FAQs – DISS

DISS serves as the system of record for personnel security, suitability, and credential management of all DOD employees, military personnel, civilians, and DOD contractors. DISS also provides secure communications between Adjudicators, Security Officers, and Component Adjudicators in support of eligibility and access management.

Please reach out to the following email,
dcsa.eastern.dcsa-dvd.mbx.diss-provisioning@mail.mil and provide them with your completed PSSAR form and required training certificates.

Please refer to the attached document named “2020 FAQ DISS JVS Industry PSAARs” for guidance on how to properly fill out the PSSAR.

Additional DISS processing information can be found on the DISS Resources website, https://www.dcsa.mil/is/diss/dissresources/

There are two options for obtaining Cyber Security Awareness/Information Assurance completion certificates:
1. Cyber Awareness Challenge - https://public.cyber.mil/training/cyber‐awareness‐challenge/ (After you get to the DISAwebsite you may need to click on Training and then click on Cyber Awareness Challenge).
2. Annual security training provided by the cleared service/company/agency.

There are two options for obtaining Personally Identifiable Information (PII) completion certificates:
1. https://public.cyber.mil/training/identifying‐and‐safeguarding‐personally‐identifiable‐information‐pii/
2. http://www.cdse.edu/catalog/elearning/DS‐IF101.html (you need a STEPP account)

Add a password to Adobe Acrobat (pdf)
Open the PDF and choose Tools > Protect > Encrypt > Encrypt with Password. If you receive a prompt, click Yes to change the security. Select Require a Password to Open the Document, then type the password in the corresponding field.

**Please email the password to the above-mentioned email address in a separate email. This will allow us to open and process the file.

A minimum of interim secret eligibility is required to access DISS. Account Managers within each Component/Agency/Company will determine the specific DISS customer user base and assign user roles based on Component/Agency/Company guidance and responsibilities.

Each DISS user will be required to have a DoD approved Public Key Infrastructure (PKI) certificate smartcard/token in the form of a Common Access Card (CAC), Personal Identity Verification (PIV) card, or authorized External Certificate Authority (ECA) certificate.

Yes, the registration process must be completed every time you get a new or replacement CAC or PIV. The Hierarchy/Account Manager or the DCSA CET will need to generate a new password. The pre-established registration user id and the newly generated password should be sent to the user. Thereafter, the user should re-register using the steps outlined below:

1. Select their Certificate.
2. Click on the login button and you will be redirected to the User Registration Page.
3. Enter the pre-established user id and the newly generated password and click register.

The Hierarchy/Account Manager or the DCSA CET will need to generate a new password.

Each DISS user will be required to have a Web browser with Microsoft Edge, Firefox 11 or above, or Google Chrome. Government approved encryption is required.

Users should validate each agency/company employee record based on HR employee list.

DISS Training e-learning modules are provided online through DCSA and USA Learning websites. Also, Job Aids are provided on the DCSA website. Training will also be conducted via webinars.

RRUs have become customer service requests (CSRs) in DISS. Customer Service Requests allow specific workflows to be sent to the DCSA VROC and DoD CAF for review and processing.

Users can find information on DISS by going to the DMDC DISS web page. Updates include alerts, notices, and release notes. User manuals will be provided within the landing page of the DISS application. The information should be posted on the “About JVS” tab on the DISS Homepage.

Hierarchy Managers are designated by their Component/Agency/Company.

Personnel are granted access to DISS for the specific purpose of verifying eligibility and determining access to classified information of their service members/employees and/or visitors. There is NO AUTHORIZED USE OF DISS PRINTOUTS! Security Officers/Facility Security Officers should never print out any screen, screenshot, or provide DISS printouts to any agency or person.

No, the exit screen and back button will not lock your account. The user will have to login again upon exiting, however.

Yes, there are indications throughout DISS when a save takes place. You will see a window in the upper right side of the screen for a few brief seconds showing that something saved or submitted.

https://nbib.opm.gov/e-qip-background-investigations The applicant's Security Officer must have first initiated the Investigation Request and provided access information, such as initial username and password

Yes, the information can be viewed with either the Security Manager or Security Officer role, only if you are an industry SMO user.*Once the applicant submits the SF86/eQIP/applicant’s personnel security questionnaire form the FSO will need to claim the task in DISS in the task inbox. Then they will review the investigation request to either approve or reject the investigation request. Please reference section 3.1.1.17 (Review Investigation Request) in the JVS User Manual

Task inbox is where RFA come through. Users go to the Task inbox to view/work assigned task. Please reference section 3.1.1.1 in the JVS User Manual, View Task Inbox. The Task Inbox is accessible by Security Officers, Security Officer Administrators, Hierarchy Managers, Security Managers, and Component Adjudicators. The Task Inbox includes sub-tabs for Assigned Tasks and Unassigned Tasks. Users view tasks that they have claimed in the Assigned Tasks sub-tab and work the task to process the request. They can view and claim tasks from the Unassigned Tasks sub-tab. After claiming or completing a task, the data in the Task Inbox will not automatically update. Users must refresh the data in the Task Inbox by clicking on Task Inbox in the Communications control panel.

Security Officers can add information about the subject’s relationships with foreign individuals in the Subject Details tab. The Security Officer must have the Manage Foreign Relationships permission as well as an owning or servicing relationship with the subject in order to add or update a foreign relative/contact. -Users with the appropriate permission can update a subject’s foreign contact manually (see directions below), or the contacts may be updated by the e-ingest of SF forms or other case documents -Please see 3.5.1.30 Add Foreign Contact or Relative, 3.5.1.31 Edit Foreign Contact(s) and Relative(s) Information in the JVS User Manual. -The Foreign Travel sub-tab allows Security Officers to create new foreign travel records, including foreign contacts and countries visited, as well as edit existing foreign travel records, including removing countries or contacts. The Security Officer is also able to cancel or debrief the subject’s foreign travel records. -A Security Officer can edit a subject's foreign travel record, but only if it is in the Initial or Draft status. Records that are Debriefed or Canceled cannot be edited; the Security Officer can only add a comment to the foreign travel record. -Please see 3.5.1.57 View Foreign Travel, 3.5.1.57 Create Foreign Travel, 3.5.1.58 Edit Foreign Travel-Edit Foreign Travel Detail, 3.5.1.59 Edit Foreign Travel-Add Foreign Travel Countries, 3.5.1.60 Edit Foreign Travel-Edit Foreign Travel Countries, 3.5.1.61 Edit Foreign Travel-Delete Foreign Travel Countries, 3.5.1.62 Edit Foreign Travel-Add Foreign Contacts, 3.5.1.63 Edit Foreign Travel- Delete Foreign Contacts, 3.5.1.64 Edit Foreign Travel-Foreign Travel Comments, 3.5.1.65 Cancel Foreign Travel, 3.5.1.66 Debrief Foreign Travel of the JVS User Manual.

No, DISS will require new system access for each user. The minimum requirements for system access are a completed Personnel Security System Access Request (PSSAR) form, Personal Identifying Information (PII) and cyber awareness training certificate. At this time, system training certificates are not required for system access. Once provisioned, the Hierarchy and/or Account Manager can provision users within their Component/Agency/Company.

Yes, all JPAS data will be migrated to DISS upon full deployment. We understood from Monday’s DCSA Working group meeting that certain information (RFIs and other communications to the CAF) would not migrate. The user would have to submit a request for that information.

A minimum of interim secret eligibility is required to access DISS. Account Managers within each Component/Agency/Company will determine the specific DISS customer user base and assign user roles based on Component/Agency/Company guidance and responsibilities.

• Created means the visit template was built by a user. Users in both the hosting and creating SMOs can modify the visit location and add/cancel personnel to the visit
• Active means the visit is ongoing, only the hosting SMO can modify the visit location in this status. Personnel can still be added/cancelled from the visit while active
• Cancelled means that visit request is no longer active and cannot be reactivated/modified/deleted
• Archived means the visit was completed and it can no longer be reactivated/modified/deleted

• The following roles will have access to all Hosting and Visiting SMO Requests via the "View SMO Visits" selection on the SMO menu: Security Officer, Security Officer Admin, Security Officer Visit Admin, Security Manager, Physical Access Control Personnel, Help Desk and Application Admin with View Visit permission
• For visits associated only to a specific subject, users can view those visits on the Subject Detail screen under the "Accesses" tab
• For all Visit Requests associated with your SMO, the Hosting Visit and Outgoing Visit reports are available in the Reporting Module

Yes, DISS allows for users to create a "Hosting" visit. The visiting SMO will receive a notification and can add/cancel visitors from the visit as well as modify the visit location while the Visit is in the "Created" status.

Yes, users can add personnel that have a relationship with another SMO. If the subject has a relationship with a SMO, they can be added to a visit.

Yes, the visit will also be added to the subject’s record as well as found in the Visit Report in the reporting module.

No, but you will receive a notification that the subject was added. As the visiting/hosting SMO, the Security Manager/Officer can "Cancel" their employee from the visit at any time.

Visits will be historically indexed in DISS until the last day of the visit. According to Privacy Policies, once the visit has been completed/archived it will be removed from display.

Yes, both SMOs can modify the visit while in a "Created" status. Once active however, only the Hosting SMO can modify the visit date and location.

Yes, using the "Find Hosting SMO" establishes your SMO to visit another SMO. When your SMO visit is created, the hosting SMO will receive a notification. The hosting SMO can cancel the visit if it's not approved.

Please call the DMDC Contact Center (878)274-1765 to report any potential misuses of DISS you may have observed.

As the Cognizant Security Agent (CSA) for DISS, when DMDC is made aware of an alleged misuse of DISS, the system must be protected from loss of data confidentiality, integrity, and availability. As a result, the user(s) account(s) are administratively locked and placed in administrative review, preventing any access to DISS during the review. This practice limits risk to the system and its data. During an administrative review:

1. The alleged will receive an Incident Notification Letter and any DISS accounts connected to the incident are locked.
2. Once the relevant data surrounding the incident is gathered, the DISS Program Manager (along with government counsel when necessary) decide as to whether the incident occurred:
   1. If it is determined that the incident occurred, the user may have their account terminated and be permanently barred from receiving another DISS (or future replacement system) account. A misuse of technology security incident will also be placed on the user’s DISS record for the DoD CAF to adjudicate.
   2. If it is determined that the incident did not take place the user account may be unlocked.
3. When an administrative review is complete, the user will receive an Outcome Notification Letter, outlining the decision and any subsequent actions.

If it is determined that a misuse has occurred, the user is at risk of losing their DISS account as well as being barred from reapplying for a DISS account PERMANENTLY. A misuse of technology incident will be placed on the user’s DISS record for eventual adjudication by the CAF. An appeals process does exist; however, only new, and relevant evidence may be presented to be considered for an appeal.

Follow all instructions as outlined in the incident notification letter. DISS General FAQ If a user receives a DISS incident notification letter, they may choose to directly respond with a personal statement addressing the incident. Note that the user(s) account(s) under administrative review will not be accessible, so please make appropriate coordination with other FSOs/AFSOs/SOs in your organization regarding your DISS workload/tasks. All communication regarding a DISS incident and/or administrative review should be directed to the email address provided in the notification letter.

Administrative reviews have no defined timeframe. Factors such as the severity of the misuse, the number of individuals involved, third party investigations/input, government counsel involvement, and size of audit files, among other factors can all vary from incident to incident.

To protect the confidentiality, integrity, and availability of the data in DISS, the user’s account will be locked and will not be accessible during the entire period of the administrative review.

In the rare circumstance where the integrity of an entire cleared organization/SMO is in question, all associated DISS user accounts may be locked. Appropriate investigative agencies may also be informed (e.g., Defense Criminal Investigative Service (DCIS), DoD Inspector General (DoDIG), etc.) dependent on circumstances and severity of the alleged incident. DISS audit logs are reviewed by program leadership to determine exactly what actions were performed/taken by the subject inside of the system, to include every screen viewed and every action taken in DISS. Note that your account will not be deleted/removed due to inactivity during an administrative review.

No, subject records will not turn red in DISS. Only the submitting office can view the incident report, however, all offices can view whether an incident flag exists. Under Subject Summary you will see a “YES” within the Incident block.

Users report incident by selecting the Report Incident link on the Person Summary page, or through the Subject’s Details link, select report incident (NOTE: User must have an Owning/Servicing relationship with the Subject, to use the Subject’s Details link)

NO! It is against DoD policies to share username/password, any approved active Public Key Infrastructure (PKI) hardware or allow an individual to access another person’s DISS account or certificate in any manner or form. Only the authorized account and certificate holder is permitted to access/use his/her account. Examples of Approved Active PKI hardware include Common Access Cards (CAC), Personal Identity Verification (PIV) cards, approved corporate badges, and External Certificate Authority (ECA) cards/tokens, among others.

You may utilize the Help manual in DISS which is found once you are logged into DISS. The Help button can be found in the upper left-hand corner beside the DISS logo, by click the word Help a new window appears with the DISS Help manual. You may search for any key words using ctrl+f and typing in the key words for any subject in question. If you need assistance, contact the Customer Engagements Team (CET), from 6 am – 6 pm Eastern Time. The CET team provides support for DISS and DCII systems. Telephone: 878-274-1765 Email: dcsa.ncr.nbis.mbx.contact-center@mail.mil NOTE: Do not send any Personally Identifiable Information (PII) or other sensitive data via email. Please note that marking the emails containing PII as ‘private,’ does nothing to protect sensitive information, and may prevent the CET from receiving the email

A:  

1.  Host needs to search the visiting Subject. Take a relationship (recommend servicing).
2. Find the visit under the access tab after opening subject details.
3. They can then open the visit and see all other subjects.

A: With recent update to DISS, the visit must be cancelled before the archive option will become active to select. As a reminder if you cancel a visit, it will send a notification out to the creating SMO notifying them know that the visit was canceled, and it will remove the visit.

A: Until 13.7 is released, recommend adding a word such as "Received" or "Worked" in the Visit Name. This will provide a way to sort your visits by the key word added.

A: This feature allows you to easily copy an existing visit details as well as a quick check box to add all of the existing approved subject (visitors) to the newly cloned visit.

A: Yes, select the full date range from the calendar.

A: No. When a visit request is created, it is created only for a single SMO.

A: Run a visit report (permission based). Use View SMO Visits to view all visits for the selected SMO. Pull up individual subject to view their visits (with Owning Relationship).

A: When you create a visit you can use the “Activate Visit” button to make the visit active prior to adding subjects/visitors to the visit request. Once subjects/visitors are added the option to use the “Activate Visit” button will be grayed out and no longer available for selection. To search for visits that have been created but not activated use the View SMO Visits, find visit status and select “created” then Find Visits and you will see a list meeting that criteria.

A: You will need to manually cancel or archive each visit to move it from the active list.

A: As you are creating a visit request, if you complete it but don’t add subjects as visitors you will still be able to see the Activate request button, once you add subjects the visit becomes Active and the Activate Visit button is unavailable or grayed out.

A: You can use the Activate Visit button to make a visit active without adding subjects. Once you add subjects, the visit is Active and you can no longer access the Activate Visit button, it is grayed out.

A. No, you cannot edit an Archived Visit.

A. No, a visit request should not be Archived before the end date of the visit

A: DCSA is currently working with stakeholders to address this issue; the military will be advised that all visits should remain active in the system.

A: Users with the Update PII permission (must have Security Manager or Officer Role) may update subject last name, birth country, birth state, birth date, and citizenship.

A: DISS allows to transfer individuals and/or multiple subjects using the mass transfer functions unless certain actions on the subjects prevent it. If not working in mass function, debrief and add in new SMO.

A: All required fields are indicated with an asterisk (*). Category Organizations is an optional field.

A: Yes, if you have the proper role and permissions you can create a subject and establish relationship without granting access.

A: You don’t need to terminate the employee, you can add an owning relationship with the individual from the SMO Relationship tab, then delete the servicing relationship.

A: With Trusted Workforce, the hiring of new personnel and initiating an investigation is based on the current eligibility in DISS and the date of last investigation. If no eligibility is showing in DISS, initiate new (initial) investigation. If eligibility is showing in DISS, Security Manager (SM) can brief subject in access based on level supported, then SM should determine need for investigation based on date of last investigation and initiate PR if the investigation is no longer in scope. SM should work with VROC to enroll subject in Continuous Evaluation. Note: Reciprocity can be used if information is provided to VROC and DoD CAF for validation.

A: Yes, the function is available.

A: You cannot change the SMO relationship from servicing to owning. You must add a new relationship and then delete the previous relationship that no longer applies.

A: There is currently no way to add a servicing relationship without a subject first having an owning relationship.

A: You can add an owning relationship to an uncleared person without granting access.

A: If an individual, who only requires suitability or HSPD-12 credentialing, belongs to your organization you should have an owning relationship in JVS with that subject. Defer to your agency policy for this action.

A: Phone Number 878-274-1765, Customer Service Hours: 8:00 a.m. – 8:00 p.m. ET, Monday – Friday (excluding Federal Holidays). Security Manager and Security Officer with the Update PII permission can edit subject’s PII.

A: Go to the Subject Details, click the Other Subject Details tab, scroll down to Foreign contacts and relatives information block, find the family members that you need to edit and click the pencil icon under the options, that should allow you to edit the record.

A: Contact Servicing CAF or Component Adjudicator.

A: You must have the appropriate permission(s): Manage SCI Access or View SCI Access

A: The way I have seen a by name look up is if you go to View Subjects, you will see a list of Subjects associated with your agency then type in name and click ‘search’. If you are not associated with the subject, go to search subject to search using only the SSN. DoD ID number is not supported in DISS.

A: In short, you can do the debrief and removing all owning and servicing relationships then that subject won’t show up under your SMO. Please refer to the JVS User Manuel under the help hyperlink in JVS.

A: User complete and submit a CSR/Request Reciprocity in the Subject Action drop down in JVS.

A: DCSA leaves the naming of SMOs to the individual agency. Use the “Search SMO” function to find a particular SMO. Narrow search using drop-down menus.

A: Use the “Mass Subject Transfer” option in the Subject control panel.

A: One SMO doesn’t have multiple owners, however, one subject can be owned by multiple SMOs under the SMO relationship tab, usually if the subject has more than one category (i.e. reserve, industry, civilian employee, etc.).

A: The SMO Name Index is Numeric Characters, where this Code comes from or how a Security Manager or Security Officer is notified of this Code. Reference the JVS User Manual 3.3.4.1 Create SMO, item 5, on page 89.

A: DISS JVS is not set up to show SMO JPAS levels. DISS JVS permission levels provide the users the ability to manage and view specific access levels. All subjects can be managed from one SMO instead of the many levels that were used in JPAS.

A: Send a Hierarchy Change Request (HCR) to the following email address stating the need remove the SMO: dcsa.dcsa-northern.dcsa-dvd.mbx.diss-provisioning@mail.mil

A: Please send the information through the help desk and the DISS will research for removal.

A: No, that is incorrect. Provide SMO name and send request to have subjects removed and SMO deleted to the HCR email address: dcsa.dcsa-northern.dcsa-dvd.mbx.diss-provisioning@mail.mil

A: Currently, the SMO continues to display in the SMO Tree, but with a red “no” symbol on top that indicates it has been deactivated. As a hierarchy manger you can deactivate SMO within your tree. If unable to deactivate, send a Hierarchy Change Request (HCR) to the following email address stating the need to remove the SMO: dcsa.dcsa-northern.dcsa-dvd.mbx.diss-provisioning@mail.mil

A: Submit a Hierarchy Change Request to: dcsa.dcsa-northern.dcsa-dvd.mbx.diss-provisioning@mail.mil

A: There is no requirement to submit SF312 for debrief actions.

A: What type of access were you attempting to transfer. Collateral access should be removed at the time the individual out-processes.

A: Yes. You must consult your Agency policy on destroying hardcopy of documents.

A: If there is a date, the information transferred when the individual’s record transferred from JPAS so in theory an NDA was completed previously. A date will also populate when a new Sf312 is uploaded.

A: Submit a ticket with help desk.

A: Select document type which will open a new window. From there click the ‘Add Document’ button at the bottom and it should upload from there.

A: You must have the “View SCI Access” optional permission granted by your Account Manager and given to you as a JVS User (Security Officer/Security Manager Role) within JVS.

A: You must have the “Update PII” optional permission granted by your Account Manager and given to you as a JVS User (Security Officer/Security Manager Role) within JVS.

A: Yes. Please work this process with your supporting government agency.

A: Yes, you will need to submit a PSSAR with the optional permissions of view SCI Access checked (your Account Manager, who must have “Manage SCI DISS User” permissions, will provide you with that permission if your agency policy allows).

A: The Account Manager or Hierarchy Manager who gives access to JVS can grant this permission, however this would be an internal agency policy determining who, within the organization determines who is granted the “manage or view SCI access”.

A: If there is nothing to select from and you have an owning relationship, it is highly likely that the citizenship field is blank. Security Manager and Security with the Update PII permission can update the citizenship. Also check the investigation is scheduled.

A: First consider internal agency rules within your organization. Within JVS go to Access and select Access level from drop down screen to add to the individual.

A: Yes, it has been submitted to VROC.

A: IT levels are no longer supported by policy and not in DISS for use.

A: Servicing CAF or Component Adjudicator with Suitability and HSPD-12 Adjudication permissions grants the Suitability Eligibility.

A: DISS Team is in the process of creating a way to archive the messages while also trying to bring back the message capability to DISS to enhance communication within the system.

A: The red highlight notification is not a feature in DISS. You can refer to the Task Inbox for updates/changes/notifications.

A: Please provide the information to your assigned Industrial Security Representative (ISR), who can notify the DISS Team will collaborate with the NISS and DISS developers for a resolution. Additionally, please include some examples to the help desk so the DISS Team can verify the SMO is tied to your organization as identified in NISS.

A: Subjects owned or serviced by your SMO should populate in the Subject Report, if not please contact the help desk with examples so the DISS Team can troubleshoot.

A: The Account Manager who gives you access to JVS can grant this permission (as long as they also have “Manage SCI DISS User”), however this would be an internal agency policy determining who is granted this permission.

A: Contact help desk. Additionally, confirm that you removed all accesses or relationships from the subject.

A: You must have the manage SCI access or view SCI access permission for the SCI report.

A: Contact your Agency for this policy information.

A: Contact your Agency for this policy information.

A: JPAS did not have the capability to upload documents. The annotation that an NDA was completed with the completion date stored in JPAS will eventually be transitioned to DISS. All NDA dates from JPAS will be transferred to DISS – JVS.

A: Yes, you should not print material from DISS for sharing with other parties. Non-DoD agencies can submit a PSSAR to gain access to DISS-JVS to validate a subjects’ eligibility and access to include owning industry SMO.

A: Yes, based on SEAD 3 requirements.

A: You can see the investigating agency now if you own or service the individual and you click on the subject details link, then scroll down to the Investigation History table and click the investigation you are interested in, an Investigation Detail window opens up and shows information about that investigation including the investigating agency. Currently, not visible from the Subject Summary page

A: No, you can only search by SSN/PSSN or within your subject view by Last name and/or First name

A: This is not a report type.

A: There was a mapping issue with data involving eligibility from JPAS to DISS; clean-up was completed. If you continue to identify issues, please send an email to the Vetting Risk Operations Center (VROC) or submit a DISS Customer Service Request (CSR).