FAQs – SWFT

1. What is NBIS-SWFT?

Defense Counterintelligence and Security Agency- Support Secure Web Fingerprint Transmissions (DCSA-SWFT) is a web-enabled system that serves for the collection and processing of fingerprints for applicants requiring investigation services for personnel vetting.  SWFT eliminates the need for paper-based capture and handling of fingerprints, expedites the background check process by reducing invalid fingerprint submissions, provides end-to-end accountability for sensitive Personally Identifiable Information (PII) data, and implements stringent security standards for all electronic transactions. DCSA-SWFT and SWFT can be used interchangeably.

2. What is WebEnroll (Online Fingerprint Enrollment)?

WebEnroll is a web-based application that is integrated into the SWFT system and serves for online capture of biographic and biometric data. WebEnroll collates the subject data into standard eFP files and automatically forwards them to SWFT. Users are responsible for providing their own fingerprint capture device and software development kit (SDK) from the manufacturer; and obtaining a SWFT+ license from Defense Counterintelligence and Security Agency (DCSA) for each operational device. Contact the SWFT Coordinators for the process of obtaining the license.

3. Who can use SWFT?

Cleared organizations listed in the National Industrial Security Program (NISP) Database, Department of Defense (DoD) Components, and U.S. Federal Agencies can use SWFT to submit electronic fingerprint (eFP) files for applicants requiring investigation services.

4. Who should use WebEnroll?

Implementation of WebEnroll is mandated by the Under Secretary of Defense for Intelligence [USD(I)] Memorandum for Civilian and uniform services organizations. The WebEnroll feature of SWFT is currently available to DoD Components and U.S. Federal Government agencies that enter into an agreement with DCSA. Refer to the SWFT DCSA informational website at https://www.dcsa.mil/is/swft/. Select SWFT Resources, and under General Information, click on the “e-Fingerprints DoD Memo” link for the entire memo.

5. How do I obtain a SWFT or WebEnroll account?

Please refer to the SWFT Access, Registration and Testing Procedures. The document is available on the SWFT DCSA website at https://www.dcsa.mil/is/swft/. Select SWFT Resources, and under Access Request, click on the “Access Registration Test Guide” link.

For WebEnroll users, the eFP online enrollment feature can be requested by checking the “Enroller” item in Box 15b on the PSSAR form. PSSARs should be submitted to your Organization Administrator for account creation.

6. What are the minimum security requirements for obtaining a SWFT account?

 To receive a SWFT account,

  • The DoD applicant must have and maintain a favorable security clearance eligibility of Interim Secret.
  • The U.S. Federal Agency applicant must have and maintain a minimum investigation level of Public Trust.
  • Applicants should not submit a Personnel Security System Access Request (PSSAR) form until they have been granted the above clearance or investigation level. Additionally, they must have received certificates for PII and Cyber Security training within the previous 12 months.

7. Where can I find the PSSAR form?

The document is available on the SWFT DCSA informational website at: https://www.dcsa.mil/is/swft/.

All users accessing SWFT, select the “PSSAR Form” under “SWFT Resources”, then “Access Request” section. This PSSAR is sufficient for requesting access to all SWFT functionality.

The most common reasons a PSSAR is rejected are the following;

  • Part 2 - APPLICATIONS Section15a (PERMISSIONS) is missing a checkbox selection;
  • Part 3 - TRAINING Sections 18 and/or 19 are missing the training certificate information.

If additional assistance is needed completing your PSSAR, email the Fingerprint Transaction Systems (FTS) System Liaisons at dcsaftsteam@mail.mil.

8. How recent must the training certificates that I submit with my PSSAR be?

To receive a SWFT account, training certificates that are less than 12 months old must be submitted with your PSSAR form for the Cyber Security Awareness/Information Assurance (IA) and PII courses.

9. Can I e-mail PSSARs to the SWFT Helpdesk?

NO, SWFT PSSARs must be submitted directly to your SWFT Site/Organization Administrator. If you are an Organization Administrator, submit your PSSARs to the FTS System Liaisons at: dcsaftsteam@mail.mil.

10. How often must I log into my account in order to avoid my account being locked or terminated?

Users must log into their accounts every 30 days to avoid their account being locked. Accounts that are not accessed within 35 days of the last login will be terminated.

11. What should I do if my Smart Card is going to expire within 72 hours?

Log in to SWFT before your Smart Card expires and set up a temporary password on the User Settings screen. Once you receive the replacement smart card, enter your username and temporary password to log in to SWFT and register your new Private Key (PK) certificate.

12. What should I do if I receive a new Smart Card?

If you received a new Smart Card, reach out to the appropriate Administrator to receive a temporary password to log in to SWFT and register your new PK certificate.

13. What do I do if my account has been locked or terminated?

 The basic and standard users can get their accounts unlocked by contacting their Site/Organization Administrators and requesting their account be unlocked. Terminated accounts will require a new PSSAR to be submitted to their Site/Organization Administrator for reactivation. Site Administrators must contact their Organization Administrators if they require assistance with their account. Organization Administrators must contact the Executive Administrator at the DCSA FTS System Liaisons, if they require assistance with their account.

14. As an Organization or Site Administrator, how do I reinstate a user who has had his or her account terminated due to 35 days of inactivity?

If a SWFT User in your Organization has had their account terminated, reactivate the SWFT account for that user once you have received a completed PSSAR from that user. You will be able to reuse the user’s previous Login ID and set a new password.

Important: Notify the user when sending their login information, reactivation is temporary, and the user's account may be deactivated again the next day if they do not take action immediately after receiving the reactivation notification.

15. What are the system requirements for SWFT and WebEnroll?

SWFT is entirely web-based. Therefore, the only requirement is internet access and a compatible web browser.

Google Chrome and Edge are the recommended browsers for SWFT. Google Chrome is the recommended browser for WebEnroll.

To use the eFP online enrollment feature of WebEnroll, users must have the BioComponent Monitor and their scanner’s vendor provided SDK installed on their machine. See the “SWFT WebEnroll User Interface Installation and Navigation Guide” in SWFT Help for the BioComponent Monitor Installation instructions.

The SDK will vary depending on the make and model of scanner that is being used. Links to the device SDKs may be obtained from your Organization Administrator or the scanner manufacturer.

16. Does an Organization need to have a fingerprint scanner before they can obtain a SWFT account?

NO, your Organization does not have to own or sponsor any scanning devices to obtain a SWFT account. After obtaining the account, please log in to SWFT at least once every 30 calendar days so that your account does not expire.

17. Is there a User Guide for SWFT and WebEnroll?

A “User Guide” for SWFT is available online after logging in to SWFT. Click the “Help” button to view the “User Guide” under the SWFT User Guide section. The SWFT User Guide is Controlled Unclassified Information and is not available to the public.

The “WebEnroll Users Guide” is available on the Help screen in SWFT under the SWFT+ (WebEnroll) User Guides section.

18. My Organization will be utilizing another cleared Organization/Third Party Vendor’s equipment for creating eFP files. Which part of the Access, Registration, and Testing Procedures is relevant for our situation?

 If your Organization will only submit the eFPs, then the “Access” section of the SWFT “Access, Registration, and Testing Procedures” is relevant to your situation, which can be found on the SWFT DCSA informational website https://www.dcsa.mil/is/swft/. The “Registration and Testing” sections are not applicable as your Organization will be utilizing another Organization’s/Third Party Vendor’s fingerprint scanning system.
However, your Organization must verify that the Organization/Third Party Vendor that will generate the eFPs for you had their equipment registered and approved for production with SWFT. Obtain the Organization/Commercial and Government Entity (CAGE) Code from the Organization/Third Party Vendor, then log into the SWFT system at: https://swft.nbis.mil, and run the “Scanner Registration Status by Org/CAGE Code” report in the Reports section. You can also run the “Scanner Registration Status by Hardware Vendor and Serial Number” report if you know the manufacturer and serial number of their scanning device or devices.

19. What type of fingerprint scanner can be used for SWFT and WebEnroll?

 For SWFT, the Federal Bureau of Investigation (FBI) maintains a list of products certified as tested and compliant with the FBI’s Next Generation Identification (NGI) initiatives and Integrated Automated Fingerprint Identification System (IAFIS) Image Quality Specifications (IQS).  The list of FBI certified products is available on the FBI Biometric Specifications (BioSpecs) website. SWFT Users may choose to acquire any certified product, depending on their actual need.
For WebEnroll users, not all FBI approved scanners are supported by WebEnroll. The list of supported scanners is on the SWFT DCSA informational website https://www.dcsa.mil/is/swft/ under SWFT Resources, then eFP Enrollment (SWFT+) section titled “Supported Device List”.
Note: All eFPs need to be a .EFT or .SUB file to be uploaded to SWFT.

20. What reference guides should I consult while setting up my scanner?

For SWFT users, follow your manufacturer’s guidance on setting up your scanner.
For WebEnroll users, log in to SWFT and click on the Help button. Select the “WebEnroll Users Guide” for fingerprint device instructions. For additional technical support, work with your local IT staff to set up and configure your scanners.

21. What are the DCSA requirements for scanner configuration and settings?

FTS only accepts Type-4 fingerprint images for electronic submission, which consist of;

  • 10 rolled Impressions
  • 1 Plain Left and Right Simultaneous Four Finger Impressions
  • 1 Plain Left and Right Thumb Impression

Information regarding FBI system requirements and approved devices can be found on the FBI Certified Product List.

22. My Organization is a Third-Party Vendor whose fingerprint scanner is being sponsored for production use by a cleared DoD contractor. Will I have to re-register the same fingerprint scanner each time I provide services to other authorized SWFT Users?

Fingerprint scanning workstation or server platform scanning systems must be registered and tested only once. They do not have to be re-registered or re-tested again before being able to service other client organizations. Provide to your customers the manufacturer and serial number of your scanners or provide them your Org/CAGE Code or the Org/CAGE Code of the Organization that sponsored the registration of your devices so that your customers can verify in SWFT that your equipment has been registered and approved for use. Note that any change in your system that could affect the quality or contents of eFP files (for example, software patches or upgrade, hardware replacement, scanner relocation, and so on) requires the equipment to be retested.

Important Note: The SWFT user/Agency registering the scanner assumes the responsibility of all activities and use of that scanner. All usage should comply with established PII protection and security policies.

23. My Organization will be utilizing a cleared Organization/Third Party Vendor’s equipment for creating eFP files. Will they be able to submit eFPs on our behalf?

Yes, another Organization that already has a SWFT account can submit eFPs on your behalf. There are three available options which are detailed in the SWFT Access, Registration and Testing Procedures document available on the SWFT DCSA information website at: https://www.dcsa.mil/is/swft/.
Important Note: The SWFT user/Agency registering the scanner assumes the responsibility of all activities and use of that scanner. All usage should comply with established PII protection and security policies.
Option 1: Service Provider Acts with Limited Permissions Submits Fingerprints on Behalf of another Organization
Any SWFT account holder can act as a service provider for one or more other Organizations if a “Multi-Site Uploader” permission is enabled for that account. This allows the service provider or any other SWFT user with the “Multi Site Uploader” permission to submit eFPs for other organizations and generate reports that identify eFPs they uploaded on behalf of other organizations.
The DCSA CET Executive Administrators grant the permission to use the “Multi-Site Uploader” permission after receiving a valid PSSAR approved by the appropriate nominating official from the service provider.
Serviced organizations must obtain at least their own SWFT Organization account before seeking services from a Service Provider. An Organization record does not expire and does not require a fingerprint scanning device to be registered or associated with it. A Serviced organization with an Organization record might also choose to maintain their own SWFT user account to track the fingerprint transactions that were submitted on their behalf by Service Providers.
Option 2: Service Provider Acts with Full Permissions to Submit Fingerprints on Behalf of another Organization
A Service Provider must have their own SWFT account established under the organization for which if provides services. This account must be associated with one or more of the serviced organization’s Org/CAGE Codes. A SWFT account under the serviced organization grants the service provider the ability to submit eFPs on their behalf. The service provider can access SWFT reports and PII data for eFPs they have uploaded on behalf of their serviced organizations.
Each request for adding an additional Org/CAGE Code to an existing SWFT account requires a separate PSSAR approved by the appropriate nominating official from the serviced organization. Serviced Organizations should maintain their own SWFT account and monitor the progress of their eFP submissions.
Option 3: Third Party Service Provider authorized to enroll (that is, take) fingerprints and produce electronic fingerprint files, or submit e-fingerprints to SWFT, or both
Third party service providers must have their own hardware/software equipment, which has been registered, tested, and approved for SWFT production under their organization. A 3rd party service provider must also be vetted to offer fingerprint services to DoD clients.
The “Fingerprint Service Providers” list, published on the SWFT DCSA informational website https://www.dcsa.mil/is/swft/, lists DCSA vetted 3rd party service providers. Some service providers have offices in multiple geographical areas.
Organizations intending to offer their fingerprint services to the DoD community on the SWFT DCSA informational website https://www.dcsa.mil/is/swft/ should contact the SWFT Coordinator for qualification criteria and to initiate the vetting process.

24. What is the policy for getting scanner-server platform fingerprint systems registered and tested?

 Scanner-server platform fingerprint systems typically involve two components:

One or more fingerprint scanning devices; 2) Server platform that integrates fingerprint images and biographic data and generates the electronic fingerprint file.

Multiple scanning devices can be connected to a single server platform. At least one scanner-server platform pair must be registered and tested with SWFT and the Registration Authority (RA). The registration must prove that the hardware and software components in scanner-server platform system meet the FBI certification guidelines. The test of the scanner-server platform pair must prove that the system is properly configured and generates eFP files that comply with the FBI Electronic Biometric Transmission Specification (EBTS) and FTS/RA specifications.

Additional scanning devices that communicate with the server platform must be registered, but do not have to be tested. Scanning devices that will connect to an already registered and tested server platform system must include in the registration form a reference to the registered scanner and server platform.

25. What is the timeline for scanner registration and approval?

It usually takes less than two weeks to complete the scanner registration process and receive approval to operate in the production environment. The time frame is contingent upon the timeliness of responses to the SWFT Coordinator. Incorrect information and/or delays in responses to the SWFT Coordinator will delay final registration authority approval.

26. Can I submit eFPs to the Authorized Destination if the scanning device I am using has not been approved for production?

NO, All stand-alone scanners must be tested in SWFT before they can be used to capture eFPs, unless you are using a server platform system, as explained in question 16. Only approved scanning devices can submit eFPs to the authorized destination. Refer to the Access, Registration, and Test Guide on the SWFT DCSA informational website https://www.dcsa.mil/is/swft/ for additional information on the scanner testing process.

27. Do the eFPs ever get deleted from SWFT?

 Each valid eFP is archived in SWFT after a set time limit and may be deleted from the SWFT database after a set time span in accordance with directives from the National Archives and Records Administration (NARA).

28. Are both rolled fingerprints and flat fingerprints accepted?

Only Type-4 rolled fingerprints are accepted (see also Question: What are the DCSA requirements for scanner configuration and settings?).

29. How are the fingerprint files matched with the eApp submission?

The DoD Security Manager/Facility Security Officer (FSO) who initiates the eApp submission for the Personnel Security Management Office for Industry’s (PSMO-I) approval must select “I” in the Federal Investigations Processing Center (FIPC) field. This triggers a mechanism that delivers necessary eApp data to SWFT where they can be matched with the same type of data obtained from the eFP file.

30. What makes up the Transaction Control Number (TCN)?

The SWFT TCN must be unique for each fingerprint transaction and consists of the TCN Prefix and TCN Suffix. The TCN Prefix typically remains constant for each fingerprinting device, while TCN Suffix is unique in each fingerprint transaction submitted from that device.

Refer to the SWFT Scanner Configuration and Registration Guide, which is accessible through the SWFT Application in the Help Files. The SWFT Scanner Configuration and Registration Guide is Controlled Unclassified Information and is not available to the public.

31. What information must match between eApp and the eFP file to make the clearance process go through most efficiently?

To ensure that a request for investigation is processed efficiently, it is important that the personal identification information in the subject’s eApp record match with the same information contained in the eFP. The following match criteria apply:

Subject PII Data
Last Name - eFP and eApp must match exactly
First Name - eFP and eApp must match exactly
Middle Name - Minor difference/discrepancy may be acceptable (for example, Marcie Gail Smith in eApp versus M. Gail Smith or Marcie G. Smith in eFP)
Social Security Number (SSN) - eFP and eApp must match exactly
Date of Birth (DOB) - eFP and eApp must match exactly.

32. Does the investigation number need to be included in the eFP file?

The NBIS Case ID does not have to be listed on the eFP file. FTS searches for a matching eApp case using the SSN and other subject identifiers.

33. What data is entered in the SSN field if a person is a Foreign National and does not have an SSN?

Enter in all 9s.

34. Can the SWFT Coordinator change biographic information that was entered incorrectly in an eFP file?

The SWFT Coordinator is unable to change any information contained in eFP Files once they are uploaded to SWFT. If biographic information needs to be updated, a new eFP will need to be uploaded. Users of WebEnroll can post-edit certain biographic data and then resend the eFP.

35. My eFP processing is taking a long time. How can I find out why?

Any incorrect data in fields such as Name, SSN, DOB, or Place of Birth (POB) can cause delays.

To prevent future delays, before submitting the eFP to SWFT, check the eFP to be submitted against the eApp submission to ensure there are no discrepancies in any fields (for example, name, SSN, or DOB). If you do not have the eApp submssion, reach out to the subject of the eFP.

To check the status of an eFP, go to the eFP Search screen in SWFT. From there you can search for an eFP by SSN, Last Name, First Name, or TCN.

The eFP status definitions are listed below:

a.      Rejected – The eFP record’s eFP file had content validation errors and was rejected. (The PII data and the eFP file are not retained in SWFT)

b.      Received – The eFP file upload completed without content validation errors.

c.      Replaced – The eFP record was replaced by a newer eFP record due to a duplicate SSN.

d.      Queued – The eFP record is scheduled to be released to one or more destinations.

e.      Stalled – The eFP record did not meet the criteria to release to one or more of its destinations and requires manual intervention to continue processing. (Processing is stalled for Test eFPs and eFPs where destinations could not be determined by the Controlling Agency                      Identifier/Transaction   Control Number (CRI/TCN) filters)

f.       Completed – The eFP record that has been released to its scheduled destinations.

g.       Deleted – The eFP record has been manually marked as deleted. Only manual deletion is available and can only be performed by the SWFT Administrator. 

36. How do I complete fingerprints for an amputee?

For eFPs being uploaded to SWFT, contact your software vendor for additional instructions. For eFPs being uploaded through WebEnroll, when you are on the eFP capture screen, select “Amputation” as the option and follow the instructions on the eFP capture screen.

37. How can I print the fingerprints on the FD-258, SF-87 or state fingerprint forms?

Viewing and printing PDFs of fingerprint submissions requires “Transaction Viewer” role added to your account. If you do not see the Transaction Manager screen when you first log in to WebEnroll, then this permission has not been enabled on your account. The “Transaction Viewer” role can be requested from your Organization administrator.

If you have the “Transaction Viewer” role, select the checkbox to the left of the fingerprint file that you wish to print. After doing so, select the PDF View button in the upper right corner of the screen. Select the desired format in the window that appears and select View PDF. The file will then appear in a printable PDF file.