FAQs – SWFT

National Background Investigation Services- Support Secure Web Fingerprint Transmissions (NBIS-SWFT) is a web-enabled system that serves for the collection and processing of fingerprints for applicants requiring a background investigation for a personnel security clearance. SWFT eliminates the need for paper-based capture and handling of fingerprints, expedites the background check process by reducing invalid fingerprint submissions, provides end-to-end accountability for sensitive Personally Identifiable Information (PII) data, and implements stringent security standards for all electronic transactions. NBIS-SWFT and SWFT can be used interchangeably.

WebEnroll is a web-based application that is integrated into the SWFT system and serves for online capture of biographic and biometric data. WebEnroll collates the subject data into standard eFP files and automatically forwards them to SWFT. Users are responsible for providing their own fingerprint capture device and software development kit (SDK) from the manufacturer; and obtaining a SWFT+ license from Defense Counterintelligence and Security Agency (DCSA) for each operational device. Contact the SWFT Coordinators for the process of obtaining the license.

Cleared organizations listed in the National Industrial Security Program (NISP) Database and Department of Defense (DoD) Components can use SWFT to submit electronic fingerprint (eFP) files for applicants requiring a background investigation for a personnel security clearance.

Implementation of WebEnroll is mandated by the Under Secretary of Defense for Intelligence [USD(I)] Memorandum for Civilian and uniform services organizations. The WebEnroll feature of SWFT is currently available to DoD Components and Federal Government agencies that enter into an agreement with DCSA. Refer to the SWFT DCSA informational website. Select SWFT Resources, and under General Information, click on the “e-Fingerprints DoD Memo” link for the entire memo.

Please refer to the SWFT Access, Registration and Testing Procedures. The document is available on the SWFT DCSA website at https://www.dcsa.mil/is/swft/. Select SWFT Resources, and under Access Request, click on the “Access Registration Test Guide” link.

For WebEnroll users, the eFP online enrollment feature can be requested by checking the “Enroller” item in Box 15b on the PSSAR form. PSSARs should be submitted to your Organization Administrator for account creation.

To receive a SWFT account, a potential user must have a favorable security clearance eligibility determination. SWFT requires a minimum of Interim Secret eligibility. Applicants should not submit a Personnel Security System Access Request (PSSAR) form until they have been granted at least an Interim Secret Clearance. Additionally, they must have received certificates for PII and Cyber Security training within the previous 12 months.

The document is available on the SWFT DCSA informational website at: https://www.dcsa.mil/is/swft/.

All users accessing SWFT, select the “PSSAR Form” under “SWFT Resources”, then “Access Request” section. This PSSAR is sufficient for requesting access to all SWFT functionality.

The most common reasons a PSSAR is rejected are the following;

• Part 2 - APPLICATIONS Section15a (PERMISSIONS) is missing a checkbox selection;
• Part 3 - TRAINING Sections 18 and/or 19 are missing the training certificate information;
• Part 5 - NOMINATING OFFICIAL'S CERTIFICATION is missing a brief descriptive statement justifying your need for a SWFT account.

If additional assistance is needed completing your PSSAR, email the DCSA FTS Team at dcsa.ncr.nbis.mbx.contact-center@mail.mil or 724-794-5612, EXT 4600, Option 2.

To receive a SWFT account, training certificates that are less than 12 months old must be submitted with your PSSAR form for the Cyber Security Awareness/Information Assurance (IA) and PII courses.

No, SWFT PSSARs must be submitted directly to your SWFT Site/Organization Administrator. If you are an Organization Administrator, submit your PSSARs to the DCSA CET at: dcsa.ncr.nbis.mbx.contact-center@mail.mil.

Users must log into their accounts every 30 days to avoid their account being locked. Accounts that are not accessed within 35 days of the last login will be terminated.

Log in to SWFT before your Smart Card expires and set up a temporary password on the User Settings screen. Once you receive the replacement smart card, enter your username and temporary password to log in to SWFT and register your new Private Key (PK) certificate.

If you received a new Smart Card, reach out to the appropriate Administrator to receive a temporary password to log in to SWFT and register your new PK certificate.

The basic and standard users can get their accounts unlocked by contacting their Site/Organization Administrators and requesting their account be unlocked. Terminated accounts will require a new PSSAR to be submitted to their Site/Organization Administrator. Site Administrators must contact their Organization Administrators if they require assistance with their account. Organization Administrators must contact the Executive Administrator at the DCSA FTS Team (724-794-5612), if they require assistance with their account.

If a SWFT User in your Organization has had their account terminated, create a new account for that user once you have received a completed PSSAR from that user. You will not be able to reuse the user’s previous Login ID; however, you can use the SWFT feature to clone the rest of the user’s information from the expired account.

For detailed steps on cloning a user account, log in to SWFT, click the “Help” button and select the SWFT Administrator Guide.

SWFT is entirely web-based. Therefore, the only requirement is internet access and a compatible web browser.

Support for Internet Explorer (IE) has been discontinued. Chrome and Edge are the recommended browsers for SWFT. Chrome is the recommended browsers for WebEnroll.

To use the eFP online enrollment feature of WebEnroll, users must have the BioComponent Manager and their scanner’s vendor provided SDK installed on their machine. See the “NBIS-SWFT WebEnroll User Interface Installation and Navigation Guide” in SWFT Help for the BioComponent Manager Installation instructions.

The SDK will vary depending on the make and model of scanner that is being used. Links to the device SDKs may be obtained from your Organization Administrator or the scanner manufacturer.

 

NO, your Organization does not have to own or sponsor any scanning devices in order to obtain a SWFT account. After obtaining the account, please log in to SWFT at least once every 30 calendar days so that your account does not expire.

A “User Guide” for NBIS-SWFT is available online after logging in to SWFT. Click the “Help” button to view the “User Guide” under the SWFT User Guide section. The NBIS-SWFT User Guide is Controlled Unclassified Information and is not available to the public.

The “WebEnroll Users Guide” is available on the Help screen in SWFT under the SWFT+ (WebEnroll) User Guides section.

If your Organization will only submit the eFPs, then the “Access” section of the SWFT “Access, Registration, and Testing Procedures” is relevant to your situation, which can be found on the SWFT DCSA informational website. The “Registration and Testing” sections are not applicable as your Organization will be utilizing another Organization’s/Third Party Vendor’s fingerprint scanning system.

However, your Organization must verify that the Organization/Third Party Vendor that will generate the eFPs for you had their equipment registered and approved for production with SWFT. Obtain the Organization/Commercial and Government Entity (CAGE) Code from the Organization/Third Party Vendor, then log into the SWFT system at: https://swft.nbis.mil, and run the “Scanner Registration Status by Org/CAGE Code” report in the Reports section. You can also run the “Scanner Registration Status by Hardware Vendor and Serial Number” report if you know the manufacturer and serial number of their scanning device or devices.

For SWFT, the Federal Bureau of Investigation (FBI) maintains a list of products certified as tested and compliant with the FBI’s Next Generation Identification (NGI) initiatives and Integrated Automated Fingerprint Identification System (IAFIS) Image Quality Specifications (IQS). The list of FBI certified products is available on the FBI Biometric Specifications (BioSpecs) website. SWFT Users may choose to acquire any certified product, depending on their actual need.

For WebEnroll users, not all FBI approved scanners are supported by WebEnroll. The list of supported scanners is on the SWFT DCSA informational website under SWFT Resources, then eFP Enrollment (SWFT+) section titled “Supported Device List”.

Note: All eFPs need to be a .EFT file to be uploaded to SWFT.

For SWFT users, follow your manufacturer’s guidance on setting up your scanner.

For WebEnroll users, log in to SWFT and click on the Help button. Select the “WebEnroll Users Guide” for fingerprint device instructions. For additional technical support, work with your local IT staff to set up and configure your scanners.

DCSA Fingerprint Transaction Systems (FTS) only accepts Type-4 fingerprint images for electronic submission, which consist of;

• 10 rolled impressions
• 1 Plain Left and Right Simultaneous Four Finger Impressions
• 1 Plain Left and Right Thumb Impression

Information regarding FBI system requirements and approved devices can be found at the FBI Certified Products List.

Fingerprint scanning workstation or server platform scanning systems must be registered and tested only once. They do not have to be re-registered or re-tested again before being able to service other client organizations. Provide to your customers the manufacturer and serial number of your scanners or provide them your Org/CAGE Code or the Org/CAGE Code of the Organization that sponsored the registration of your devices so that your customers can verify in SWFT that your equipment has been registered and approved for use. Note that any change in your system that could affect the quality or contents of eFP files (for example, software patches or upgrade, hardware replacement, scanner relocation, and so on) requires the equipment to be retested.

Yes, another Organization that already has a SWFT account can submit eFPs on your behalf. There are three available options which are detailed in the SWFT Access, Registration and Testing Procedures document available on the SWFT DCSA information website at: https://www.dcsa.mil/is/swft/.

Option 1: Service Provider Acts with Limited Permissions Submits Fingerprints on Behalf of another Organization

Any SWFT account holder can act as a service provider for one or more other Organizations if a “Multi-Site Uploader” permission is enabled for that account. This allows the service provider or any other SWFT user with the “Multi Site Uploader” permission to submit eFPs for other organizations and generate reports that identify eFPs they uploaded on behalf of other organizations.

The DCSA CET Executive Administrators grant the permission to use the “Multi-Site Uploader” permission after receiving a valid PSSAR approved by the appropriate nominating official from the service provider.

Serviced organizations must obtain at least their own SWFT Organization account before seeking services from a Service Provider. An Organization record does not expire and does not require a fingerprint scanning device to be registered or associated with it. A Serviced organization with an Organization record might also choose to maintain their own SWFT user account to track the fingerprint transactions that were submitted on their behalf by Service Providers.

Option 2: Service Provider Acts with Full Permissions to Submit Fingerprints on Behalf of another Organization

A Service Provider must have their own SWFT account established under the organization for which if provides services. This account must be associated with one or more of the serviced organization’s Org/CAGE Codes. A SWFT account under the serviced organization grants the service provider the ability to submit eFPs on their behalf. The service provider can access SWFT reports and PII data for eFPs they have uploaded on behalf of their serviced organizations.

Each request for adding an additional Org/CAGE Code to an existing SWFT account requires a separate PSSAR approved by the appropriate nominating official from the serviced organization. Serviced Organizations should maintain their own SWFT account and monitor the progress of their eFP submissions.

Option 3: Third Party Service Provider authorized to enroll (that is, take) fingerprints and produce electronic fingerprint files, or submit e-fingerprints to SWFT, or both

Third party service providers must have their own hardware/software equipment, which has been registered, tested, and approved for SWFT production under their organization. A 3rd party service provider must also be vetted to offer fingerprint services to DoD clients.

The “Fingerprint Service Providers” list, published on the SWFT DCSA informational website, lists DCSA vetted 3rd party service providers. Some service providers have offices in multiple geographical areas.

Organizations intending to offer their fingerprint services to the DoD community on the SWFT DCSA informational website should contact the SWFT Coordinator for qualification criteria and to initiate the vetting process.

Scanner-server platform fingerprint systems typically involve two components:

1) One or more fingerprint scanning devices; 2) Server platform that integrates fingerprint images and biographic data and generates the electronic fingerprint file.

 

Multiple scanning devices can be connected to a single server platform. At least one scanner-server platform pair must be registered and tested with SWFT and the Registration Authority (RA). The registration must prove that the hardware and software components in scanner-server platform system meet the FBI certification guidelines. The test of the scanner-server platform pair must prove that the system is properly configured and generates eFP files that comply with the FBI Electronic Biometric Transmission Specification (EBTS) and DCSA FTS/RA specifications.

Additional scanning devices that communicate with the server platform must be registered, but do not have to be tested. Scanning devices that will connect to an already registered and tested server platform system must include in the registration form a reference to the registered scanner and server platform.

It usually takes less than two weeks to complete the scanner registration process and receive approval to operate in the production environment. The time frame is contingent upon the timeliness of responses to the SWFT Coordinator. Incorrect information and/or delays in responses to the SWFT Coordinator will delay final registration authority approval.

No, All stand-alone scanners must be tested in SWFT before they can be used to capture eFPs, unless you are using a server platform system, as explained in question 16. Only approved scanning devices can submit eFPs to the authorized destination. Refer to the Access, Registration, and Test Guide on the SWFT DCSA informational website for additional information on the scanner testing process.

Each valid eFP is archived in SWFT after a set time limit and may be deleted from the SWFT database after a set time span in accordance with directives from the National Archives and Records Administration (NARA).

Only Type-4 rolled fingerprints are accepted (see also Question: What are the National Background Investigations Bureau (NBIB) requirements for scanner configuration and settings?).

The DoD Security Manager/Facility Security Officer (FSO) who initiates the e-QIP submission for the Personnel Security Management Office for Industry’s (PSMO-I) approval must select “I” in the Federal Investigations Processing Center (FIPC) field. This triggers a mechanism that delivers necessary e-QIP data to SWFT where they can be matched with the same type of data obtained from the eFP file.

The SWFT TCN must be unique for each fingerprint transaction, and consists of the TCN Prefix and TCN Suffix. The TCN Prefix typically remains constant for each fingerprinting device, while TCN Suffix is unique in each fingerprint transaction submitted from that device.

Refer to the NBIS-SWFT Scanner Configuration and Registration Guide, which is accessible through the SWFT Application in the Help Files. The NBIS-SWFT Scanner Configuration and Registration Guide is Controlled Unclassified Information and is not available to the public.

To ensure that a request for investigation is processed efficiently, it is important that the personal identification information in the subject’s e-QIP record match with the same information contained in the eFP. The following match criteria apply:

Subject PII Data

Last Name - eFP and e-QIP must match exactly

First Name - eFP and e-QIP must match exactly

Middle Name - Minor difference/discrepancy may be acceptable (for example, Marcie Gail Smith in e-QIP versus M. Gail Smith or Marcie G. Smith in eFP)

Social Security Number (SSN) - eFP and e-QIP must match exactly

Date of Birth (DOB) - eFP and e-QIP must match exactly

The e-QIP request Identification (ID) does not have to be listed on the eFP file. DCSA FTS searches for a matching e-QIP case using the SSN and other subject identifiers.

Enter all 9s, all 0s, or all 9s except the last digit being a 0.

The SWFT Coordinator is unable to change any information contained in eFP Files once they are uploaded to SWFT. If biographic information needs to be updated, a new eFP will need to be uploaded. Users of WebEnroll can post-edit certain biographic data and then resend the eFP.

Any incorrect data in fields such as Name, SSN, DOB, or Place of Birth (POB) can cause delays.

To prevent future delays, before submitting the eFP to SWFT, check the eFP to be submitted against the e-QIP to ensure there are no discrepancies in any fields (for example, name, SSN, or DOB). If you do not have the e-QIP, reach out to the subject of the eFP.

To check the current status of an eFP, go to the eFP Search screen in SWFT. From there you can search for an eFP by SSN, Last Name, First Name, or TCN.

The eFP status definitions are listed below:

1. Rejected – The eFP record’s eFP file had content validation errors and was rejected. (The PII data and the eFP file are not retained in SWFT)
2. Received – The eFP file upload completed without content validation errors.
3. Replaced – The eFP record was replaced by a newer eFP record due to a duplicate SSN.
4. Queued – The eFP record is scheduled to be released to one or more destinations.
5. Stalled – The eFP record did not meet the criteria to release to one or more of its destinations, and requires manual intervention to continue processing. (Processing is stalled for Test eFPs and eFPs where destinations could not be determined by the Controlling Agency Identifier/Transaction Control Number (CRI/TCN) filters)
6. Completed – The eFP record that has been released to its scheduled destinations.
7. Deleted – The eFP record has been manually marked as deleted. Only manual deletion is available and can only be performed by the SWFT Administrator.

For eFPs being uploaded to SWFT, contact your software vendor for additional instructions. For eFPs being uploaded through WebEnroll, when you are on the eFP capture screen, select “Amputation” as the option and follow the instructions on the eFP capture screen.

Viewing and printing PDFs of fingerprint submissions requires “Transaction Viewer” role added to your account. If you do not see the Transaction Manager screen when you first log in to WebEnroll, then this permission has not been enabled on your account. The “Transaction Viewer” role can be requested from your Organization administrator.

If you have the “Transaction Viewer” role, select the checkbox to the left of the fingerprint file that you wish to print. After doing so, select the PDF View button in the upper right corner of the screen. Select the desired format in the window that appears and select View PDF. The file will then appear in a printable PDF file.