DEFENSE SECURITY COOPERATION AGENCY
MEMORANDUM FOR :
Enrollment for the Security Cooperation Information Portal (SCIP)
- Message, SECDEF Washington DC/USDP-DSCA, Subject: Security Cooperation Enrollment Process, DTG 091310Z May 03 (Policy No 03-11)
This memorandum plus the referenced message (attachment 1) constitutes DSCA's policy position on the SCIP enrollment process for Foreign Military Sales customers. Attachment 2 is a suggested letter that requests each country to designate a Host Nation (HN) Token Administrator and alternate, whose duties will be to receive and account by each HN user on the SCIP, and to server as the authorizing agent f passwords need to be reset. Attachment 3 is a suggested memorandum that may be used as a model for the HN's response and is to be enclosed with Attachment 2.
DSCA requests that each Security Assistance Organization (SAO), Defense Attaché (DATT), and Foreign Service Officer (FSO), address and issue Attachment 2 to the HN so that he sender is the Chief SAO and the addressee is the appropriate host country representative. His letter should be delivered by 7 July 2003. Please enclose Attachment 3 with Attachment 2.
Your assistance is appreciated. Should you have additional questions, please contact Mr. Brent Pearlstein at brent.Pearlstein@dsca.mil, commercial (703) 601-3748, DSN 329-3748
Mark P. Scher
Chief Information Officer
1. USDP-DSCA message, DTG 091310X May 03
2. DSCA Sample Letter, undated
3. DSCA Sample Memorandum, undated
SECURITY COOPERATION PORTAL ENROLLMENT PROCESS
(U) THIS MESSAGE IS FOR SECURITY ASSISTANCE ORGANIZATION (SAO) CHIEFS AND DEFENSE ATTACHES (DATTS) PERFORMING SECURITY ASSISTANCE FUNCTIONS WORLDWIDE.
(U) THE DEFENSE SECURITY COOPERATION AGENCY (DSCA) IS ESTABLISHING A NEW WEBSITE KNOWN AS THE SECURITY COOPERATION INFORMATION PORTAL (SCIP). USING SCIP, SAOS AND INTERNATIONAL CUSTOMERS WILL BE ABLE TO VIEW THE STATUS OF THEIR FOREIGN MILITARY SALES (FMS) CASES AND PERFORM FUNCTIONS SUCH AS SUBMITTING REQUISITIONS, SUPPLY DISCREPANCY REPORTS, ETC. THE PORTAL IS ABOUT TO BECOME OPERATIONAL. OUR OBJECTIVE IS TO ACHIEVE WIDESPREAD ENROLLMENT OF USERS IN MAY 2003.
(U) USERS WHO ARE FOREIGN NATIONALS, WHETHER DOD FOREIGN SERVICE NATIONAL (FSN) EMPLOYERS OR FMS CUSTOMERS, AND U.S. CITIZENS WORKING FOR CUSTOMERS (E.G. IN AN EMBASSY IN WASHINGTON) WILL BE REQUIRED TO HAVE AN IDENTIFICATION DEVICE CALLED A TOKEN FOR THE PORTAL. THIS TOKEN WILL BE A COMMERCIAL PRODUCT KNOWN AS AN RSA SECURITY CARD. THIS CARD CONTAINS A CLOCK THAT PRODUCES A NEW SIX-DIGIT RANDOM NUMBER EVERY MINUTE. THE USERS MUST TYPE IN THESE RANDOM NUMBERS AFTER THEIR PASSWORDS. NO SPECIAL USER EQUIPMENT IS REQUIRED OTHER THAN A RELATIVELY RECENT VERSION OF MICROSOFT OR NETSCAPE BROWSER. DOD EMPLOYEES WHO ARE U.S. CITIZENS WILL USE CONVENTIONAL USER-NAMES AND PASSWORDS IN TE NEAR TERM AND A DOD COMMON ACCESS CARD (CAC) IN THE LONG TERM. DSCA INTENDS INITIALLY TO FURNISH A SMALL NUMBER OF TOKENS TO EACH COUNTRY. IF THE PORTAL IS SUCCESSFUL, WE WILL EXPAND THE QUANTITY. COUNTRIES WILL BE ABLE TO PURCHASE TOKENS BEYOND THEIR ALLOCATION VIA FMS CASES.
(U) DSCA WILL ALSO PROVIDE TOKENS FOR SAO FSN EMPLOYEES AS NEEDED TO PERFORM FMS FUNCTIONS.
(U) TO MANAGE THE TOKENS, THE FOLLOWING ACTIONS ARE REQUIRED OF THE SAO CHIEFS AND DATTS:
DESIGNATE BY LETTER A U.S. CITIZEN SAO TOKEN ADMINISTRATOR AND ALTERNATE (IF AVAILABLE) TO MAINTAIN A CHAIN OF CUSTODY FOR THE TOKENS TO BE USED BY FSNS IN YOUR OFFICE AND TO ADMINISTER PASSWORDS. IF THERE IS ONLY ONE U.S. CITIZEN IN THE OFFICE, NO ALTERNATE IS REQUIRED. THE LETTER MUST INCLUDE THE NAMES, SIGNATURES, TELEPHONE NUMBERS, EMAIL ADDRESSES OF THE SAO CHIEF/DATT, THE ADMINISTRATOR, AND ALTERNATE (IF AVAILABLE) AND THE NUMBER FO FSNS REQUIRING TOKENS. MAIL THE LETTER TO DSCA, ATTN: DIRECTORATE FOR IT (MR. BRENT PEARLSTEIN) 1111 JEFFERSON DAVIS HWY, ARLINGTON, VA 22202 OR FAX A COPY TO 703-602-7836.
IN MAY, DSCA WILL SEND YOU A FORMAL LETTER FOR DELIVERY TO THE HOST NATION (HN) REQUESTING DESIGNATION OF A HN TOKEN ADMINISTRATOR AND ALTERNATE. THE DUTIES OF THESE HN DESIGNEES WILL BE TO RECEIVE AN ACCOUNT FOR TOKENS, DISTRIBUTE THEM TO HN PERSONNEL, AND IDENTIFY TO DSCA THE PERMISSIONS REQUIRED BY EACH HN TOKEN USER ON THE PORTAL. WHILE THE HN MAY DESIGNATE USERS IN EACH OF ITS ARMED SERVICES, THERE MIST BE A SINGLE OVERALL HN TOKEN ADMINISTRATOR RESPONSIBLE FOR COMMUNICATING WITH DSCA. THAT INDIVIDUAL MAY BE ASSIGNED TO THE HNS EMBASSY IN WASHINGTON IF APPROPRIATE.
ONCE HN TOKEN ADMINISTRATORS HAVE BEEN DESIGNATED, DSCA WILL SHIP TOKENS TO THE SAO CHIEF/DATT WHO MUST OBTAIN A SIGHED RECEIPT FROM THE HN TOKEN ADMINISTRATOR AND FORWARD THE RECEIPT TO DSCA. IF THE HN TOKEN ADMINISTRATOR IS IN WASHINGTON, DSCA WILL MAKE THE DELIVERY. MOST COUNTRIES WILL RECEIVE ONLY ONE TOKEN IN THE INITIAL DISTRIBUTION; COUNTRIES WITH THE LARGER FMS PROGRAMS WILL RECEIVE ADDITIONAL TOKENS. THE TOKEN QUANTITIES MAY BE ADJUSTED WHEN ACTUAL USAGE/NEED IS DETERMINED.
(U) DSCA RECOGNIZES THAT TOKEN-BASED ACCESS CONTROL REQUIRES MORE ADMINISTRATION THAT THE TRADITIONAL USERNAME AND PASSWORD APPROACH. HOWEVER, DOD POLICY MANDATES STRONGER CONTROLS. WE ARE TRYING TO MAKE THIS SIMPLE FOR THE SAO AND CUSTOMER WHILE USING DUE DILIGENCE TO PROTECT EACH COUNTRY'S FMS DATA. OVER TIME, DSCA EXPECTS TO USE THE PORTAL'S AUTHENTICATION SYSTEM FOR NUMEROUS OTHER SERVICES, SUCH AS THE SECURITY ASSISTANCE NETWORK.
PLEASE SEND QUESTIONS, COMMENTS, OR SUGGESTIONS VIA E-MAIL TO MR. BRENT PEARLSTEIN AT BRENT.PEARLSTEIN@DSCA.MIL, COMM 703-601-3748, DSN 329-3748
Dear (In-Country Host Nation Point of Contact):
The Defense Security Cooperation Agency (DSCA) is establishing a website known as the Security Cooperation Information Portal (SCIP). This portal will enable Foreign Military Sales (FMS) customers and DoD personnel to view FMS case data from a tri-service perspective and perform such functions as submitting requisitions and Supply Discrepancy Reports on-line. Before the development of the SCIP, this kind of data was available only by individual U.S. Military Department (MILDEP) and there was no method for the FMS customers to view all of their case data from the systems of all three MILDEPs in one view. Now, SCIP users will be able to view the data contained in those systems on-line via a web-browser.
International customers will only have access to data that is pertinent to their country and that they are authorized to view and to transaction sets that they are authorized to input. DSCA will empower each country to specify what portion of its data will be available to each of its users and those transactions that each user can enter. For each SCIP user, the country will annotate its preferences on a SCIP enrollment form that will be submitted to DSCA for review. After checking each form for errors, DSCA will activate the requested access. DSCA will safeguard each country's data by restricting access on the basis of country and defined user roles. The SCIP will permit the user to select how to view the data in customized reports and will allow for changes to that view, more detailed views, or export of the data into EXCEL spreadsheets.
Users who are foreign nationals or US citizens working for customers (e.g. in an embassy in Washington) will be required to have an identification device called a "Token" for the SCIP. This token will be a commercial product known as a "RSA SecurID Card". The card contains a clock that produces a new six-digit random number every minute. The users must type in the random numbers after their passwords. No special user equipment is required other than Internet access and a relatively recent version of a Microsoft browser. DSCA intends initially to furnish a small number of tokens to each country. If the SCIP is successful, we will expand the quantity. Countries will be able to purchase tokens beyond their allocation via FMS procedures.
Request you reply to DSCA by 31 July 2003 with your designation of a Host Nation (RN) Token Administrator and alternate whose duties will be to receive and account for tokens, distribute them to HN personnel, to identify to DSCA the permissions required by each HN user on the SCIP, and to serve as the authorizing agent if passwords need to be reset.
While the HN may designate users in each of its armed services, there must be a single overall HN Token Administrator responsible for communicating with DSCA. This designation must be on official national letterhead and include the signature and title of the designating official in addition to the signatures and contact information of the HN Token Administrator and alternate. An attachment to this letter is enclosed providing suggested wording for your reply. Please note that the signature of the latter two designees will serve as the basis for user permissions to be entered into the SCIP and will be retained on file in DSCA for that purpose. Please note that the HN Token Administrator may be assigned to the HN's embassy in Washington D.C. if appropriate. Communications will be via email, telephone, or facsimile.
Once the HN Token Administrators have been designated, DSCA will ship the tokens to the Security Assistance Organization (SAD) Chief or Defense Attaché (DATT) or Foreign Service Officer (FSO) who will obtain a signed receipt from the HN Token Administrator and forward the receipt to DSCA. This assumes the HN Token Administrator is located in country.
If the HN Token Administrator is in Washington D.C., then DSCA will make the delivery, obtain the receipt, and inform the SAO Chief or DATT or FSO. We expect that users will find the SCIP a welcome innovation and useful addition for managing FMS cases, lines, requisitions, and Supply Discrepancy Reports. Please send questions, comments, or suggestions via e-mail to Mr. Brent Pearlstein at firstname.lastname@example.org, commercial (703) 601-3748.
(Signature of the SAO Chief)
Signature Block of the SAO Chief
Host Nation Letterhead
GOVERNMENT OF _____________________
Defense Security Cooperation Agency
Information Technology Directorate
2800 Defense Pentagon
Washington, DC 20301-2800 USA
Designation of Host Nation Token Administrator and Alternate
1. The personnel listed below have been designated by the Government of _______ to act as Token Administrator and Alternate Token Administrator for the Security Cooperation Information Portal.
2. Should you have any additional questions, please contact (printed name, title, phone number, fax number, email, and address of the Designating Official)
Signature of the Designating Official
Signature Block of the Designating Official
1. Token Administrator:
2. Alternate Token Administrator: