NCACS - NST Center · 2014-09-24 · CNIC NCACS for Identity Management and Perimeter Installation...

UNCLASSIFIED

Draft

Released on 14 FEB 2011 by M.A. Reid

NCACSNavy Commercial

Access Control System

Sharon L. GibsonCNIC

09 Feb 2011

1

UNCLASSIFIED

Draft


NCACS“CNIC NCACS for Identity Management and Perimeter Installation Access

Control Designed to Manage Non-CAC Eligible Vendors, Contractors, Sub-contractors, Suppliers, and Service Providers.”

• CNIC NCACS supports US Navy efforts to comply with:– HSPD 12 Policy for a Common Identification Standard for Federal Employees and

Contractors – Public Law 110-181 (FY 2008) SEC 1069 Standards for Entry to Military

Installations in (the) United States– USNORTHCOM Installation Access Control Guidance in the AOR, dtd 05 DEC

2007– Federal Information Processing Standards Publication (FIPS) 201-1 Personal

Identity Verification (PIV) of Federal Employees and Contractors, dtd MAR 2006– DoD Instruction (DoDI) 2000.16 DoD Anti-Terrorism Standards , dtd 02 OCT 2006– DoDI 5200.08-R Physical Security Program, dtd APR 2007– Directive Type Memorandum (DTM) 09-012 Interim Policy Guidance for DoD

Physical Access, dtd 08 DEC 2009– OPNAV Instruction 5530.14 Navy Physical Security and Law Enforcement

Program, dtd 28 JAN 2009– OPNAV Instruction 1752.3 Policy for Sex Offender Tracking, Assignment and

Access Restrictions with the Navy, dtd 27 MAY 2009– MEMORANDUM FOR COMMANDANT OF THE MARINE CORPS CHIEF OF NAVAL

OPERATIONS, dtd 07 OCT 2008

2

UNCLASSIFIED

Draft


Available Here: https://g2.cnic.navy.mil/TSCNICHQ/N3/N3AT/General/Physical%20Security.aspx?PageView=Shared

3

CNIC 5530 Notice and NCACS SOP

https://g2.cnic.navy.mil/TSCNICHQ/N3/N3AT/General/Physical Security.aspx?PageView=Shared�

UNCLASSIFIED

Draft


Why NCACS ?

• Vendor/Contractor Vetting & Access Privileges– Comprehensive initial background check

before a credential is issued– Electronic validation of the credential – Electronic verification of installation

specific access privileges– Quarterly updates on background check– The Navy has limited capability today

• Minimal Cost to US Navy– Phone, power and space for kiosk and servers

• Reviewed and approved by OSD & CNIC OGC

• Better Than What US Navy Does Today– The US Navy conducts little or no screening

of non-CAC vendor/contractor personnel today

4

UNCLASSIFIED

Draft


NCACS Benefits

• Benefits to the US Navy

– Standardized enrollment, vetting, credentials and management of access privileges for vendors, contractors, sub-contractors, suppliers and service providers not eligible for a Common Access Card (CAC) who are coming aboard US Navy installations

– Improve the safety and security of CNIC installations and other Commands through:

• Regular and improved vetting• Electronic validation of credentials & verification of installation

specific access privileges in “near real time”• Reduction in the number and types of credentials used for

installation access• Management of non-CAC vendors/contractors by a single

enterprise system

– Cost avoidance for CNIC and other Navy Commands by:• Reducing/eliminating purchase and/or sustainment of other

locally produced credentialing systems• Improved efficiencies at Pass & ID through a reduction in

issuance of contractor passes and other credentials

5

UNCLASSIFIED

Draft


NCACS Benefits (cont)• Benefits to vendor/contractor companies & employees

– One enterprise system which manages non-CAC vendors, contractors, sub-contractors, suppliers and service providers across all US Navy shore installations in CONUS, Hawaii and Guam and other US Army, US Marine Corps, US Coast Guard and NASA installations

– Annual access privileges to multiple US Navy and other DoD and Government installations with one credential

– Not eligible for DoD vehicle decals

– No commercial vehicle inspection is required (other than Random Anti-Terrorism Measures (RAM) or elevation of Force Protection Conditions (FPCON))

– Reduction in wait times to access installations• Pass & ID for credentials/passes/decals• Access to multiple gates

• NEXCOM will comply with the requisites provided by DOD, SECNAV, OPNAV and CNIC 5530 Notice and NCACS SOP

6

UNCLASSIFIED

Draft

Released on 14 FEB 2011 by M.A. Reid 7

CNIC 5530 Notice Summary• Participants:

– NCACS is the only long term non-CAC Vendor/Contractor credential that will be issued and valid for perimeter access to CNIC installations

– Subject to RANDOM inspections– Multiple perimeter gate access (as vehicle size will permit)– Escorting not permitted – Participants are not eligible for DoD vehicle decals

• Non-Participants: – Every day, must go to Pass & ID and request a one day pass– Every day, must meet background check requirements in

DTM 09-012 prior to issuance of the one day pass– Limited perimeter ECP access– Reduced hours of access to the installation– Will not be issued a CAC unless both physical and logical

(NMCI) access is required

UNCLASSIFIED

Draft


NCACS Prototype CapabilitiesRAPIDGate® successfully completed a 3 year pilot program in Navy Region Southwest. Based on that success, a 2 year NCACS Prototype is being implemented across the CNIC Enterprise.

• Electronically Verify & Biometrically Authenticate

– Self-Registration– Vetting – comprehensive initial background screening

and regular re-screening– Credentialing – manufacturing, shipping, issuance and

lifecycle management– Access Control – Electronically verify, validate &

biometrically authenticate in “near real-time” credentials, access privileges & identities

– Access Privileges – Authoritative data repository (ADR) local ECP servers updated every 30 minutes

– Reporting – Monthly activity and ad hoc reports

8

UNCLASSIFIED

Draft


Program Participants

• Participants– Vendors– Contractors– Sub-contractors– Suppliers– Service Providers

• Regardless of how personnel come onto the installation– Walk– Cars– Pick-ups – Vans– Trucks/Semi-trucks

9

UNCLASSIFIED

Draft


Enrollment Process

10

UNCLASSIFIED

Draft


Enforcement Process

11

UNCLASSIFIED

Draft


NCACS Prototype Vetting• Initial Vetting

– Identity Validation– 10 Year Address History– Electronic Database Vetting– SSN Trace

• Program Disqualifiers– Any Felony Conviction– Registered Sexual Offender– Any Outstanding Criminal Warrant

• Credential Issuance– I-9 Document Check at Issuance– No-entry, Debarment, No Work Lists– Issued by Government personnel

• Ongoing– Watchdog Electronic Re-vetting Every 92 days

12

UNCLASSIFIED

Draft


NCACS Prototype Vetting Sources• NCACS background screens are conducted through a third party background check

provider• Background screens include, but are not limited to:

1. SSN Trace 2. Address Verification and 10-year address history3. National Criminal Database (NCD)

• NCD contains 250+ Million records, including data from all 50 states and all available Statewide criminal databases

• 50-state electronic scan and a development of a county criminal search4. County Criminal Search

• Review of County Court Records5. National Federal Criminal Search

• Review of all Federal Criminal Courts 6. Nationwide Sexual Offender Database

• 50 state District of Columbia, Guam and Puerto Rico review of all sexual offender registries

7. Terrorist Screen • Office of Foreign Assets Control (OFAC) list for known terrorist associations

8. Outstanding Criminal Wants/Warrants: felonies and misdemeanors• Comprehensive background scans are conducted annually • Electronic background screens are conducted every 92-days• Waiver and adjudication processes are in place

13

UNCLASSIFIED

Draft


NCACS Prototype Vetting Sources (cont)

• Other Government Watch Lists– U.S. Department of Commerce Denied Person’s List– Fugitive List (compiled from FBI, US Marshal and US Secret Service Most Wanted Lists

and the DEA Fugitive List)– Interpol Most Wanted List– Office of Thrift Supervision List– Australian Reserve Bank Sanctions List– Bank of England Sanctions List– National Security Debarred Parties List – Directorate of Defense Trade Controls– European Union Terrorism Sanctions list– FDA Office of Regulatory Affairs Debarment List– OFSI (Canadian Sanctions List)– United Nations Consolidated Sanctions List– Palestinian Legislative Council List– U.S. General Services Administration Excluded Parties List– World Bank Listing of Ineligible Individuals

Note: Specific Watch Lists that are included in the background screening may vary from time to time

14

UNCLASSIFIED

Draft


Background Screen Disqualifications Life to Date

Reasons for Disqualification

Life to Date (Includes multiple

offences)

Authority/Court 19Drugs 493

Miscellaneous 71Motor Vehicle 62Sex Offense 96

SSN 38Theft 267

Violence 292Warrants 56

Total: 1394~4% Failure Rate

UNCLASSIFIED

Draft


NCACS Prototype Hardware & Credential

•Credential uses FIPS 201-1•GSA approved product•List cardstock and follows NIST SP800-104 topography recommendations

CREDENTIAL

REGISTRATION STATION HANDHELD DEVICE GUARD STATION

HANDHELD CHARGERS AND CRADLES

•Multi-Language •Digital Camera•Fingerprint Scanner •ADA Compliant

•Mag stripe reader•2D barcode reader•Fingerprint scanner •Color display•Easy to read•Battery status •802.11G wireless connectivity to the guard station

•UPS•Locked enclosure

•Battery indicator light •Easy to use•Spare Batteries

16

UNCLASSIFIED

Draft


RAPIDGate Access Options

The RAPIDGate® Program Option– Access privileges to one installation

for up to one year

The RAPIDGate-Enterprise™ Option– Access privileges to multiple

installations (upon approval) using the same credential

The RAPIDGate-90™ Option– Renewable 90-day credential– Ideal for seasonal workers,

temporary employees, short duration contracts and high turn-over workforces

17

All options have the same:Screening and vettingCredential Sponsorship requirementsRegistration process

UNCLASSIFIED

Draft


NCACS Prototype Pricing

Program Enrollment Price

Single installation Company $199 annually

Single installation Employee $159 annually

Enterprise(multiple installations)

Company $249 annually2 or more installations

Enterprise(multiple installations)

Employee $199 annually2 or more installations

90 day Option Employee $59 per 90 days

Replacement Credential

Employee $30 per credential

18

UNCLASSIFIED

Draft


NCACS Prototype Shared Responsibilities

• Eid Passport Inc.– Supports NCACS with the RAPIDGate Program– Owns, updates and maintains hardware and software– Trains force protection personnel and other affected

Government employees– Manages vendor/contractor companies and their employees

for the US Navy

• Vendor/Contractor Company– Annual subscription to participate in The Program

• Government– Provides electricity, phone connectivity, space, credential

issuance and Program support– Support Program implementation and Program Management

19

UNCLASSIFIED

Draft


CNIC Transition to NCACS

• Implementation Status

– CNRSW - Implementation completed– CNIC Pilot Project

– NDW – Implementation in progress– NAS Patuxent River and NSA South Potomac only to date

– CNRSE - Implementation in progress– CNRNW - Implementation in progress– CNRH- Implementation in progress– CNRMW - Implementation to follow (Feb 2011)– CNRMA- Implementation to follow (Mar 2011) – CJRM - Implementation to follow (JUN 2011)

20

UNCLASSIFIED

Draft


FAQs1. What are the key dates for implementation of NCACS?

• Phase 1: Enrollment, vetting, credentialing and use of the NCACS credential as a flash pass starts on or about 1 JUN 2010 in CNRSE and will be completed on or about 1 JUL 2011 in CJRM

• Phase 2: Electronic ECP enforcement starts on or about 1 NOV 2010 in CNRSE and will be completed on or about 30 OCT 2011 in CJRM

2. . When must regions and installations implement NCACS and adopt CNIC Notice 5530 and the enclosed NCACS SOP?

• Within 12-16 weeks of the Installation Commanding Officer Brief

3. What other credentials will CNIC recognize for installation perimeter access by vendors/contractors not participating in NCACS?

• One day passes issued by CNIC installations• Vendor/contractor credentials previously issued by CNIC installations/

Navy commands/tenants (valid for maximum 6 mo. from Phase 1 imp.)• CAC, for vendors/contractors who are eligible per CNIC 5530 Notice• All other credentials produced/issued by regions, installations and

commands/tenants will not be valid for installation perimeter access

21

UNCLASSIFIED

Draft


FAQs4. Who pays for vendors/contractors to participate in NCACS?

• The vendor/contractor employer

5. Has an IATO, ATO or PIA been issued for NCACS?• An IATO has been granted• Although the IATO allows NCACS to operate on NMCI and PSNET, the

system does not do so at this time• An ATO will follow• A PIA has been approved by CNIC

6. Has NCACS been designed for just installation perimeter access control or will an enclave capability follow?

• NCACS is being implemented initially for installation perimeter access control

• An enclave capability is expected to follow initially at Naval Shipyards Puget Sound, Norfolk, Portsmouth and Pearl Harbor; the ship repair facility at NB San Diego; and NSB Kings Bay and NB Kitsap-Bangor

22

UNCLASSIFIED

Draft


NCACS Implementation Team

• CNIC • Sharon L Gibson, CNIC Deputy N61,

[email protected], WK# 202-433-2845 • Joseph Martin, CNIC N3ATFP

[email protected] , WK# 202-433-9565

• Eid Passport Inc.• Greg Hendricks, Vice President-Defense Programs Group

[email protected], cell: 503-793-9005• Matt Faletti, Director-Defense Programs Group• [email protected] cell: 425-0239-7220• Amber Phelps, Manager-Defense Programs Group

[email protected] cell: 503-523-9217• Paul Sword, Senior Project Implementation Manager

[email protected] cell: 503-277-9628

23

mailto:[email protected]�






UNCLASSIFIED

Draft


For more information about NCACS, please access the CNIC Gateway 2 (G2)

https://g2.cnic.navy.mil/TSCNICHQ/N3/N3AT/General/Physical%20Security.aspx?PageView=Shared

24






NCACS - NST Center · 2014-09-24 · CNIC NCACS for Identity Management and Perimeter Installation...

Documents

Transcript of NCACS - NST Center · 2014-09-24 · CNIC NCACS for Identity Management and Perimeter Installation...