How to Implement JPAS

1
How to Implement JPAS
NCMS Annual Training Seminar

• JPAS Implementation Team

Vince Jarvie Lockheed Martin
Tony Ingenito Northrop Grumman
Barbara Taylor Ellen Suchey Raytheon
Gene Krebs Boeing
2
Introduction History

• U.S. Government System
• Read/write access for Industry?
• OSD JPAS PMO support Industry
• March/July 2001 Initial Development Industry
  Requirements
• Industry Beta Test
• Issues
• THE MEETING 3 October 2002
• Must have, should have, would like to have
• Span of control ? PSMNet 30 May 2003

3
JPAS Prerequisites

• System Requirements
• Pentium 133 MHz (minimum)
• Netscape v4.79 or Internet Explorer v6.x
• 128 bit encryption enabled
• JavaScript, Cookies and SSL enabled
• Connectivity Requirement
• .com, .net, .org, .mil or .gov address
• Firewall must be able to connect to port 443
• Network must have reverse dns lookup enabled

4
JPAS Prerequisites

• Clearance Requirements (access levels)
• Level II, III and VIII current SCI access
• Level IV through VII X NCLC w/Credit
• If a required user has a NCLC w/o Credit
• New EPSQ is required with Requires access to
  JPAS as reason
• PUBLIC KEY INFRASTRUCTURE (PKI)
• Currently, 128 bit SSL is used until PKI becomes
  available. Expect to see PKI 10/04

5
Corporate Commitment Structure

• Appointment Letter
• Primary Alternate Account Manager
• Full names, social security numbers, and contact
  information (i.e., telephone numbers, office
  addresses, and work email addresses).
• Signed by KMP or Corporate Officer
• Buy in Implement the Change process
• Corporate Leadership
• Business Area Leadership
• Security management
• Security personnel

6
Corporate Commitment Structure

• Resource availability
• Do it right the 1st time
• ALWAYS REMEMBER
• JPAS IS THE U.S. GOVERNMENT OFFICIAL SYSTEM OF
  RECORD FOR CLEARANCES!

7
Corporate Commitment Structure

• Ethical Conduct
• Valid business purpose
• Loss of Privileges
• Devastating impact
• Business
• Personal

8
Corporate Commitment Structure

• SCI Structure
• LEVEL 2 - SCI security personnel at unified
  command, DoD agency, military department or major
  command/equivalent headquarters. PSM - Net is
  determined by the responsible SOIC or designee.
  (Read and Write Access)
• LEVEL 3 - SCI security personnel at echelons
  subordinate to Level 2 at a particular geographic
  location (installation, base, post, naval
  vessel). PSM - Net is determined by the
  responsible SOIC or designee. (Read and Write
  Access)
• LEVEL 8 - SCI Entry control personnel.
  Individuals who grant access to SCIF
  installations, buildings, etc. Varies according
  to organizations. (Read Access )

9
Corporate Commitment Structure

• Non SCI Structure
• LEVEL 4 - Non-SCI security personnel at unified
  command, DoD agency, military department or major
  command/equivalent headquarters. PSM - Net is
  determined by the responsible Security Officer or
  designee. (Read and Write Access)
• LEVEL 5 - Non-SCI security personnel at echelons
  subordinate to Level 4 at a particular geographic
  location (installation, base, post, naval
  vessel). PSM - Net is determined by the
  responsible Security Officer or designee. (Read
  and Write Access)
• LEVEL 6 - Unit security manager (additional duty)
  responsible for security functions as determined
  by responsible senior security official. (Read
  and Write Access)
• LEVEL 7 - Non-SCI Entry control personnel.
  Individuals who grant access to installations,
  buildings, etc. Varies according to
  organizations. (Read Access)

10
Corporate Commitment Structure
Level 2
Corporate Office
Access requires SCI access
Level 3
Integrated Systems
Electronic Systems
Information Technology
Ship Systems
Newport News
Level 3 or 4
Level 4 or 5
Sites/ Program
Sites/ Program
Sites/ Program
Sites/ Program
Sites/ Program
Sites/ Program
Sites/ Program
Sites/ Program
Sites/ Program
Sites/ Program
Sites/ Program
Sites/ Program
Level 5 or 6
Frequent Users
Frequent Users
Frequent Users
Frequent Users
Frequent Users
Frequent Users
Frequent Users
Frequent Users
Frequent Users
Frequent Users
Frequent Users
Frequent Users
Level 7
Access requires a Secret NCLC/CR
Inquiry Only Guard / Lobby Posts
11
Account Management Users

• Account Management
• Establish Corporate Account Manager and
  alternate.
• Create additional Account Managers necessary to
  support your structure (Division, geographic)
• Establishes JPAS user accounts
• Resets passwords, unlocks users or logs users off
• Responsible to maintain signed RFA on users they
  grant ID for (will be an auditable item)
• Terminating account when user leaves or no longer
  requires access for security related functions.

12
Account Management Users

• JPAS Users
• Update capability Level 2 thru 6
• Update employee clearance file (personal info,
  create/transfer FSC, Indoc data, terminations,
  adverse reporting
• Perform most all Form 562 transactions
• Pay attention to what tab you are viewing
• Receives notification of clearance actions
• Generates organization reports as needed

13
Account Management Users

• JPAS Users
• Inquiry level 7 10 (non-SCI data)
• Allows for inquires by Guard/Receptionist or
  other security users that do not need update
  capabilities
• Validate clearance eligibility for visitors
• Inquiry Level 8 (SCI data)
• Allows for inquires by SCI cleared users
• Validates SCI eligibilities and tickets

14
Training

• Develop Company Training Plan
• Develop JPAS expert for your company
• Develop trainers alternates to fill your
  structure
• Have users first complete the JITA available
  online at the JPAS website (https//jpas.osd.mil/)
  
• Utilize training tools for classroom, lecture,
  net-meeting before cutting users loose.
• Spend the time and do it right the 1st time

15
Training Tools

• JPAS Joint Integrated Training Application
  (Available JPAS Home Page)

16
Training Tools

• JPAS Account Managers Training Presentation
  (Available soon)

17
Training Tools

• JPAS User Training Presentation (Available soon)

18
Training Tools

• JPAS User How to Book (Available soon)

19
Implementation Validation

• Implementation Plan
• Establish team with representatives from each
  element
• Identify Account Manager structure projected
  users
• Identify potential cost for equipment and
  software
• Establish Account Managers Company Trainers
• Establish Training sub-team to evaluate and
  develop training tools (if required beyond tools
  provided)
• Establish Training plan
• Establish validation criteria process
• Establish user accounts, conduct training
• Conduct validation correction process
• Certify JPAS Files

20
Implementation Validation

• Roll-out Schedule
• Data Validation Corrections
• Current employees (Personal Data, Clearance Data,
  Facility Data, Briefing Data)
• Former employees (Separation Data, Debriefing
  data)
• Update correct information if incorrect
• Creation of correct industry (Cage Code) if
  necessary
• Clean-up of assigned persons to your Cage Code

21
Validation Checklist
22
Questions