Attach 4 - OMB Questions on DBIDS

November 17, 2008 OMB Questions on DBIDS
(Revised December 9, 2008)

1. Please provide more details as to why these cards are needed vs. giving these individuals an HSPD-12 card.

Individuals responsible for the monitoring of access control points and the design of automated access control systems for DoD installations and facilities must have information with which to identify authorized individuals. The possession of a DoD or other credential, to include an HSPD-12 PIV credential, is not sufficient to warrant entry. There are rules surrounding entry to access areas, to include days and times and under which Force Protection Conditions an individual may enter. DBIDS was developed for the collection and maintenance of this access authorization information, and for providing it to authorized individuals and systems for decision-making purposes. DBIDS provides the capability to support tiered access control based on force protection condition and access control rules and capabilities across installations and/or regions.

For installations using DBIDS for access control, a registered ID card must be presented and scanned for comparison with the information stored in the DBIDS database. Currently, DBIDS is compatible with both the DoD HPSD-12 compliant Common Access Card (CAC) as well as the Uniformed Service Identification and Privilege card, referred to as the Teslin card. However, not everyone who requires physical access to a DoD installation or station is authorized one of these cards. DBIDS cards are issued to individuals who are not qualified for any other form of DoD ID card.

DoD Instruction 1000.13, "Identification (ID) Cards for Members of the Uniformed Services, Their Dependents, and Other Eligible Individuals," December 5, 1997) describes the requirements for Teslin card eligibility. Directive-Type Memorandum (DTM) 08-003, “Next Generation Common Access Card (CAC) Implementation Guidance,” December 1, 2008 updates the requirements for CAC eligibility. Specific populations are automatically eligible for a CAC based on their personnel category within the DoD. Examples include Uniformed Service personnel, DoD civilian employees, and specific categories of personnel assigned overseas in support of the Department. CAC eligibility for other populations, including DoD contractors, non-DoD federal civilians, state employees, and other non-DoD affiliates, is based on the DoD government sponsor’s determination of the type and frequency of access required to DoD facilities or networks that will effectively support the mission. To be eligible for a CAC, the access requirement must meet one of the following criteria:

(a) The individual requires access to multiple DoD facilities or access to multiple non-DoD Federal facilities on behalf of the Department on a recurring basis for a period of 6 months or more (this requirement is applicable to DoD contractors only.

(b) The individual requires both access to a DoD facility and access to DoD networks on site or remotely.

(c) The individual requires remote access to DoD networks that use only the CAC logon for user authentication.

These criteria are consistent with OMB Memorandum M-05-24, August 2005 that directs that credentialing standards generally apply to such categories unless they are short-term employees (less than 6 months), in which case the agency has discretion based on risk and other factors. Based on these criteria, a DBIDS card for non-DoD contractor personnel requiring recurring physical access to an installation meets a need that is not fulfilled by the HSPD-12 PIV credential policy.

2. If a card is needed for limited access -- please define what DOD means by limited access.

Limited access is defined as situational occasional physical access to a DoD base or station by an individual who is not authorized a DoD ID card (CAC or Teslin), and who has no requirement for DoD network access. An example of a DBIDS card recipient is a vendor such as a soft drink delivery truck driver or the staff of a grounds-keeping firm that mows grass and trims shrubs periodically.

3. Please provide more specifics on how many individuals within DOD would need to get this badge and the costs associated with this program.

DBIDS is currently installed at 176 sites, world-wide, with a total registered population (including archived records) of more than 1.5M. Based on current active registration statistics, the population requiring a DBIDS card is approximately one-third of the population registered with a CAC or Teslin card (one DBIDS card for every two DoD ID cards). With a DoD ID cardholder base of approximately 10.3M, the projected total number of DBIDS cards would be 3.4M with DBIDS cards costing approximately $1 each for a total of $3.4M. If CACs were issued in place of DBIDS cards, the cost would be approximately $30.6M.

4. The screen shots provided show a more extensive process than is currently mandated by HSPD-12 -- 10 point fingerprint, iris capture, etc. Why is this needed if these individuals will have limited access to a DOD facility?

Normal DBIDS registration requires the capture of two fingerprints (a primary and an alternate) as well as a frontal photograph. The screen captures referenced in this question pertain to the Southwest Asia (SWA) version of DBIDS only. Due to the requirement for increased security in countries such as Bahrain, Kuwait and Qatar, other country nationals that have not been vetted by “trusted” sources are required to provide iris scans, ten-print fingerprints, hand geometry, and five photographs for facial recognition. They must also provide additional demographic information including nationality, place of birth, aliases, race, tribe, blood type and marital status.

This biometric and demographic information is submitted to an element of the Biometrics Task Force (BTF), formerly known as the Biometrics Fusion Center. Upon receiving applicant data the BTF verifies the data using the Automated Biometric Identification System (ABIS) against various authoritative sources such as the Integrated Automated Fingerprint Identification System (IAFIS), maintained by the Federal Bureau of Investigations (FBI), or their own red force database. The BTF returns a message stating whether there is match for the individual in these authoritative sources. In the case of a match, additional sources of information are checked before the screening official makes a decision to approve issuance of a DBIDS identification card, reject the application, or even detain the individual.

5. Is the proposed system interoperable with DOD's HSPD-12 rollout? If an individual moves from limited access to more routine access?

Yes, DBIDS is capable of enrolling an individual using either the HSPD-12 compliant CAC or the Teslin card. The DoD ID card used in the registration process is the credential used for physical access control; there is no need to issue a DBIDS card. If a DBIDS cardholder moves from a position with limited access to one requiring a CAC, his or her personal information does not need to be recaptured in DBIDS. The DBIDS record is updated to reflect the person’s new Authorization Category and scanning the barcodes on the CAC are scanned in order to associate it, rather than the DBIDS card, with the person’s record.

6. Please provide a comparison of the costs for this proposed program to DOD HSPD-12 program?

DBIDS cards for those populations that do not currently receive a CAC card (HSPD-12) or Teslin card (Dependents and Retirees) cost approximately $1 each while the HSPD-12 compliant CACs cost approximately $9 each (this cost includes the protective opaque card sleeve).

7. Figure 11 -- Screening Family Information Screen. What is the rationale for asking for grandparent information? To my knowledge, we don't ask for this information even with a SF-86. Same goes for hair color, eye color, etc.

This requirement applies to the SWA version of DBIDS only. See the answer to question #4.

8. How much money is currently spent on this program and what will be the costs for this program should OMB approve this collection?

In FY08, $20,612,519 was expended on DBIDS, including $624,904 for regional data centers and test lab equipment. The projected funding requirement for FY09-FY13 is $157,374,180, which includes reimbursable funding.