Joe Jessop

1
JPAS
The Future of Personnel Security
Joe Jessop Lockheed Martin Industry JPAS Steering
Committee
2
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

3
Cautionary Disclaimer
Please understand that JPAS is undergoing BETA
testing at selected industry facilities. As with
any beta testing or development process, criteria
and processes are subject to change prior to full
implementation of this system.
4
JPAS is on an incremental roll out schedule. The
final product is far to vast to wait for its
completion to then be introduced. Therefore to
get it in the field and underway the decision was
made to have incremental releases with additional
enhancements. This allows the core of the
program to be in use while other functions are
still being developed and subsequently added with
new releases.
5
Overview

• Objective

• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

6

• OBJECTIVE
• The objective of JPAS is very simple
• To develop one automated system capable of
  maintaining all collateral and SCI security
  clearance and adjudication information for all
  contractor and employees of the DoD.
• JPAS is designed to be a centralized record
  keeping function that will allow many of the
  processes we now use to become automated,
  on-line, with near-real time clearance data
  available to the industrial security managers.
•  

7
System Description JPAS JAMS JCAVS JAMS The
Joint Adjudication Management System provides
Central Adjudication Facilities (CAFs) a single,
integrated information system to assist in the
adjudication process through virtual
consolidation and vastly improve dissemination
of timely and accurate personnel security
information to the war fighters and planners. A
system designed for the adjudicative community by
adjudicators.
8
System Description (Continued) JPAS JAMS
JCAVS JCAVS The Joint Clearance and Access
Verification System provides security personnel
the ability to update other JCAVS users with
pertinent personnel security clearance and access
information in order to ensure the reciprocal
acceptance of clearances throughout DoD. JCAVS
will be what we in industry will use.
9
Today
DCII JCAVS JAMS
Locked-in Communications Path Between Agencies
and Industry
10
Tomorrow
DCII JCAVS JAMS
Locked-in Communications Path Between Agencies
and Industry
11
The Future
All data transmitted via JPAS in real time.
12
Overview

• Objective
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

• What JPAS Is

13
WHAT JPAS IS
JCAVS User
CAF Adjudicator
JCAVS User Remote connectivity
JCAVS User
CAF Adjudicator
JCAVS User
JPASSystem
CAF Adjudicator
JCAVS User
DCII JCAVS JAMS
14
Defense Security Service High Level Process
Overview

• JPAS records adjudicative action.
• CCMS used to maintain subject record and
  associated forms.
• Eligibility Processing will be performed in
  CCMS and JPAS.

CCMS Review Evaluate Request
CCMS Run Investigation
JPAS Interim Update Eligibility Access
CCMS Review Report for Adjudication
JPAS Final Update Eligibility Access
15
Overview

• Objective
• What JPAS Is
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

• Where We Were Last Year

16
Where We Were Last Year

• Revolutionary process just announced.
• Concept and philosophy in infancy stages for
  industry.
• Beta testing had not started.
• Industry steering committee defining
  requirements.

17

• Industry Requirements
• To expedite clearance and access conversions
  and transactions.
• To access current (or last previous) clearance
  status Information.
• To ascertain status of investigations.
• To report required Form 562 information,
  including all Personnel changes, CAGE Code
  information, and adverse information.

18

• Industry Requirements (Continued)
• To indoctrinate employees to SCI and non-SCI
  access.
• To debrief employees from SCI and non-SCI
  access.
• To certify clearances for visits.
• To generate (statistical) reports.

19
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

• Progress

20

• Progress
• DoD has reached Initial Operating Capability
  (IOC).
• Parallel system operation.
• DoD CAFs (minus DoHA and NSA)
• Implementation
• DoD - testing started in March and April 2001.
• IOC met.
• New organizations coming on line.
• Parallel system operation
• Legacy system shutdown over a phased period of
  time.
• DISCO will manage the roll-out to industry.

21
Progress!

• Industry Beta testing is on-going.
• DISCO on board in beta test mode as a CAF.
• Functionality issues being worked through.
• System is working!

22
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

• Industrial Security Letter

23
DEPARTMENT OF DEFENSE DEFENSE SECURITY
SERVICE, INDUSTRIAL SECURITY PROGRAM
OFFICE INDUSTRAL SECURITY LETTER Industrial
Security letters will be issued periodically to
inform Industry, User Agencies and DoD Activities
of development relating to industrial security.
The contents of these letters are for information
and clarification of existing policy and
requirements. Local reproduction of these letters
in their original form for the internal use of
addressees is authorized. Suggestions and
articles for inclusion in the Letter will be
appreciated. Articles and ideas contributed will
become the property of DSS. Contractor requests
for copies of the Letter and inquiries concerning
specific information should be addressed to their
cognizant security office, for referral to the
Industrial Security Program Office, Headquarters,
DSS, as appropriate. ISL 02L-1


April 22,
2002 1. Industrial Requests Affected by Operation
Enduring Freedom 2. Resumption of Industry's
Sensitive Compartmented Information and Special
Access Program Personnel Security Investigations
by Defense Security Service 3. Joint Personnel
Adjudication System (JPAS) General
Information 4. Sending Releases to Defense
Security Service (DSS) 5. Facilitating
Reinstatements/Conversions of Personnel Security
Clearances for Industry 6. Periodic
Reinvestigations (PR) 7. Important EPSQ Privacy
Warning 8. Shut Down of .MIL Servers 9. Reports
Submitted to the CSA NISPOM Paragraphs 1-302,
1-303 and 1-304 10. Verification of Facility
Clearance (FCL) Associated With Classified
Visits 11. Clarification Regarding Receipt and
Dispatch Records of Classified Information Transm
itted Electronically 12. Certified Mail
Transmitted Over the Internet 13. Intrusion
Detection Systems (IDS) NISPOM Paragraph 5-901
24
Joint Personnel Adjudication System (JPAS)
General Information JPAS is DoDs automated
system that will maintain all collateral and SCI
security clearance (eligibility and access) and
adjudication information for DoD contractor and
government personnel. The DoD adjudicative
facility will enter eligibility determinations
in JPAS and contractors will complete the
access field. JPAS allows you to both read
information for all personnel on the system and
to perform personnel security actions for
personnel within your span of control in real
time. Notification of clearance eligibility will
arrive electronically. The contractor, without
waiting for action by DISCO, will do
reinstatements and conversions. Once all
contractors have the opportunity to come on line
(within the next 2 years) use of JPAS for
personnel security actions will be mandated for
all contractors.
25
Operational Changes in Business Rules

• Necessitates changes in terminology
• Eligibility and Access versus Clearance.
• Eligibility level of information a person is
  authorized consistent with level of
  investigation. (Responsibility of the CAF)
• Access specifies level of information to
  which a person is granted. (Responsibility of
  the FSO)

Note This places a high degree of
responsibility on the FSO.
26
With this privilege comes a lot of
responsibility. You will maintain your records
within JPAS and must ensure that whoever in your
facility is responsible for this function, has
been properly trained. Although you will not be
able to grant access in JPAS to an employee
unless the investigative basis is there, it will
be your responsibility to accurately and
expeditiously maintain your records, as other DoD
users will be granting access to your employees
based on your data.
27
Operational Changes Continued

• JCAVS will automatically record eligibility
  at the highest level commensurate with the level
  of investigation FSC.
• Eligibility for Top Secret does not mean that
  the person should, or can, have access to Top
  Secret information.
• Facility only cleared at the Secret level!
• Only Secret required for job performance.
• Once operating capability has been reached,
  LOCs will no longer be required. JPAS is the
  official DoD clearance record.
• One cleared person one JPAS record!

28
Major Changes to Business Processes

• Facility Security Officer will now have the
  ability to
• Grant access based on JPAS record of
  eligibility.
• Upgrade level of access.
• Downgrade level of access.
• Terminate access.
• Record SF 312 execution. (This only needs to be
  done once).
• Send U.S. Visits.
• In and Out Process employees / transfer
  clearances.
• Submit Adverse Information Reports on Line.
• Non-contract related visits will still have to
  be approved by current NISPOM requirements.
  Facility can still verify visitor access
  information via JPAS.

29
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

• JPAS Requirements

30

• System Access Requirements
• Desktop configuration.
• System encryption security.

31

• Desktop Configuration Requirements
• Netscape Web Application Server and Netscape
  (4.7) or current DoD version.
• (Other browsers may work but are not
  recommended.)
• Workstation Configuration Requirements
• Pentium 200 MHz or better.
• 128 MB RAM (Minimum) and 150 MB Free Disk
  Space.
• Windows 95/NT 4.0 or later.

32

• System Encryption Requirements
• Public Key Infrastructure (PKI) for Industry.
• An industry sub-committee formed to explore
  requirements.
• PKI implementation by 1 Oct 03
• Must be NSA approved.
• Only four vendors on current list
• Operational Research Consultants (ORC)
• Digital Signature Trust (DST)
• VeriSign
• General Dynamics (GD)
• Users will require a DoD investigation
  commensurate with level of access to the system.

33
Industry Security Personnel on Military Facilities

• Common Access Card (CAC)
• New to DoD
• Contains six 32 Mg chips
• One reserved for JPAS
• Contractor personnel using a .mil address will
  be provided CAC (free) by supporting military
  activity
• 4 vendors selected to provide CACs
• Datakey
• Schlumberger
• Syprus
• Litronics

34
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

• User Access Requirements

35

• User Investigative Requirements
• Level II and III - Current SSBI.
• Level IV through VII - NACLAC w/Credit
• If projected user has a NACLAC w/o Credit, a
  new EPSQ will be required with reason listed as
  Requires access to JPAS.

Note A suggested Level VIII has been approved.
This will require a SSBI. The use will be for
guards and receptionists in the SCI realm. (Read
Only)
36
JPAS Access

• Two functional categories of JCAVS.
• JPAS Account Management.
• JCAVS Functional User.
• Level of access dependent on.
• Facility clearance level.
• Requirement to access non-SCI or SCI
  eligibility and access data.
• Read-only or read-write access required.

37

• Account Management
• Account Manager is responsible for
• Establishing Span of Control w/in company.
• Company interface with the Program Management
  Office (PMO) Industry will use the JPAS Help
  Desk.
• Responsible for compliance with, and operation
  of, JPAS within company
• Establish User accounts

38

• Account Management (Continued)
• Perform administrator functions such as
• Issuance of User ID and passwords
• Re-setting passwords
• Locking / un-locking user accounts
• Changing user account privileges
• Point of contact for system technical issues
• Single point of contact between company and the
  PMO

39

• Account Management (Continued)
• JCAVS Functional User
• Read only access read capability for
  eligibility and access information on all
  individuals listed in JPAS. No write
  capability with this access.
• Read-Write Access
• Read capability on all JPAS records.
• Write capability on all employees within
  defined Span of Control.
• Level of write capability based on SCI or
  non-SCI use.

40
Lockheed Martin Account Management Structure
41

• DoD Access Structure
• Level I - Executive Account Manager
• Level II - SSO MAJCOM
• Level III - SSO Installation
• Level IV - Collateral MAJCOM
• Level V - Collateral Installation
• Level VI - Unit/Organization
• Level VII - Entry Controller

42

• Industry Access Structure
• Level II Corporate Security Officer (SCI).
• Level III Company FSOs / Managers (SCI)
• Level IV Corporate Security Officers
  (collateral)
• Level V Company FSOs / Managers (collateral)
• Level VI - Unit Security Managers / Visitor
  Control
• Level VII - Lobby receptionists, security entry
  point personnel.(collateral)
• Level VIII- Lobby receptionist, security entry
  point (SCI)
• Determined by each companys approved Span of
  Control and access level requirements.

43
(No Transcript)
44
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Where to From Here
• JPAS System Snapshot Overview
• Summary and Questions

• Oversight Responsibilities

45

• Oversight Responsibility
• Program Management Office
• All records and processes relative to system
  administration and use.
• Account management and compliance with DoD IS
  policy.
• Defense Security Service
• Records and stores information as it applies to
  standard NISPOM requirements relative to
  eligibility and access of cleared employees and
  visitors.

46
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• JPAS System Snapshot Overview
• Summary and Questions

• Where to From Here

47

• Where To From Here
• Resolve data flow issues between CCMS and JPAS.
  (Resolved?)
• Resolution of granting/indoctrinating of SCI
  access (side bar development).
• Industry policy directive. (ISL 02-1 does not
  contain adequate policy.)
• Industry implementation instructions. (waiting
  appr.)
• Industry beta test (ongoing).
• Training for industry.

48
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• Summary and Questions

• JPAS System Snapshot Overview

49

• The following slides are representative of the
  Industry JPAS
• Functional screen modules.
• These mock-up screens are not all inclusive
  of the entire screen-set.

50
(No Transcript)
51
(No Transcript)
52
(No Transcript)
53
(No Transcript)
54
Last, First M.
123-45-6789
111-22-3333
Request, Research, Upgrade Eligibility
55
Top Secret
56
(No Transcript)
57
(No Transcript)
58
(No Transcript)
59
(No Transcript)
60
ISL 02L-1 How and when will JPAS users be
trained? Initially, JPAS will use the
train-the-trainer concept. Training will be
accomplished by the JPAS program office as well
as by contractor associations such as the
National Classification Management Society.
After deployment, JPAS will become part of the
curriculum in courses offered by the Defense
Security Service Academy (DSSA) and the Defense
Intelligence Agency (DIA), both resident and
mobile courses. Now you can go to the JPAS site
and take the online training.
61
Training Link
62
(No Transcript)
63
(No Transcript)
64
(No Transcript)
65

• Account Management Training
• Accessing JCAVS
• Add a JCAVS User
• Modify a JCAVS User
• Remove a JCAVS User
• Reset a Users Password
• Lock / Unlock a Users Account
• Log Off a User

66

• Security Management Training
• Span of Control
• Select Person and Person Summary
• In/Out Process
• Grant Interim Clearance
• Indoctrinate for non-SCI
• Indoctrinate for SCI
• Debrief Actions
• Visits
• Adverse Information Reports

67
Overview

• Objective
• What JPAS Is
• Where We Were Last Year
• Progress
• Industrial Security Letter
• JPAS Requirements
• User Access Requirements
• Oversight Responsibilities
• Where to From Here
• JPAS System Snapshot Overview

• Summary and Questions

68
Contact Information Joe Jessop 301-897-6189 Josep
h.j.jessop_at_lmco.com