Defense Counterintelligence and Security Agency- Support Secure Web Fingerprint Transmissions (DCSA-SWFT) is a web-enabled system that serves for the collection and processing of fingerprints for applicants requiring investigation services for personnel vetting. SWFT eliminates the need for paper-based capture and handling of fingerprints, expedites the background check process by reducing invalid fingerprint submissions, provides end-to-end accountability for sensitive Personally Identifiable Information (PII) data, and implements stringent security standards for all electronic transactions. DCSA-SWFT and SWFT can be used interchangeably.

WebEnroll is a web-based application that is integrated into the SWFT system and serves for online capture of biographic and biometric data. WebEnroll collates the subject data into standard eFP files and automatically forwards them to SWFT. Users are responsible for providing their own fingerprint capture device and software development kit (SDK) from the manufacturer; and obtaining a SWFT+ license from Defense Counterintelligence and Security Agency (DCSA) for each operational device. Contact the SWFT Coordinators for the process of obtaining the license.

Cleared organizations listed in the National Industrial Security Program (NISP) Database, Department of Defense (DoD) Components, and U.S. Federal Agencies can use SWFT to submit electronic fingerprint (eFP) files for applicants requiring investigation services.

Implementation of WebEnroll is mandated by the Under Secretary of Defense for Intelligence [USD(I)] Memorandum for Civilian and uniform services organizations. The WebEnroll feature of SWFT is currently available to DoD Components and U.S. Federal Government agencies that enter into an agreement with DCSA. Refer to the SWFT DCSA informational website at https://www.dcsa.mil/is/swft/. Select SWFT Resources, and under General Information, click on the “e-Fingerprints DoD Memo” link for the entire memo.

Please refer to the SWFT Access, Registration and Testing Procedures. The document is available on the SWFT DCSA website at https://www.dcsa.mil/is/swft/. Select SWFT Resources, and under Access Request, click on the “Access Registration Test Guide” link.
For WebEnroll users, the eFP online enrollment feature can be requested by checking the “Enroller” item in Box 15b on the PSSAR form. PSSARs should be submitted to your Organization Administrator for account creation.

To receive a SWFT account, the DoD applicant must have and maintain a favorable security clearance eligibility of Interim Secret. The U.S. Federal Agency applicant must have and maintain a minimum investigation level of Public Trust. Applicants should not submit a Personnel Security System Access Request (PSSAR) form until they have been granted the above clearance or investigation level. Additionally, they must have received certificates for PII and Cyber Security training within the previous 12 months.

The document is available on the SWFT DCSA informational website at: https://www.dcsa.mil/is/swft/. All users accessing SWFT, select the “PSSAR Form” under “SWFT Resources”, then “Access Request” section. This PSSAR is sufficient for requesting access to all SWFT functionality.
The most common reasons a PSSAR is rejected are the following:
Part 2 - APPLICATIONS Section15a (PERMISSIONS) is missing a checkbox selection;
Part 3 - TRAINING Sections 18 and/or 19 are missing the training certificate information.
If additional assistance is needed completing your PSSAR, email the Fingerprint Transaction Systems (FTS) System Liaisons at dcsaftsteam@mail.mil.

To receive a SWFT account, training certificates that are less than 12 months old must be submitted with your PSSAR form for the Cyber Security Awareness/Information Assurance (IA) and PII courses.

NO, SWFT PSSARs must be submitted directly to your SWFT Site/Organization Administrator. If you are an Organization Administrator, submit your PSSARs to the FTS System Liaisons at: dcsaftsteam@mail.mil.

Users must log into their accounts every 30 days to avoid their account being locked. Accounts that are not accessed within 35 days of the last login will be terminated.

Log in to SWFT before your Smart Card expires and set up a temporary password on the User Settings screen. Once you receive the replacement smart card, enter your username and temporary password to log in to SWFT and register your new Private Key (PK) certificate.

If you received a new Smart Card, reach out to the appropriate Administrator to receive a temporary password to log in to SWFT and register your new PK certificate.

The basic and standard users can get their accounts unlocked by contacting their Site/Organization Administrators and requesting their account be unlocked. Terminated accounts will require a new PSSAR to be submitted to their Site/Organization Administrator for reactivation. Site Administrators must contact their Organization Administrators if they require assistance with their account. Organization Administrators must contact the Executive Administrator at the DCSA FTS System Liaisons, if they require assistance with their account.

If a SWFT User in your Organization has had their account terminated, reactivate the SWFT account for that user once you have received a completed PSSAR from that user. You will be able to reuse the user’s previous Login ID and set a new password.
Important: Notify the user when sending their login information, reactivation is temporary, and the user's account may be deactivated again the next day if they do not take action immediately after receiving the reactivation notification.

SWFT is entirely web-based. Therefore, the only requirement is internet access and a compatible web browser.
Google Chrome and Edge are the recommended browsers for SWFT. Google Chrome is the recommended browser for WebEnroll.
To use the eFP online enrollment feature of WebEnroll, users must have the BioComponent Monitor and their scanner’s vendor provided SDK installed on their machine. See the “SWFT WebEnroll User Interface Installation and Navigation Guide” in SWFT Help for the BioComponent Monitor Installation instructions.
The SDK will vary depending on the make and model of scanner that is being used. Links to the device SDKs may be obtained from your Organization Administrator or the scanner manufacturer.

NO, your Organization does not have to own or sponsor any scanning devices to obtain a SWFT account. After obtaining the account, please log in to SWFT at least once every 30 calendar days so that your account does not expire.

A “User Guide” for SWFT is available online after logging in to SWFT. Click the “Help” button to view the “User Guide” under the SWFT User Guide section. The SWFT User Guide is Controlled Unclassified Information and is not available to the public.
The “WebEnroll Users Guide” is available on the Help screen in SWFT under the SWFT+ (WebEnroll) User Guides section.

If your Organization will only submit the eFPs, then the “Access” section of the SWFT “Access, Registration, and Testing Procedures” is relevant to your situation, which can be found on the SWFT DCSA informational website https://www.dcsa.mil/is/swft/. The “Registration and Testing” sections are not applicable as your Organization will be utilizing another Organization’s/Third Party Vendor’s fingerprint scanning system.
However, your Organization must verify that the Organization/Third Party Vendor that will generate the eFPs for you had their equipment registered and approved for production with SWFT. Obtain the Organization/Commercial and Government Entity (CAGE) Code from the Organization/Third Party Vendor, then log into the SWFT system at: https://swft.nbis.mil, and run the “Scanner Registration Status by Org/CAGE Code” report in the Reports section. You can also run the “Scanner Registration Status by Hardware Vendor and Serial Number” report if you know the manufacturer and serial number of their scanning device or devices.

For SWFT, the Federal Bureau of Investigation (FBI) maintains a list of products certified as tested and compliant with the FBI’s Next Generation Identification (NGI) initiatives and Integrated Automated Fingerprint Identification System (IAFIS) Image Quality Specifications (IQS). The list of FBI certified products is available on the FBI Biometric Specifications (BioSpecs) website. SWFT Users may choose to acquire any certified product, depending on their actual need.
For WebEnroll users, not all FBI approved scanners are supported by WebEnroll. The list of supported scanners is on the SWFT DCSA informational website under SWFT Resources, then eFP Enrollment (SWFT+) section titled “Supported Device List”.
Note: All eFPs need to be a .EFT file to be uploaded to SWFT.

For SWFT users, follow your manufacturer’s guidance on setting up your scanner.
For WebEnroll users, log in to SWFT and click on the Help button. Select the “WebEnroll Users Guide” for fingerprint device instructions. For additional technical support, work with your local IT staff to set up and configure your scanners.

DCSA Fingerprint Transaction Systems (FTS) only accepts Type-4 fingerprint images for electronic submission, which consist of;
- 10 rolled impressions
- 1 Plain Left and Right Simultaneous Four Finger Impressions
- 1 Plain Left and Right Thumb Impression
Information regarding FBI system requirements and approved devices can be found at the FBI Certified Products List.

Fingerprint scanning workstation or server platform scanning systems must be registered and tested only once. They do not have to be re-registered or re-tested again before being able to service other client organizations. Provide to your customers the manufacturer and serial number of your scanners or provide them your Org/CAGE Code or the Org/CAGE Code of the Organization that sponsored the registration of your devices so that your customers can verify in SWFT that your equipment has been registered and approved for use. Note that any change in your system that could affect the quality or contents of eFP files (for example, software patches or upgrade, hardware replacement, scanner relocation, and so on) requires the equipment to be retested.

Yes, another Organization that already has a SWFT account can submit eFPs on your behalf. There are three available options which are detailed in the SWFT Access, Registration and Testing Procedures document available on the SWFT DCSA information website at: https://www.dcsa.mil/is/swft/.

Scanner-server platform fingerprint systems typically involve two components:
1) One or more fingerprint scanning devices;
2) Server platform that integrates fingerprint images and biographic data and generates the electronic fingerprint file.
Multiple scanning devices can be connected to a single server platform. At least one scanner-server platform pair must be registered and tested with SWFT and the Registration Authority (RA). The registration must prove that the hardware and software components in scanner-server platform system meet the FBI certification guidelines. The test of the scanner-server platform pair must prove that the system is properly configured and generates eFP files that comply with the FBI Electronic Biometric Transmission Specification (EBTS) and DCSA FTS/RA specifications.

It usually takes less than two weeks to complete the scanner registration process and receive approval to operate in the production environment. The time frame is contingent upon the timeliness of responses to the SWFT Coordinator. Incorrect information and/or delays in responses to the SWFT Coordinator will delay final registration authority approval.

No, All stand-alone scanners must be tested in SWFT before they can be used to capture eFPs, unless you are using a server platform system, as explained in question 16. Only approved scanning devices can submit eFPs to the authorized destination. Refer to the Access, Registration, and Test Guide on the SWFT DCSA informational website for additional information on the scanner testing process.

Each valid eFP is archived in SWFT after a set time limit and may be deleted from the SWFT database after a set time span in accordance with directives from the National Archives and Records Administration (NARA).

Only Type-4 rolled fingerprints are accepted (see also Question: What are the National Background Investigations Bureau (NBIB) requirements for scanner configuration and settings?).

The DoD Security Manager/Facility Security Officer (FSO) who initiates the e-QIP submission for the Personnel Security Management Office for Industry’s (PSMO-I) approval must select “I” in the Federal Investigations Processing Center (FIPC) field. This triggers a mechanism that delivers necessary e-QIP data to SWFT where they can be matched with the same type of data obtained from the eFP file.

The SWFT TCN must be unique for each fingerprint transaction, and consists of the TCN Prefix and TCN Suffix. The TCN Prefix typically remains constant for each fingerprinting device, while TCN Suffix is unique in each fingerprint transaction submitted from that device.
Refer to the NBIS-SWFT Scanner Configuration and Registration Guide, which is accessible through the SWFT Application in the Help Files. The NBIS-SWFT Scanner Configuration and Registration Guide is Controlled Unclassified Information and is not available to the public.

To ensure that a request for investigation is processed efficiently, it is important that the personal identification information in the subject’s e-QIP record match with the same information contained in the eFP. The following match criteria apply:
Subject PII Data
Last Name - eFP and e-QIP must match exactly
First Name - eFP and e-QIP must match exactly
Middle Name - Minor difference/discrepancy may be acceptable (for example, Marcie Gail Smith in e-QIP versus M. Gail Smith or Marcie G. Smith in eFP)
Social Security Number (SSN) - eFP and e-QIP must match exactly
Date of Birth (DOB) - eFP and e-QIP must match exactly

The e-QIP request Identification (ID) does not have to be listed on the eFP file. DCSA FTS searches for a matching e-QIP case using the SSN and other subject identifiers.

Enter all 9s, all 0s, or all 9s except the last digit being a 0.

The SWFT Coordinator is unable to change any information contained in eFP Files once they are uploaded to SWFT. If biographic information needs to be updated, a new eFP will need to be uploaded. Users of WebEnroll can post-edit certain biographic data and then resend the eFP.

Any incorrect data in fields such as Name, SSN, DOB, or Place of Birth (POB) can cause delays.
To prevent future delays, before submitting the eFP to SWFT, check the eFP to be submitted against the e-QIP to ensure there are no discrepancies in any fields (for example, name, SSN, or DOB). If you do not have the e-QIP, reach out to the subject of the eFP.
To check the current status of an eFP, go to the eFP Search screen in SWFT. From there you can search for an eFP by SSN, Last Name, First Name, or TCN.
The eFP status definitions are listed below:
Rejected – The eFP record’s eFP file had content validation errors and was rejected. (The PII data and the eFP file are not retained in SWFT)
Received – The eFP file upload completed without content validation errors.
Replaced – The eFP record was replaced by a newer eFP record due to a duplicate SSN.
Queued – The eFP record is scheduled to be released to one or more destinations.
Stalled – The eFP record did not meet the criteria to release to one or more of its destinations, and requires manual intervention to continue processing. (Processing is stalled for Test eFPs and eFPs where destinations could not be determined by the Controlling Agency Identifier/Transaction Control Number (CRI/TCN) filters)
Completed – The eFP record that has been released to its scheduled destinations.
Deleted – The eFP record has been manually marked as deleted. Only manual deletion is available and can only be performed by the SWFT Administrator.

For eFPs being uploaded to SWFT, contact your software vendor for additional instructions. For eFPs being uploaded through WebEnroll, when you are on the eFP capture screen, select “Amputation” as the option and follow the instructions on the eFP capture screen.

Viewing and printing PDFs of fingerprint submissions requires “Transaction Viewer” role added to your account. If you do not see the Transaction Manager screen when you first log in to WebEnroll, then this permission has not been enabled on your account. The “Transaction Viewer” role can be requested from your Organization administrator.
If you have the “Transaction Viewer” role, select the checkbox to the left of the fingerprint file that you wish to print. After doing so, select the PDF View button in the upper right corner of the screen. Select the desired format in the window that appears and select View PDF. The file will then appear in a printable PDF file.