NCACS - NST Center · 2014-09-24 · CNIC NCACS for Identity Management and Perimeter Installation...
Transcript of NCACS - NST Center · 2014-09-24 · CNIC NCACS for Identity Management and Perimeter Installation...
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
NCACSNavy Commercial
Access Control System
Sharon L. GibsonCNIC
09 Feb 2011
1
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
NCACS“CNIC NCACS for Identity Management and Perimeter Installation Access
Control Designed to Manage Non-CAC Eligible Vendors, Contractors, Sub-contractors, Suppliers, and Service Providers.”
• CNIC NCACS supports US Navy efforts to comply with:– HSPD 12 Policy for a Common Identification Standard for Federal Employees and
Contractors – Public Law 110-181 (FY 2008) SEC 1069 Standards for Entry to Military
Installations in (the) United States– USNORTHCOM Installation Access Control Guidance in the AOR, dtd 05 DEC
2007– Federal Information Processing Standards Publication (FIPS) 201-1 Personal
Identity Verification (PIV) of Federal Employees and Contractors, dtd MAR 2006– DoD Instruction (DoDI) 2000.16 DoD Anti-Terrorism Standards , dtd 02 OCT 2006– DoDI 5200.08-R Physical Security Program, dtd APR 2007– Directive Type Memorandum (DTM) 09-012 Interim Policy Guidance for DoD
Physical Access, dtd 08 DEC 2009– OPNAV Instruction 5530.14 Navy Physical Security and Law Enforcement
Program, dtd 28 JAN 2009– OPNAV Instruction 1752.3 Policy for Sex Offender Tracking, Assignment and
Access Restrictions with the Navy, dtd 27 MAY 2009– MEMORANDUM FOR COMMANDANT OF THE MARINE CORPS CHIEF OF NAVAL
OPERATIONS, dtd 07 OCT 2008
2
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
Available Here: https://g2.cnic.navy.mil/TSCNICHQ/N3/N3AT/General/Physical%20Security.aspx?PageView=Shared
3
CNIC 5530 Notice and NCACS SOP
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
Why NCACS ?
• Vendor/Contractor Vetting & Access Privileges– Comprehensive initial background check
before a credential is issued– Electronic validation of the credential – Electronic verification of installation
specific access privileges– Quarterly updates on background check– The Navy has limited capability today
• Minimal Cost to US Navy– Phone, power and space for kiosk and servers
• Reviewed and approved by OSD & CNIC OGC
• Better Than What US Navy Does Today– The US Navy conducts little or no screening
of non-CAC vendor/contractor personnel today
4
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
NCACS Benefits
• Benefits to the US Navy
– Standardized enrollment, vetting, credentials and management of access privileges for vendors, contractors, sub-contractors, suppliers and service providers not eligible for a Common Access Card (CAC) who are coming aboard US Navy installations
– Improve the safety and security of CNIC installations and other Commands through:
• Regular and improved vetting• Electronic validation of credentials & verification of installation
specific access privileges in “near real time”• Reduction in the number and types of credentials used for
installation access• Management of non-CAC vendors/contractors by a single
enterprise system
– Cost avoidance for CNIC and other Navy Commands by:• Reducing/eliminating purchase and/or sustainment of other
locally produced credentialing systems• Improved efficiencies at Pass & ID through a reduction in
issuance of contractor passes and other credentials
5
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
NCACS Benefits (cont)• Benefits to vendor/contractor companies & employees
– One enterprise system which manages non-CAC vendors, contractors, sub-contractors, suppliers and service providers across all US Navy shore installations in CONUS, Hawaii and Guam and other US Army, US Marine Corps, US Coast Guard and NASA installations
– Annual access privileges to multiple US Navy and other DoD and Government installations with one credential
– Not eligible for DoD vehicle decals
– No commercial vehicle inspection is required (other than Random Anti-Terrorism Measures (RAM) or elevation of Force Protection Conditions (FPCON))
– Reduction in wait times to access installations• Pass & ID for credentials/passes/decals• Access to multiple gates
• NEXCOM will comply with the requisites provided by DOD, SECNAV, OPNAV and CNIC 5530 Notice and NCACS SOP
6
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid 7
CNIC 5530 Notice Summary• Participants:
– NCACS is the only long term non-CAC Vendor/Contractor credential that will be issued and valid for perimeter access to CNIC installations
– Subject to RANDOM inspections– Multiple perimeter gate access (as vehicle size will permit)– Escorting not permitted – Participants are not eligible for DoD vehicle decals
• Non-Participants: – Every day, must go to Pass & ID and request a one day pass– Every day, must meet background check requirements in
DTM 09-012 prior to issuance of the one day pass– Limited perimeter ECP access– Reduced hours of access to the installation– Will not be issued a CAC unless both physical and logical
(NMCI) access is required
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
NCACS Prototype CapabilitiesRAPIDGate® successfully completed a 3 year pilot program in Navy Region Southwest. Based on that success, a 2 year NCACS Prototype is being implemented across the CNIC Enterprise.
• Electronically Verify & Biometrically Authenticate
– Self-Registration– Vetting – comprehensive initial background screening
and regular re-screening– Credentialing – manufacturing, shipping, issuance and
lifecycle management– Access Control – Electronically verify, validate &
biometrically authenticate in “near real-time” credentials, access privileges & identities
– Access Privileges – Authoritative data repository (ADR) local ECP servers updated every 30 minutes
– Reporting – Monthly activity and ad hoc reports
8
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
Program Participants
• Participants– Vendors– Contractors– Sub-contractors– Suppliers– Service Providers
• Regardless of how personnel come onto the installation– Walk– Cars– Pick-ups – Vans– Trucks/Semi-trucks
9
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
NCACS Prototype Vetting• Initial Vetting
– Identity Validation– 10 Year Address History– Electronic Database Vetting– SSN Trace
• Program Disqualifiers– Any Felony Conviction– Registered Sexual Offender– Any Outstanding Criminal Warrant
• Credential Issuance– I-9 Document Check at Issuance– No-entry, Debarment, No Work Lists– Issued by Government personnel
• Ongoing– Watchdog Electronic Re-vetting Every 92 days
12
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
NCACS Prototype Vetting Sources• NCACS background screens are conducted through a third party background check
provider• Background screens include, but are not limited to:
1. SSN Trace 2. Address Verification and 10-year address history3. National Criminal Database (NCD)
• NCD contains 250+ Million records, including data from all 50 states and all available Statewide criminal databases
• 50-state electronic scan and a development of a county criminal search4. County Criminal Search
• Review of County Court Records5. National Federal Criminal Search
• Review of all Federal Criminal Courts 6. Nationwide Sexual Offender Database
• 50 state District of Columbia, Guam and Puerto Rico review of all sexual offender registries
7. Terrorist Screen • Office of Foreign Assets Control (OFAC) list for known terrorist associations
8. Outstanding Criminal Wants/Warrants: felonies and misdemeanors• Comprehensive background scans are conducted annually • Electronic background screens are conducted every 92-days• Waiver and adjudication processes are in place
13
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
NCACS Prototype Vetting Sources (cont)
• Other Government Watch Lists– U.S. Department of Commerce Denied Person’s List– Fugitive List (compiled from FBI, US Marshal and US Secret Service Most Wanted Lists
and the DEA Fugitive List)– Interpol Most Wanted List– Office of Thrift Supervision List– Australian Reserve Bank Sanctions List– Bank of England Sanctions List– National Security Debarred Parties List – Directorate of Defense Trade Controls– European Union Terrorism Sanctions list– FDA Office of Regulatory Affairs Debarment List– OFSI (Canadian Sanctions List)– United Nations Consolidated Sanctions List– Palestinian Legislative Council List– U.S. General Services Administration Excluded Parties List– World Bank Listing of Ineligible Individuals
Note: Specific Watch Lists that are included in the background screening may vary from time to time
14
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
Background Screen Disqualifications Life to Date
Reasons for Disqualification
Life to Date (Includes multiple
offences)
Authority/Court 19Drugs 493
Miscellaneous 71Motor Vehicle 62Sex Offense 96
SSN 38Theft 267
Violence 292Warrants 56
Total: 1394~4% Failure Rate
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
NCACS Prototype Hardware & Credential
•Credential uses FIPS 201-1•GSA approved product•List cardstock and follows NIST SP800-104 topography recommendations
CREDENTIAL
REGISTRATION STATION HANDHELD DEVICE GUARD STATION
HANDHELD CHARGERS AND CRADLES
•Multi-Language •Digital Camera•Fingerprint Scanner •ADA Compliant
•Mag stripe reader•2D barcode reader•Fingerprint scanner •Color display•Easy to read•Battery status •802.11G wireless connectivity to the guard station
•UPS•Locked enclosure
•Battery indicator light •Easy to use•Spare Batteries
16
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
RAPIDGate Access Options
The RAPIDGate® Program Option– Access privileges to one installation
for up to one year
The RAPIDGate-Enterprise™ Option– Access privileges to multiple
installations (upon approval) using the same credential
The RAPIDGate-90™ Option– Renewable 90-day credential– Ideal for seasonal workers,
temporary employees, short duration contracts and high turn-over workforces
17
All options have the same:Screening and vettingCredential Sponsorship requirementsRegistration process
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
NCACS Prototype Pricing
Program Enrollment Price
Single installation Company $199 annually
Single installation Employee $159 annually
Enterprise(multiple installations)
Company $249 annually2 or more installations
Enterprise(multiple installations)
Employee $199 annually2 or more installations
90 day Option Employee $59 per 90 days
Replacement Credential
Employee $30 per credential
18
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
NCACS Prototype Shared Responsibilities
• Eid Passport Inc.– Supports NCACS with the RAPIDGate Program– Owns, updates and maintains hardware and software– Trains force protection personnel and other affected
Government employees– Manages vendor/contractor companies and their employees
for the US Navy
• Vendor/Contractor Company– Annual subscription to participate in The Program
• Government– Provides electricity, phone connectivity, space, credential
issuance and Program support– Support Program implementation and Program Management
19
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
CNIC Transition to NCACS
• Implementation Status
– CNRSW - Implementation completed– CNIC Pilot Project
– NDW – Implementation in progress– NAS Patuxent River and NSA South Potomac only to date
– CNRSE - Implementation in progress– CNRNW - Implementation in progress– CNRH- Implementation in progress– CNRMW - Implementation to follow (Feb 2011)– CNRMA- Implementation to follow (Mar 2011) – CJRM - Implementation to follow (JUN 2011)
20
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
FAQs1. What are the key dates for implementation of NCACS?
• Phase 1: Enrollment, vetting, credentialing and use of the NCACS credential as a flash pass starts on or about 1 JUN 2010 in CNRSE and will be completed on or about 1 JUL 2011 in CJRM
• Phase 2: Electronic ECP enforcement starts on or about 1 NOV 2010 in CNRSE and will be completed on or about 30 OCT 2011 in CJRM
2. . When must regions and installations implement NCACS and adopt CNIC Notice 5530 and the enclosed NCACS SOP?
• Within 12-16 weeks of the Installation Commanding Officer Brief
3. What other credentials will CNIC recognize for installation perimeter access by vendors/contractors not participating in NCACS?
• One day passes issued by CNIC installations• Vendor/contractor credentials previously issued by CNIC installations/
Navy commands/tenants (valid for maximum 6 mo. from Phase 1 imp.)• CAC, for vendors/contractors who are eligible per CNIC 5530 Notice• All other credentials produced/issued by regions, installations and
commands/tenants will not be valid for installation perimeter access
21
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
FAQs4. Who pays for vendors/contractors to participate in NCACS?
• The vendor/contractor employer
5. Has an IATO, ATO or PIA been issued for NCACS?• An IATO has been granted• Although the IATO allows NCACS to operate on NMCI and PSNET, the
system does not do so at this time• An ATO will follow• A PIA has been approved by CNIC
6. Has NCACS been designed for just installation perimeter access control or will an enclave capability follow?
• NCACS is being implemented initially for installation perimeter access control
• An enclave capability is expected to follow initially at Naval Shipyards Puget Sound, Norfolk, Portsmouth and Pearl Harbor; the ship repair facility at NB San Diego; and NSB Kings Bay and NB Kitsap-Bangor
22
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
NCACS Implementation Team
• CNIC • Sharon L Gibson, CNIC Deputy N61,
[email protected], WK# 202-433-2845 • Joseph Martin, CNIC N3ATFP
[email protected] , WK# 202-433-9565
• Eid Passport Inc.• Greg Hendricks, Vice President-Defense Programs Group
[email protected], cell: 503-793-9005• Matt Faletti, Director-Defense Programs Group• [email protected] cell: 425-0239-7220• Amber Phelps, Manager-Defense Programs Group
[email protected] cell: 503-523-9217• Paul Sword, Senior Project Implementation Manager
[email protected] cell: 503-277-9628
23
UNCLASSIFIED
Draft
Released on 14 FEB 2011 by M.A. Reid
For more information about NCACS, please access the CNIC Gateway 2 (G2)
https://g2.cnic.navy.mil/TSCNICHQ/N3/N3AT/General/Physical%20Security.aspx?PageView=Shared
24