Presentation to the

1
Presentation to the National Classification
Management Society National Training Seminar July
2002
Dave Kendrick Raytheon Representative Indus
try JPAS Steering Committee
2
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

3
Cautionary Disclaimer
Please understand that JPAS is undergoing BETA
testing at selected industry facilities. As with
any beta testing or development process, criteria
and processes are subject to change prior to full
implementation of this system.
4
Overview

• Objective

• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

5

• OBJECTIVE
• The objective of JPAS is very simple
• To develop one automated system capable of
  maintaining all collateral and SCI security
  clearance and adjudication information for all
  contractor and employees of the DoD.
• JPAS is designed to be a centralized record
  keeping function that will allow many of the
  processes we now use to become automated,
  on-line, with near-real time clearance data
  available to the industrial security managers.
•  

6
System Description JPAS JAMS JCAVS JAMS The
Joint Adjudication Management System provides
Central Adjudication Facilities (CAFs) a single,
integrated information system to assist in the
adjudication process through virtual
consolidation and vastly improve dissemination
of timely and accurate personnel security
information to the war fighters and planners. A
system designed for the adjudicative community by
adjudicators.
7
System Description (Continued) JPAS JAMS
JCAVS JCAVS The Joint Clearance and Access
Verification System provides security personnel
the ability to update other JCAVS users with
pertinent personnel security clearance and access
information in order to ensure the reciprocal
acceptance of clearances throughout DoD.
8
DCII JCAVS JAMS
Locked-in Communications Path Between Agencies
and Industry
9
DCII JCAVS JAMS
Locked-in Communications Path Between Agencies
and Industry
10
All data transmitted via JPAS in real time.
11
Overview

• Objective
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

• What JPAS Is

12
WHAT JPAS IS
JCAVS User
CAF Adjudicator
JCAVS User Remote connectivity
JCAVS User
CAF Adjudicator
JCAVS User
JPASSystem
CAF Adjudicator
JCAVS User
DCII JCAVS JAMS
13
Defense Security Service High Level Process
Overview

• JPAS records adjudicative action.
• CCMS used to maintain subject record and
  associated forms.
• Eligibility Processing will be performed in
  CCMS and JPAS.

CCMS Review Evaluate Request
CCMS Run Investigation
JPAS Interim Update Eligibility Access
CCMS Review Report for Adjudication
JPAS Final Update Eligibility Access
14
Overview

• Objective
• What JPAS Is
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

• Where We Were Last Year

15
Where We Were Last Year

• Revolutionary process just announced.
• Concept and philosophy in infancy stages for
  industry.
• Beta testing had not started.
• Industry steering committee defining
  requirements.

16

• Industry Requirements
• To expedite clearance and access conversions
  and transactions.
• To access current (or last previous) clearance
  status Information.
• To ascertain status of investigations.
• To report required Form 562 information,
  including all Personnel changes, CAGE Code
  information, and adverse information.

17

• Industry Requirements (Continued)
• To indoctrinate employees to SCI and non-SCI
  access.
• To debrief employees from SCI and non-SCI
  access.
• To certify clearances for visits.
• To generate (statistical) reports.

18
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

• Progress

19

• Progress
• DoD has reached Initial Operating Capability
  (IOC).
• Parallel system operation.
• DoD CAFs (minus DISCO/DoHA and NSA)
• Implementation
• DoD - testing started in March and April 2001.
• IOC met.
• New organizations coming on line.
• Parallel system operation
• Legacy system shutdown over a phased period of
  time.
• Industry team will decide roll-out and
  structure for industry use.

20
Progress!

• Industry Beta testing is on-going.
• DISCO on board in beta test mode as a CAF.
• Functionality issues being worked through.
• System is working!

21
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

• Industrial Security Letter

22
DEPARTMENT OF DEFENSE DEFENSE SECURITY
SERVICE, INDUSTRIAL SECURITY PROGRAM
OFFICE INDUSTRAL SECURITY LETTER Industrial
Security letters will be issued periodically to
inform Industry, User Agencies and DoD Activities
of development relating to industrial security.
The contents of these letters are for information
and clarification of existing policy and
requirements. Local reproduction of these letters
in their original form for the internal use of
addressees is authorized. Suggestions and
articles for inclusion in the Letter will be
appreciated. Articles and ideas contributed will
become the property of DSS. Contractor requests
for copies of the Letter and inquiries concerning
specific information should be addressed to their
cognizant security office, for referral to the
Industrial Security Program Office, Headquarters,
DSS, as appropriate. ISL 02L-1


April 22,
2002 1. Industrial Requests Affected by Operation
Enduring Freedom 2. Resumption of Industry's
Sensitive Compartmented Information and Special
Access Program Personnel Security Investigations
by Defense Security Service 3. Joint Personnel
Adjudication System (JPAS) General
Information 4. Sending Releases to Defense
Security Service (DSS) 5. Facilitating
Reinstatements/Conversions of Personnel Security
Clearances for Industry 6. Periodic
Reinvestigations (PR) 7. Important EPSQ Privacy
Warning 8. Shut Down of .MIL Servers 9. Reports
Submitted to the CSA NISPOM Paragraphs 1-302,
1-303 and 1-304 10. Verification of Facility
Clearance (FCL) Associated With Classified
Visits 11. Clarification Regarding Receipt and
Dispatch Records of Classified Information Transm
itted Electronically 12. Certified Mail
Transmitted Over the Internet 13. Intrusion
Detection Systems (IDS) NISPOM Paragraph 5-901
23
Joint Personnel Adjudication System (JPAS)
General Information JPAS is DoDs automated
system that will maintain all collateral and SCI
security clearance (eligibility and access) and
adjudication information for DoD contractor and
government personnel. The DoD adjudicative
facility will enter eligibility determinations
in JPAS and contractors will complete the
access field. JPAS allows you to both read
information for all personnel on the system and
to perform personnel security actions for
personnel within your span of control in real
time. Notification of clearance eligibility will
arrive electronically. The contractor without
waiting for action by DISCO will do
reinstatements and conversions. Once all
contractors have the opportunity to come on line
(within the next 2 years) use of JPAS for
personnel security actions will be mandated for
all contractors.
24
Operational Changes in Business Rules

• Necessitates changes in terminology
• Eligibility and Access versus Clearance.
• Eligibility level of information a person is
  authorized consistent with level of
  investigation.
• Access specifies level of information to
  which a person is granted.
• Access will be recorded in JPAS by the Facility
  Security Officer, as determined by eligibility
  and level required.

Note This places a high degree of
responsibility on the FSO.
25
With this privilege comes a lot of
responsibility. You will maintain your records
within JPAS and must ensure that whoever in your
facility is responsible for this function, has
been properly trained. Although you will not be
able to grant access in JPAS to an employee
unless the investigative basis is there, it will
be your responsibility to accurately and
expeditiously maintain your records, as other DoD
users will be granting access to your employees
based on your data.
26
Operational Changes Continued

• JCAVS will automatically record eligibility
  at the highest level commensurate with the level
  of investigation.
• Eligibility for Top Secret does not mean that
  the person should, or can, have access to Top
  Secret information.Facility only cleared at the
  Secret level!
• Only Secret required for job performance.
• Once operating capability has been reached,
  LOCs will no longer be required. JPAS is the
  official DoD clearance record.
• One cleared person one JPAS record!

27
Major Changes to Business Processes

• Facility Security Officer will now have the
  ability to
• Grant access based on JPAS record of
  eligibility.
• Upgrade level of access.
• Downgrade level of access.
• Terminate access.
• Record SF 312 execution.
• Send U.S. Visits.
• In and Out Process employees / transfer
  clearances.
• Submit Adverse Information Reports on Line.
• Non-contract related visits will still have to
  be approved by current NISPOM requirements.
  Facility can still verify visitor access
  information via JPAS.

28
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

• JPAS Requirements

29

• System Access Requirements
• Desktop configuration.
• System encryption security.

30

• Desktop Configuration Requirements
• Netscape Web Application Server and Netscape
  (4.7) or current DoD version.
• (Explorer will not be allowed!)
• Workstation Configuration Requirements
• Pentium 133 MHz or better.
• 128 MB RAM (Minimum) and 150 MB Free Disk
  Space.
• Windows 95/NT 4.0 or later.

31

• System Encryption Requirements
• Public Key Infrastructure (PKI) for Industry.
• An industry sub-committee formed to explore
  requirements.
• PKI implementation by 1 Oct 03
• Must be NSA approved.
• Only four vendors on current list
• Operational Research Consultants (ORC)
• Digital Signature Trust (DST)
• VeriSign
• General Dynamics (GD)
• Users will require a DoD investigation
  commensurate with level of access to the system.

32
Industry Security Personnel on Military Facilities

• Common Access Card (CAC)
• New to DoD
• Contains six 32 Mg chips
• One reserved for JPAS
• Contractor personnel using a .mil address will
  be provided CAC (free) by supporting military
  activity
• 4 vendors selected to provide CACs
• Datakey
• Schlumberger
• Syprus
• Litronics

33
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

• User Access Requirements

34

• User Investigative Requirements
• Level II and III - Current SSBI.
• Level IV through VII - NACLAC w/Credit
• If projected user has a NACLAC w/o Credit, a
  new EPSQ will be required with reason listed as
  Requires access to JPAS.

35
JPAS Access

• Two functional categories of JPAS access.
• JPAS Account Management.
• JPAS Functional User.
• Level of access dependent on.
• Facility clearance level.
• Requirement to access non-SCI or SCI
  eligibility and access data.
• Read-only or read-write access required.

36

• Account Management
• Account Manager is responsible for
• Establishing Span of Control w/in company.
• Company interface with the Program Management
  Office (PMO)
• Responsible for compliance with, and operation
  of, JPAS within company
• Establish User accounts

37

• Account Management (Continued)
• Perform administrator functions such as
• Issuance of User ID and passwords
• Re-setting passwords
• Locking / un-locking user accounts
• Changing user account privileges
• Point of contact for system technical issues
• Single point of contact between company and the
  PMO

38

• Account Management (Continued)
• JPAS Functional User
• Read only access read capability for
  eligibility and access information on all
  individuals listed in JPAS. No write
  capability with this access.
• Read-Write Access
• Read capability on all JPAS records.
• Write capability on all employees within
  defined Span of Control.
• Level of write capability based on SCI or
  non-SCI use.

39
Example of Span of Control
DoD JPAS Program Office
Raytheon Aircraft Company
Raytheon Office of Homeland Security
Raytheon Technical Services Company
40

• DoD Access Structure
• Level I - Executive Account Manager
• Level II - SSO MAJCOM
• Level III - SSO Installation
• Level IV - Collateral MAJCOM
• Level V - Collateral Installation
• Level VI - Unit/Organization
• Level VII - Entry Controller

41

• Industry Access Structure
• Level II Corporate Security Officer (SCI).
• Level III Company FSOs / Managers (SCI)
• Level IV Corporate Security Officers
  (collateral)
• Level V Company FSOs / Managers (collateral)
• Level VI - Unit Security Managers / Visitor
  Control
• Level VII - Lobby receptionists, security entry
  point personnel.
• Determined by each companys approved Span of
  Control and access level requirements.

42
(No Transcript)
43
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

• Oversight Responsibilities

44

• Oversight Responsibility
• Program Management Office
• All records and processes relative to system
  administration and use.
• Account management and compliance with DoD IS
  policy.
• Defense Security Service
• Records and information as it applies to
  standard NISPOM requirements relative to
  eligibility and access of cleared employees
  and visitors.

45
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• JPAS System Snapshot Overview
• Summary and Questions

• Where to From Here

46

• Where To From Here
• Resolve data flow issues between CCMS and JPAS.
  (Resolved?)
• Resolution of granting/indoctrinating of SCI
  access (side bar development).
• Industry policy directive. (ISL 02-1 does not
  contain adequate policy.)
• Industry implementation instructions.
• Industry beta test (ongoing).
• Training for industry.

47
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• Summary and Questions

• JPAS System Snapshot Overview

48

• The following slides are representative of the
  Industry JPAS
• Functional screen modules.
• These mock-up screens are not all inclusive
  of the entire screen-set.

49
(No Transcript)
50
(No Transcript)
51
(No Transcript)
52
Top Secret
53
Top Secret
54
(No Transcript)
55
(No Transcript)
56
(No Transcript)
57
(No Transcript)
58
ISL 02L-1 How and when will JPAS users be
trained? Initially, JPAS will use the
train-the-trainer concept. Training will be
accomplished by the JPAS program office as well
as by contractor associations such as the
National Classification Management Society.
Training CDs will also available. After
deployment, JPAS will become part of the
curriculum in courses offered by the Defense
Security Service Academy (DSSA) and the Defense
Intelligence Agency (DIA), both resident and
mobile courses.
59
(No Transcript)
60
Interactive CD
2
July 2002
61
(No Transcript)
62
(No Transcript)
63

• Account Management Training
• Accessing JCAVS
• Add a JCAVS User
• Modify a JCAVS User
• Remove a JCAVS User
• Reset a Users Password
• Lock / Unlock a Users Account
• Log Off a User

64
(No Transcript)
65

• Security Management Training
• Span of Control
• Select Person and Person Summary
• In/Out Process
• Grant Interim Clearance
• Indoctrinate for non-SCI
• Indoctrinate for SCI
• Debrief Actions
• Visits
• Adverse Information Reports

66
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview

• Summary and Questions

67
Summary
In conclusion, JPAS will be the single system
within OSD and industry to manage the security
clearance process. It has been approved as the
OSD system. The industry team is very optimistic
that JPAS will provide a more streamlined
approach to our security business process by
reducing time and paperwork processes currently
in use as mandated by the NISPOM. OSD/C3I has
emphasized to the PMO and Government team members
that if policy changes are required for
industry implementation, such changes will be
made in the form of an Industrial Security Letter
for DoD contractors.
68
Contact Information Dave Kendrick 972.205.5776 Da
ve_B_Kendrick_at_Raytheon.com