled fingerprints; standard four finger slaps for right and left hand; and individual thumb slaps for right and left hand. More information is available at How do I complete fingerprints for an amputee? ANSWER - For efps being uploaded to SWFT, you will want to contact your software vendor for additional instructions. For efps being uploaded from efp enrollment (SWFT+), when you are on the efp capture screen, you will select "Amputation" as the option and follow the instructions on the efp capture screen. 27. How are the fingerprint files matched with the Electronic Questionnaires for Investigations Processing (e-qip)? ANSWER - Fingerprint file is matched by the investigative service provider with the appropriate e-qip by means of selected personal identifying information data. To ensure that a request for investigation is processed efficiently, it is important that the personal identification information in the subject's e-qip record match with the same information contained in the efp. The following match criteria apply: 5

10 SUBJECT NAME o Last Name: efp and e-qip must match exactly o First Name: efp and e-qip must match exactly o Middle Name: Minor difference/discrepancy may be acceptable (that is, Marcie Gail Smith in e-qip versus M. Gail Smith or Marcie G. Smith in e-fingerprint) SOCIAL SECURITY NUMBER - efp and e-qip must match exactly DATE OF BIRTH - efp and e-qip must match exactly 28. What makes up the Transaction Control Number (TCN)? ANSWER - The TCN must be unique for each fingerprint transaction, and consists of the TCN Prefix and TCN Suffix. The TCN Prefix remains constant, while TCN Suffix is unique in each fingerprint transaction. The TCN structure must adhere to the SWFT convention. Refer to the Scanner Configuration and Registration Guide, which is accessible through the SWFT Application in the Help Files. The Scanner Configuration and Registration Guide is FOUO, and is not available to the general public. 29. Does the investigation number need to be included in the efp file? ANSWER - The e-qip request Identification (ID) is not part of the efp data. 30. What data is entered in the Social Security Number (SSN) field if a person is a Foreign National and does not have a SSN? ANSWER - Enter all 9s, all 0s, or all 9s with the last digit being a Can the SWFT support staff change biographic information that was entered incorrectly in an efp file? ANSWER - The SWFT support staff is not equipped to modify any information contained in the efp Files. If biographic information needs to be corrected or updated, a new efp will need to be submitted to SWFT. 32. My efp s processing is taking a long time. How can I find out why? ANSWER - The SWFT forwards all efp submissions to the investigative service provider within 24 hours. Once the fingerprint file is received by the investigative service provider, the role of SWFT has been completed. To check the current status of an efp, go to the efp Search screen in SWFT. From there you can search for an efp by SSN, Last Name, First Name or TCN. Please note that any discrepancies in data like Name, SSN, DOB, or POB between the submitted efp and the e-qip can cause delays in processing the request for investigation. 6