On July 29, 2010, the Undersecretary of Defense for Intelligence directed that all Department of Defense components must electronically capture and submit fingerprints in support of all background investigations by December 31, 2013. At the end of last month the Defense Security Service (DSS) published its first unclassified instructions for industry for submission of electronic fingerprints. The document can be found here. This document provides guidance to companies participating in the National Industrial Security Program (NISP) on options to capture and submit electronic fingerprints.
Secure Web Fingerprint Transmission (SWFT) Program is a fully operational system that is funded, managed and operated by the Defense Manpower Data Center (DMDC). SWFT facilitates the electronic capture and submission of fingerprints from approved sources to the Office of Personnel Management (OPM) to conduct background investigations for security clearances, as well as implementation of Homeland Security Presidential Directive – 12 (HSPD-12) and support goals established by the Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004.
Step 1: Get the facts. The DMDC website provides information and a clear process for implementing SWFT in your company, including vetting your company to become an authorized SWFT user; information on access, registration and testing procedures; and documentation of the history of this requirement.
Step 2: Decide on your option. The DSS instructions list 5 options for your company to become compliant with the new requirement:
- Option 1: Company purchases the equipment. Companies must purchase FBI-certified hardware. A list of certified hardware can be found here .
- Option 2: Companies Share Resources. Multiple companies can share the cost of purchasing and maintaining equipment.
- Option 3: Company(s) Offering Service. A company can purchase equipment and be a provider to other companies.
- Option 4: Third Party Vendor provides Electronic Fingerprint File. A third party vendor that is an FBI approved channeler collects the fingerprints, saves the file in an approved format and provides the file to the NISP company. The NISP company can then submit the fingerprints when submitting the electronic Questionnaire for Investigation Processing (eQIP). The FBI Approved Channeler List can be found here.
- Option 5: Other Government Entities. This option allows an industry company to partner with the military services or other government agency participating in the NISP for electronic fingerprint submissions.
Step 3: Make a Plan. Analyze the pros and cons of each option and decide on which one makes the most sense for your situation. Personally, I work for a small company (less than 100 employees) and I fingerprint less than 10 employees per year, on average. At first, we thought that either Option 2 or 4 would work well for us, but we decided to go with Option 3, since we partner with numerous other small companies and we thought offering the fingerprinting service to our partners would be a plus in the relationship. Rumor has it that of the approximately 12,000 cleared facilities in the NISP, only about 1,000 have decided on their plan or purchased equipment. Undoubtedly, many will wait until very late in the game to make their decision. This is reminiscent of the JPAS PKI fiasco of a couple of years ago.
Step 4: Implement. SWFT is fully functional, so if you start testing your process immediately upon completion of your plan’s administrative process, whether you are purchasing equipment or utilizing services of a third party.
I recommend that you check with the state or commonwealth department of revenue where your company files its annual tax return for the possibility of a business tax credit. For example, if your company claims Maryland as its base, Maryland has created such a tax credit for businesses that incur documented costs for processing federal security clearance background checks, associated training, and costs for construction or renovation of sensitive compartmented information facilities (SCIFs). For a business to be eligible, it must apply to and be certified by the Maryland Department of Business and Economic Development (DBED). Details can be found at: http://www.choosemaryland. org/businessresources/Pages/MarylandESCCTaxCredit.aspx.
In summary, the first paragraph says it all – electronic fingerprint submission is a requirement, not an option. The sooner we accept that and start planning for our respective company’s implementation, the better analysis, decision making and actual implementation will result. Proactive actions will also favorably impact the company’s management support of the security program, your DSS Industrial Security Representative’s view of the program, and the reputation of your company among your partners and customers.
William R. Loveridge is a Facility Security Officer, a security consultant, a retired DoD personnel security adjudicator and a retired US Army Reserve Warrant Officer.