SWFT FAQs


Questions about Access, System Requirements, and User Guide

1. What is NBIS-SWFT?

National Background Investigation Services- Support Secure Web Fingerprint Transmissions (NBIS-SWFT) is a web-enabled system that serves for the collection and processing of fingerprints for applicants requiring a background investigation for a personnel security clearance. SWFT eliminates the need for paper-based capture and handling of fingerprints, expedites the background check process by reducing invalid fingerprint submissions, provides end-to-end accountability for sensitive Personally Identifiable Information (PII) data, and implements stringent security standards for all electronic transactions. NBIS-SWFT and SWFT can be used interchangeably, with SWFT being used within this document.

2. What is WebEnroll (Online Fingerprint Enrollment)?

WebEnroll is a web-based application that is integrated into the SWFT system and serves for online capture of biographic and biometric data. WebEnroll collates the subject data into standard eFP files and automatically forwards them to SWFT. Users are responsible for providing their own fingerprint capture device and software development kit (SDK) from the manufacturer; and obtaining a SWFT+ license from Defense Counterintelligence and Security Agency (DCSA) for each operational device. Contact the SWFT Coordinators for the process of obtaining the license.

3. Who can use SWFT?

Cleared organizations listed in the National Industrial Security Program (NISP) Database and Department of Defense (DoD) Components can use SWFT to submit electronic fingerprint (eFP) files for applicants requiring a background investigation for a personnel security clearance.

4. Who should use WebEnroll?

Implementation of WebEnroll is mandated by the Under Secretary of Defense for Intelligence [USD(I)] Memorandum for Civilian and uniform services organizations. The WebEnroll feature of SWFT is currently available to DoD Components and Federal Government agencies that enter into an agreement with DCSA. Refer to the SWFT DCSA informational website at https://www.dcsa.mil/is/swft/. Click the plus sign on the SWFT button, then SWFT Resources, and under General Information, click on the e-Fingerprints DoD Memo link for the entire memo.

5. How do I obtain a SWFT or WebEnroll account?

Please refer to the SWFT Access, Registration and Testing Procedures. The document is available on the SWFT DCSA website at https://www.dcsa.mil/is/swft/. Click the plus sign on the SWFT button, then SWFT Resources, and under Access Request, click on the “Access Registration Test Guide” link.
For WebEnroll users, the eFP online enrollment feature can be requested by checking the “Enroller” item in Box 15b on the PSSAR form. PSSARs should be submitted to your Organization Administrator for account creation.

6. What are the minimum security requirements for obtaining a SWFT account?

In order to receive a SWFT account, a potential user must have a favorable security clearance eligibility determination. SWFT requires a minimum of Interim Secret eligibility. Applicants should not submit a Personnel Security System Access Request (PSSAR) form until they have been granted at least an Interim Secret Clearance. Additionally, they must have received certificates for PII and Cyber Security training within the previous 12 months.

7. Where can I find the PSSAR form?

The document is available on the SWFT DCSA informational website at: https://www.dcsa.mil/is/swft/.

Industry users accessing SWFT, select the “PSSAR Form” under “SWFT Resources”, then “Access Request” section. This section has a sample PSSAR for your assistance. PSSAR Form Link:
https://www.dcsa.mil/Portals/91/Documents/IS/SWFT/Access%20Request/DD%20Form_2962_(PSSR)FEB2020.pdf

PSSAR Sample Link:
https://www.dcsa.mil/Portals/91/Documents/IS/SWFT/Access%20Request/DD_Form_2962_(PSSAR)_SAMPLE__FEB_2020.pdf

Government/DoD users accessing WebEnroll, select the “Access Request Form” under “SWFT Resources”, then the “eFP Enrollment (SWFT+)” section. This PSSAR has pre-filled information and prompts to avoid unnecessary PSSAR rejections due to missing information and should be used instead of the PSSAR form under the Access Request section. Additionally, this PSSAR is sufficient for requesting access to all SWFT functionality.

Access Request Form (PSSAR) Link:
https://www.dcsa.mil/Portals/91/Documents/IS/SWFT/eFP%20Enrollment/DD_Form_2962(PSSAR)Example_FEB_2020.pdf

The DCSA Customer Engagements Team (CET) is rejecting between 65% and 72% of the PSSARs they receive. The most common reasons a PSSAR is rejected are the following;

  • Part 2 - APPLICATIONS Section15a (PERMISSIONS) is missing a checkbox selection;
  • Part 3 - TRAINING Sections 18 and/or 19 are missing the training certificate information;
  • Part 5 - NOMINATING OFFICIAL'S CERTIFICATION is missing a brief descriptive statement justifying your need for a SWFT account.

If additional assistance is needed completing your PSSAR, email the DCSA CET at dcsa.ncr.nbis.mbx.contact-center@mail.mil.

8. How recent must the training certificates that I submit with my PSSAR be?

In order to receive a SWFT account, training certificates that are less than 12 months old must be submitted with your PSSAR form for the Cyber Security Awareness/Information Assurance (IA) and PII courses.

9. Can I e-mail PSSARs to the SWFT Helpdesk?

NO, SWFT PSSARs must be submitted directly to your SWFT Site/Organization Administrator. If you are an Organization Administrator, submit your PSSARs to the DCSA CET at: dcsa.ncr.nbis.mbx.contact-center@mail.mil.

10. How often must I log into my account in order to avoid my account being locked or terminated?

Users must log into their accounts every 30 days in order to avoid their account being locked. Accounts that are not accessed within 35 days of the last login will be terminated.

11. What should I do if my Smart Card is going to expire within 72 hours?

Log in to SWFT before your Smart Card expires and set up a temporary password on the User Settings screen. Once you receive the replacement smart card, enter your username and temporary password to log in to SWFT and register your new Private Key (PK) certificate.

12. What should I do if I receive a new Smart Card?

If you received a new Smart Card, reach out to the appropriate Administrator to receive a temporary password to log in to SWFT and register your new PK certificate.

13. What do I do if my account has been locked or terminated?

The standard user can get their accounts unlocked by contacting their Site/Organization Administrators and requesting their account be unlocked. Terminated accounts will require a new PSSAR to be submitted to their Site/Organization Administrator. Site Administrators must contact their Organization Administrators, if they require assistance with their account. Organization Administrators must contact the Executive Administrator at the DCSA CET, if they require assistance with their account.

14. As an Organization or Site Administrator, how do I reinstate a user who has had his or her account terminated due to 35 days of inactivity?

If a SWFT User in your Organization has had their account terminated, create a new account for that user once you have received a completed PSSAR from that user. You will not be able to reuse the user’s previous Login ID; however, you can use the SWFT feature to clone the rest of the user’s information from the expired account. For detailed steps on cloning a user account, log in to SWFT and click the “Help” button. Select the SWFT Administrator Guide and go to section 5.11 Clone a User Account.

15. What are the system requirements for SWFT and WebEnroll?

SWFT is entirely web-based. Therefore, the only requirement is internet access and a compatible web browser. SWFT currently supports only Microsoft® Internet Explorer® (IE) 11.0 or above. Other browsers may work as well, but some SWFT features might not perform reliably.

WebEnroll users should use Chrome to log into SWFT and access WebEnroll, but for accessing and using other SWFT features, IE browser should be used.

In order to use the eFP online enrollment feature of WebEnroll, users must have the BioComponent Manager and their scanner’s vendor provided SDK installed on their machine. See the “NBIS-SWFT WebEnroll User Interface Installation and Navigation Guide” on the SWFT Welcome Page for the BioComponent Manager Installation instructions.

The SDK will vary depending on the make and model of scanner that is being used. Links to the device SDKs may be obtained from your Organization Administrator or the scanner manufacturer.

16. Does an Organization need to have a fingerprint scanner before they can obtain a SWFT account?

NO, your Organization does not have to own or sponsor any scanning devices in order to obtain a SWFT account. After obtaining the account, please log in to SWFT at least once every 30 calendar days so that your account does not expire.

17. Is there a User Guide for SWFT and WebEnroll?

A “User Guide” for NBIS-SWFT is available online after logging in to SWFT. Click the “Help” button that is available on each web page to view the “User Guide” under the SWFT User Guide section. The NBIS-SWFT User Guide is For Official Use Only (FOUO), and is not available to the general public.
The “WebEnroll User Guide” is available on the Help screen in SWFT under the SWFT+ (WebEnroll) User Guides section.

18. My Organization will be utilizing another cleared Organization/Third Party Vendor’s equipment for creating eFP files. Which part of the Access, Registration, and Testing Procedures is relevant for our situation?

If your Organization will only submit the eFPs, then the “Access” section of the SWFT “Access, Registration, and Testing Procedures” is relevant to your situation, which can be found on the SWFT DCSA informational website. The “Registration and Testing” sections are not applicable as your Organization will be utilizing another Organization’s/Third Party Vendor’s fingerprint scanning system.

However, your Organization must verify that the Organization/Third Party Vendor that will generate the eFPs for you had their equipment registered and approved for production with SWFT. Obtain the Organization/Commercial and Government Entity (CAGE) Code from the Organization/Third Party Vendor, then log into the SWFT system at: https://swft.nbis.mil, and run the “Scanner Registration Status by Org/CAGE Code” report in the Reports section. You can also run the “Scanner Registration Status by Hardware Vendor and Serial Number” report if you know the manufacturer and serial number of their scanning device or devices.

Questions about the Equipment

19. What type of fingerprint scanner can be used for SWFT and WebEnroll?

For SWFT, the Federal Bureau of Investigation (FBI) maintains a list of products certified as tested and compliant with the FBI’s Next Generation Identification (NGI) initiatives and Integrated Automated Fingerprint Identification System (IAFIS) Image Quality Specifications (IQS). The list of FBI certified products is available on the FBI Biometric Specifications (BioSpecs) website under Certifications:
https://www.fbibiospecs.cjis.gov/Certifications. SWFT Users may choose to acquire any certified product, depending on their actual need.

For WebEnroll users, not all FBI approved scanners are supported by WebEnroll. The list of supported scanners is on the SWFT DCSA informational website under SWFT Resources, then eFP Enrollment (SWFT+) section titled “Supported Device List”.

Note: All eFPs need to be a .EFT file to be uploaded to SWFT.

20. What reference guides should I consult while setting up my scanner?

For SWFT users, follow your manufacturer’s guidance on setting up your scanner.

For WebEnroll users, log in to SWFT and click on the Help button. Select the “WebEnroll Users Guide” for fingerprint device instructions. For additional technical support, work with your local IT staff to set up and configure your scanners.

21. What are the National Background Investigations Bureau (NBIB) requirements for scanner configuration and settings?

For information regarding fingerprint requirements and specifications please refer to “Requesting Personnel Investigations via e-QIP” which can be found on the DCSA website using the following menu options or Uniform Resource Locator (URL):

MENU: dcsa.mil>Mission Centers> Personnel Vetting>I am Gov HR/Security> Requesting Personnel Investigations via e-QIP>Fingerprints

URL: https://www.dcsa.mil/mc/pv/gov_hr_security/requesting_pi_via_eqip/#6.0

DCSA Fingerprint Transaction Systems (FTS) only accepts Type-4 fingerprint images for electronic submission, which consist of;

  • 10 rolled impressions
  • 1 Plain Left and Right Simultaneous Four Finger Impressions
  • 1 Plain Left and Right Thumb Impression

To obtain additional information regarding NBIB Requirements and submitting eFPs to NBIB, please e-mail: fts@nbib.gov.

Information regarding FBI system requirements and approved devices can be found at the FBI Certified Products List: https://www.fbibiospecs.cjis.gov/Certifications.

22. My Organization is a Third Party Vendor whose fingerprint scanner is being sponsored for production use by a cleared DoD contractor. Will I have to re-register the same fingerprint scanner each time I provide services to other authorized SWFT Users?

Fingerprint scanning workstation or server platform scanning systems have to be registered and tested only once. They do not have to be re-registered or re-tested again before being able to service other client organizations. Provide to your customers the manufacturer and serial number of your scanners, or provide them your Org/CAGE Code or the Org/CAGE Code of the Organization that sponsored the registration of your devices so that your customers can verify in SWFT that your equipment has been registered and approved for use. Note that any change in your system that could affect the quality or contents of eFP files (for example, software patches or upgrade, hardware replacement, scanner relocation, and so on) requires the equipment to be retested.

23. My Organization will be utilizing a cleared Organization/Third Party Vendor’s equipment for creating eFP files. Will they be able to submit eFPs on our behalf?

Yes, another Organization that already has a SWFT account can submit eFPs on your behalf. There are three available options which are detailed in the SWFT Access, Registration and Testing Procedures document available on the SWFT DCSA information website at: https://www.dcsa.mil/is/swft/.

Option 1: Service Provider Acts with Limited Permissions Submits Fingerprints on Behalf of another Organization
Any SWFT account holder can act as a service provider for one or more other Organizations if a “Multi-Site Uploader” permission is enabled for that account. This allows the service provider or any other SWFT user with the “Multi Site Uploader” permission to submit eFPs for other organizations and generate reports that identify eFPs they uploaded on behalf of other organizations.

The DCSA CET Executive Administrators grant the permission to use the “Multi-Site Uploader” permission after receiving a valid PSSAR approved by the appropriate nominating official from the service provider.

Serviced organizations must obtain at least their own SWFT Organization account before seeking services from a Service Provider. An Organization record does not expire and does not require a fingerprint scanning device to be registered or associated with it. A Serviced organization with an Organization record might also choose to maintain their own SWFT user account to track the fingerprint transactions that were submitted on their behalf by Service Providers.

Option 2: Service Provider Acts with Full Permissions to Submit Fingerprints on Behalf of another Organization
A Service Provider must have their own SWFT account established under the organization for which if provides services. This account must be associated with one or more of the serviced organization’s Org/CAGE Codes. A SWFT account under the serviced organization grants the service provider the ability to submit eFPs on their behalf. The service provider can access SWFT reports and PII data for eFPs they have uploaded on behalf of their serviced organizations.
Each request for adding an additional Org/CAGE Code to an existing SWFT account requires a separate PSSAR approved by the appropriate nominating official from the serviced organization. Serviced Organizations should maintain their own SWFT account and monitor the progress of their eFP submissions.

Option 3: Third Party Service Provider authorized to enroll (that is, take) fingerprints and produce electronic fingerprint files, or submit e-fingerprints to SWFT, or both
Third party service providers must have their own hardware/software equipment, which has been registered, tested, and approved for SWFT production under their organization. A 3rd party service provider must also be vetted to offer fingerprint services to DoD clients.

The “Fingerprint Service Providers” list, published on the SWFT DCSA informational website, lists DCSA vetted 3rd party service providers. Some service providers have offices in multiple geographical areas.

Organizations intending to offer their fingerprint services to the DoD community on the SWFT DCSA informational website should contact the SWFT Coordinator for qualification criteria and to initiate the vetting process.

24. What is the policy for getting scanner-server platform fingerprint systems registered and tested?

Scanner-server platform fingerprint systems typically involve two components:
1) One or more fingerprint scanning devices; 2) Server platform that integrates fingerprint images and biographic data and generates the electronic fingerprint file.

Multiple scanning devices can be connected to a single server platform. At least one scanner-server platform pair must be registered and tested with SWFT and the Registration Authority (RA). The registration must prove that the hardware and software components in scanner-server platform system meet the FBI certification guidelines. The test of the scanner-server platform pair must prove that the system is properly configured and generates eFP files that comply with the FBI Electronic Biometric Transmission Specification (EBTS) and DCSA FTS/RA specifications.

Additional scanning devices that communicate with the server platform must be registered, but do not have to be tested. Scanning devices that will connect to an already registered and tested server platform system must include in the registration form a reference to the registered scanner and server platform.

25. What is the timeline for scanner registration and approval?

It usually takes less than two weeks to complete the scanner registration process and receive approval to operate in the production environment. The time frame is contingent upon the timeliness of responses to the SWFT Coordinator. Incorrect information and/or delays in responses to the SWFT Coordinator will delay final registration authority approval.

26. Can I submit eFPs to the Authorized Destination if the scanning device I am using has not been approved for production?

NO, All stand-alone scanners must be tested in SWFT before they can be used to capture eFPs, unless you are using a server platform system, as explained in question 16. Only approved scanning devices can submit eFPs to the authorized destination. Refer to the Access, Registration, and Test Guide on the SWFT DCSA informational website for additional information on the scanner testing process.

Questions about the Fingerprints

27. Do the eFPs ever get deleted from SWFT?

Each valid eFP is archived in SWFT after a set time limit and may be deleted from the SWFT database after a set time span in accordance with directives from the National Archives and Records Administration (NARA).

28. Are both rolled fingerprints and flat fingerprints accepted?

Only Type-4 rolled fingerprints are accepted (see also Question: What are the National Background Investigations Bureau (NBIB) requirements for scanner configuration and settings?)

29. How are the fingerprint files matched with the Electronic Questionnaires for Investigations Processing (e-QIP) submission?

The DoD Security Manager/Facility Security Officer (FSO) who initiates the e-QIP submission for the Personnel Security Management Office for Industry’s (PSMO-I) approval must select “I” in the Federal Investigations Processing Center (FIPC) field. This triggers a mechanism that delivers necessary e-QIP data to SWFT where they can be matched with the same type of data obtained from the eFP file.

30. What makes up the Transaction Control Number (TCN)?

The SWFT TCN must be unique for each fingerprint transaction, and consists of the TCN Prefix and TCN Suffix. The TCN Prefix typically remains constant for each fingerprinting device, while TCN Suffix is unique in each fingerprint transaction submitted from that device.

Refer to the NBIS-SWFT Scanner Configuration and Registration Guide, which is accessible through the SWFT Application in the Help Files. The NBIS-SWFT Scanner Configuration and Registration Guide is FOUO, and is not available to the general public.

31. What information has to match between e-QIP and the eFP file to make the clearance process go through most efficiently?

To ensure that a request for investigation is processed efficiently, it is important that the personal identification information in the subject’s e-QIP record match with the same information contained in the eFP. The following match criteria apply:

Subject PII Data

Last Name - eFP and e-QIP must match exactly

First Name - eFP and e-QIP must match exactly

Middle Name - Minor difference/discrepancy may be acceptable (for example, Marcie Gail Smith in e-QIP versus M. Gail Smith or Marcie G. Smith in eFP)

Social Security Number (SSN) - eFP and e-QIP must match exactly

Date of Birth (DOB) - eFP and e-QIP must match exactly

32. Does the investigation number need to be included in the eFP file?

The e-QIP request Identification (ID) does not have to be listed on the eFP file. DCSA FTS searches for a matching e-QIP case using the SSN and other subject identifiers.

33. What data is entered in the SSN field if a person is a Foreign National and does not have a SSN?

Enter all 9s, all 0s, or all 9s except the last digit being a 0.

34. Can the SWFT Coordinator change biographic information that was entered incorrectly in an eFP file?

The SWFT Coordinator is unable to change any information contained in eFP Files once they are uploaded to SWFT. If biographic information needs to be updated, a new eFP will need to be uploaded. Users of WebEnroll can post-edit certain biographic data and then resend the eFP.

35. My eFP’s processing is taking a long time. How can I find out why?

Any differences in fields such as Name, SSN, DOB, or Place of Birth (POB) between the submitted eFP and the e-QIP can cause delays. If the eFP has already been uploaded into SWFT, you can check for discrepancies by running the “eFP- eQIP Discrepancy” report. Click the “Reports” button in the left-hand column and select the “eFP- eQIP Discrepancy” report from the dropdown.

Refer to the NBIS-SWFT User Guide for details on generating reports. The NBIS-SWFT User Guide is available online to the users after logging in to SWFT. Click the “Help” button that is available on each web page. The NBIS-SWFT User Guide is FOUO, and is not available to the general public.

To prevent future delays, before submitting the eFP to SWFT, check the eFP to be submitted against the e-QIP to ensure there are no discrepancies in any fields (for example, name, SSN, or DOB).

To check the current status of an eFP, go to the eFP Search screen in SWFT. From there you can search for an eFP by SSN, Last Name, First Name, or TCN.

The eFP status definitions are listed below:

  1. Rejected – The eFP record’s eFP file had content validation errors and was rejected. (The PII data and the eFP file are not retained in SWFT)
  2. Received – The eFP file upload completed without content validation errors.
  3. Replaced – The eFP record was replaced by a newer eFP record due to a duplicate SSN.
  4. Queued – The eFP record is scheduled to be released to one or more destinations.
  5. Stalled – The eFP record did not meet the criteria to release to one or more of its destinations, and requires manual intervention to continue processing. (Processing is stalled for Test eFPs and eFPs where destinations could not be determined by the Controlling Agency Identifier/Transaction Control Number (CRI/TCN) filters)
  6. Completed – The eFP record that has been released to its scheduled destinations.
  7. Deleted – The eFP record has been manually marked as deleted. Only manual deletion is available and can only be performed by the SWFT Administrator.

36. How do I complete fingerprints for an amputee?

For eFPs being uploaded to SWFT, contact your software vendor for additional instructions. For eFPs being uploaded through WebEnroll, when you are on the eFP capture screen, select “Amputation” as the option and follow the instructions on the eFP capture screen.

37. How can I print the fingerprints on the FD-258, SF-87 or state fingerprint forms?

Viewing and printing PDFs of fingerprint submissions requires “Transaction Viewer” role added to your account. If you do not see the Transaction Manager screen when you first log in to WebEnroll, then this permission has not been enabled on your account. The “Transaction Viewer” role can be requested from your Organization administrator.

If you have the “Transaction Viewer” role, select the checkbox to the left of the fingerprint file that you wish to print. After doing so, select the PDF View button in the upper right corner of the screen. Select the desired format in the window that appears and select View PDF. The file will then appear in a printable PDF file.