1. What is NBIS-SWFT?

National Background Investigation Services- Support Secure Web Fingerprint Transmissions (NBIS-SWFT) is a web-enabled system that serves for the collection and processing of fingerprints for applicants requiring a background investigation for a personnel security clearance. SWFT eliminates the need for paper-based capture and handling of fingerprints, expedites the background check process by reducing invalid fingerprint submissions, provides end-to-end accountability for sensitive Personally Identifiable Information (PII) data, and implements stringent security standards for all electronic transactions. NBIS-SWFT and SWFT can be used interchangeably.

2. What is WebEnroll (Online Fingerprint Enrollment)?

WebEnroll is a web-based application that is integrated into the SWFT system and serves for online capture of biographic and biometric data. WebEnroll collates the subject data into standard eFP files and automatically forwards them to SWFT. Users are responsible for providing their own fingerprint capture device and software development kit (SDK) from the manufacturer; and obtaining a SWFT+ license from Defense Counterintelligence and Security Agency (DCSA) for each operational device. Contact the SWFT Coordinators for the process of obtaining the license.

3. Who can use SWFT?

Cleared organizations listed in the National Industrial Security Program (NISP) Database and Department of Defense (DoD) Components can use SWFT to submit electronic fingerprint (eFP) files for applicants requiring a background investigation for a personnel security clearance.

4. Who should use WebEnroll?

Implementation of WebEnroll is mandated by the Under Secretary of Defense for Intelligence [USD(I)] Memorandum for Civilian and uniform services organizations. The WebEnroll feature of SWFT is currently available to DoD Components and Federal Government agencies that enter into an agreement with DCSA. Refer to the SWFT DCSA informational website. Select SWFT Resources, and under General Information, click on the “e-Fingerprints DoD Memo” link for the entire memo.

5. How do I obtain a SWFT or WebEnroll account?

Please refer to the SWFT Access, Registration and Testing Procedures. The document is available on the SWFT DCSA website at https://www.dcsa.mil/is/swft/. Select SWFT Resources, and under Access Request, click on the “Access Registration Test Guide” link.

For WebEnroll users, the eFP online enrollment feature can be requested by checking the “Enroller” item in Box 15b on the PSSAR form. PSSARs should be submitted to your Organization Administrator for account creation.

6. What are the minimum security requirements for obtaining a SWFT account?

To receive a SWFT account, a potential user must have a favorable security clearance eligibility determination. SWFT requires a minimum of Interim Secret eligibility. Applicants should not submit a Personnel Security System Access Request (PSSAR) form until they have been granted at least an Interim Secret Clearance. Additionally, they must have received certificates for PII and Cyber Security training within the previous 12 months.

7. Where can I find the PSSAR form?

The document is available on the SWFT DCSA informational website at: https://www.dcsa.mil/is/swft/.

All users accessing SWFT, select the “PSSAR Form” under “SWFT Resources”, then “Access Request” section. This PSSAR is sufficient for requesting access to all SWFT functionality.

The most common reasons a PSSAR is rejected are the following;

  • Part 2 - APPLICATIONS Section15a (PERMISSIONS) is missing a checkbox selection;
  • Part 3 - TRAINING Sections 18 and/or 19 are missing the training certificate information;
  • Part 5 - NOMINATING OFFICIAL'S CERTIFICATION is missing a brief descriptive statement justifying your need for a SWFT account.

If additional assistance is needed completing your PSSAR, email the DCSA FTS Team at dcsa.ncr.nbis.mbx.contact-center@mail.mil or 724-794-5612, EXT 4600, Option 2.

8. How recent must the training certificates that I submit with my PSSAR be?

To receive a SWFT account, training certificates that are less than 12 months old must be submitted with your PSSAR form for the Cyber Security Awareness/Information Assurance (IA) and PII courses.

9. Can I e-mail PSSARs to the SWFT Helpdesk?

No, SWFT PSSARs must be submitted directly to your SWFT Site/Organization Administrator. If you are an Organization Administrator, submit your PSSARs to the DCSA CET at: dcsa.ncr.nbis.mbx.contact-center@mail.mil.

10. How often must I log into my account in order to avoid my account being locked or terminated?

Users must log into their accounts every 30 days to avoid their account being locked. Accounts that are not accessed within 35 days of the last login will be terminated.

11. What should I do if my Smart Card is going to expire within 72 hours?

Log in to SWFT before your Smart Card expires and set up a temporary password on the User Settings screen. Once you receive the replacement smart card, enter your username and temporary password to log in to SWFT and register your new Private Key (PK) certificate.

12. What should I do if I receive a new Smart Card?

If you received a new Smart Card, reach out to the appropriate Administrator to receive a temporary password to log in to SWFT and register your new PK certificate.

13. What do I do if my account has been locked or terminated?

The basic and standard users can get their accounts unlocked by contacting their Site/Organization Administrators and requesting their account be unlocked. Terminated accounts will require a new PSSAR to be submitted to their Site/Organization Administrator. Site Administrators must contact their Organization Administrators if they require assistance with their account. Organization Administrators must contact the Executive Administrator at the DCSA FTS Team (724-794-5612), if they require assistance with their account.

14. As an Organization or Site Administrator, how do I reinstate a user who has had his or her account terminated due to 35 days of inactivity?

If a SWFT User in your Organization has had their account terminated, create a new account for that user once you have received a completed PSSAR from that user. You will not be able to reuse the user’s previous Login ID; however, you can use the SWFT feature to clone the rest of the user’s information from the expired account.

For detailed steps on cloning a user account, log in to SWFT, click the “Help” button and select the SWFT Administrator Guide.

15. What are the system requirements for SWFT and WebEnroll?

SWFT is entirely web-based. Therefore, the only requirement is internet access and a compatible web browser.

Support for Internet Explorer (IE) has been discontinued. Chrome and Edge are the recommended browsers for SWFT. Chrome is the recommended browsers for WebEnroll.

To use the eFP online enrollment feature of WebEnroll, users must have the BioComponent Manager and their scanner’s vendor provided SDK installed on their machine. See the “NBIS-SWFT WebEnroll User Interface Installation and Navigation Guide” in SWFT Help for the BioComponent Manager Installation instructions.

The SDK will vary depending on the make and model of scanner that is being used. Links to the device SDKs may be obtained from your Organization Administrator or the scanner manufacturer.


16. Does an Organization need to have a fingerprint scanner before they can obtain a SWFT account?

NO, your Organization does not have to own or sponsor any scanning devices in order to obtain a SWFT account. After obtaining the account, please log in to SWFT at least once every 30 calendar days so that your account does not expire.

17. Is there a User Guide for SWFT and WebEnroll?

A “User Guide” for NBIS-SWFT is available online after logging in to SWFT. Click the “Help” button to view the “User Guide” under the SWFT User Guide section. The NBIS-SWFT User Guide is Controlled Unclassified Information and is not available to the public.

The “WebEnroll Users Guide” is available on the Help screen in SWFT under the SWFT+ (WebEnroll) User Guides section.

18. My Organization will be utilizing another cleared Organization/Third Party Vendor’s equipment for creating eFP files. Which part of the Access, Registration, and Testing Procedures is relevant for our situation?

If your Organization will only submit the eFPs, then the “Access” section of the SWFT “Access, Registration, and Testing Procedures” is relevant to your situation, which can be found on the SWFT DCSA informational website. The “Registration and Testing” sections are not applicable as your Organization will be utilizing another Organization’s/Third Party Vendor’s fingerprint scanning system.

However, your Organization must verify that the Organization/Third Party Vendor that will generate the eFPs for you had their equipment registered and approved for production with SWFT. Obtain the Organization/Commercial and Government Entity (CAGE) Code from the Organization/Third Party Vendor, then log into the SWFT system at: https://swft.nbis.mil, and run the “Scanner Registration Status by Org/CAGE Code” report in the Reports section. You can also run the “Scanner Registration Status by Hardware Vendor and Serial Number” report if you know the manufacturer and serial number of their scanning device or devices.