Frequently Asked Questions
Transportation Worker Identification Credential (TWIC™)
PROGRAM INFORMATION
General
- What is TWIC?
- TWIC is a common identification credential for all personnel requiring unescorted access to secure areas of MTSA-regulated facilities and vessels, and all mariners holding Coast Guard-issued credentials. Individuals who meet TWIC eligibility requirements will be issued a tamper-resistant credential containing the worker's biometric (fingerprint template) to allow for a positive link between the card and the individual.
- How was TWIC created?
- Congress directed the federal government, through the Maritime Transportation Security Act (MTSA), to issue a biometric security credential to individuals with unescorted access to secure areas of facilities and vessels and all mariners holding Coast Guard- issued credentials or qualification documents. Controlling access to secure areas is critical to enhancing port security.
- How will the TWIC be used?
- During the initial rollout, TWIC will be used for visual identity checks. TWIC holders will present their cards to authorized personnel, who will compare the holder to his or her photo, inspect security features on the TWIC and evaluate the card for signs of tampering. The Coast Guard will conduct vessel and facility inspections and use hand -held readers during spot checks to ensure credentials are valid and identity is verified. A second rulemaking will establish access control requirements, including the use of electronic readers by certain vessel and facility owners and operators.
- Who must get a TWIC?
- We anticipate that over 1.2 million individuals will apply for a TWIC. This includes Coast Guard-credentialed merchant mariners, port facility employees, long shore workers, truck drivers, and others requiring unescorted access to secure areas of maritime facilities and vessels regulated by MTSA.
- Are individuals who work on cruise ships required to get a TWIC?
- Most cruise ships that call on U.S. ports are foreign flagged and do not have secure areas as defined by MTSA, therefore individuals working on those ships would not require a TWIC. For U.S. flagged cruise ships, if an individual requires unescorted access to areas designated as 'secure' or 'restricted', a TWIC is required. If the individual only requires access to 'passenger access' areas, a TWIC is not required.
- Where do I go for 'official' TWIC enrollment information and services?
- TWIC information and resources are available on the official TWIC Program web site (www.tsa.gov/twic) and through the TWIC help desk (1-866-DHS-TWIC), at no additional cost to the enrollment fee. All information about the TWIC Program, including the enrollment process, can be found at this web site, which was recently revamped based on stakeholder feedback, and the official TWIC help desk. These resources enable applicants to pre-enroll, schedule appointments for both enrollment and activation, locate a convenient enrollment center, and access comprehensive frequently asked questions – all at no additional cost, with minimal effort and time. We encourage applicants to take advantage of these resources in order to save time and to provide you with the official information on the TWIC Program.
- Does TSA utilize individuals or companies to assist in the pre-enrollment process for a TWIC?
- TSA is aware of individuals and companies offering consulting services to ports and using the TWIC name and service mark. These individuals and companies are not sponsored or endorsed by the Federal Government and therefore we can not guarantee that the information they provide on the TWIC program is accurate. The official TWIC Program web site (www.tsa.gov/twic) and TWIC help desk (1-866-DHS-TWIC) offers accurate and comprehensive information and resources on the TWIC program at no additional cost to the enrollment fee.
- Who can I reach can I get information or assistance if I believe my privacy or personal information was compromised from a vendor providing TWIC services (that are not endorsed by the Federal Government)?
- Federal Trade Commission, Privacy and Identity Protection
The Federal Trade Commission (FTC) has comprehensive information on identity theft at http://www.ftc.gov/bcp/edu/microsites/idtheft.
- TSA Privacy Office
If you suspect your personal information is being misused in conjunction with the program, please contact the TSA Privacy Office:
Transportation Security Administration
TSA-36 OSC Privacy
Transportation Security Administration
601 South 12th Street
Arlington, VA 22202-4220
- TSA Freedom of Information Act/Privacy Act (FOIA/PA) requests (access to one's own information):
Individuals may request access to their information by submitting a Freedom of Information Act/Privacy Act (FOIA/PA) request to TSA in writing by mail to the following address:
Transportation Security Administration
TSA-20 OSC Freedom of Information Act (FOIA)
Transportation Security Administration
601 South 12th Street
Arlington, VA 22202-4220
- How will I be notified to get a TWIC?
- Facility and vessel owners/operators are required to notify employees of their responsibility to possess a TWIC based on their need to have unescorted access to secure areas of vessels and facilities. Notification should be provided in a timely manner to give individuals sufficient time to complete the entire enrollment process by the compliance date.
- Owners/operators are encouraged to provide this same information to personnel who are not facility or vessel employees (e.g. contractors, truck drivers). Coast Guard Captains of the Port (COTP) will also be working with the local Area Maritime Security Committees (AMSC) to inform individuals of TWIC requirements and compliance dates.
- Can contractors apply for a TWIC if they anticipate bidding on or receiving a contract that would require unescorted access to secure areas of MTSA-regulated vessels or facilities?
- Contractors (or individuals who are not direct employees of a port owner or operator, but rather are 'contract' employees) can apply for a TWIC as long as they meet the TWIC eligibility requirements and, at a minimum, are expecting to pursue contracts at MTSA-regulated vessels and facilities where the owners or operators have determined a need for unescorted access in secure areas. If circumstances change and the individual no longer meet certain conditions, they are required to surrender their TWIC.
- Can a TWIC be confiscated, or taken from an individual, by an employer?
- Per the Code of Federal Regulations 49 CFR 1572.19(c), the TWIC™ is the property of the Transportation Security Administration (TSA), and held by the individual to whom the card was issued. The TWIC allows an individual worker to gain employment with any company that requires access to secure areas within a Maritime Transportation Security Act (MTSA) of 2002 regulated facility, and should not be taken from the worker. There is one exception to this standard: an employer must retrieve a TWIC from an alien who is working pursuant to a visa listed in 49 CFR 1572.105(a)(7) when the visa expires or when the work authorized by the visa expires. In this case, the employer must return the TWIC to TSA.
- How long is the TWIC card valid?
- TWICs remain valid for five years, unless the expiration date was based on a comparable credential (Free and Secure Trade (FAST) card, Merchant Mariner Document/ License, or Hazmat Endorsement). The expiration date is displayed on the face of the TWIC. TWIC holders are responsible for knowing when to begin the renewal process. For individuals who pay the reduced fee, the expiration date of their TWIC will be five years from the date listed on the credential associated with the comparable security threat assessment.
- When will I be required to have a TWIC?
- What is the national compliance date for the TWIC program?
- Workers who require unescorted access to secure areas of maritime facilities and vessels and all U.S. credentialed mariners must enroll for a TWIC no later than April 15, 2009. Workers will be required to possess and facilities will be required to check for a TWIC on a gradual basis, by Captain of the Port zone (COTP). The compliance date for each COTP zone will be published via notice in the Federal Register 90 days prior to the compliance date. Click here for the national compliance framework for the TWIC Program.
- Where can I find TWIC documents translated in other languages?
- The TWIC program provides communications materials in Spanish and English for the following areas:
- TWIC background check and applicant's rights to an appeals and waivers process. Please note: other translations can be found on the NELP site at http://www.nelp.org/nwp/second_chance_labor_project/.
- Note: the accuracy of these translations has not been confirmed by TSA and it is important to note that they do not replace or amend the TWIC appeal and waiver process in any way. TSA is providing the link to the NELP translations for your information.
- Can employers require their employees to enroll for a TWIC even if their job does not require them to have unescorted access to facilities and vessels regulated by Maritime Transportation Security Act (MTSA)?
- No. All applicants must certify that they need a TWIC to perform their job. Applicants either have to currently be, or are applying to be, a port worker requiring unescorted access to secure areas of maritime facilities and vessels regulated by MTSA; or they are a commercial HME driver licensed in Canada or Mexico. Applicants also certify that the information they provide during the enrollment process is true, complete, and correct. If required, civil or criminal action may be taken if an individual provides false statements (per 49 CFR 1570.5 and 18 U.S.C. 1001).
- Will these rules affect all Merchant Mariners?
- Yes. All credentialed U.S. merchant mariners must obtain a TWIC. This includes all persons holding a Coast Guard-issued merchant mariner's license, merchant mariner's document (MMD), Operator of Uninspected Passenger Vessels (OUPV), Standards of Training, Certification and Watchkeeping (STCW) Certificate, or certificate of registry (COR). With the implementation of TWIC, the Coast Guard MMD would primarily serve as proof of professional qualifications. The Coast Guard has drafted a supplementary proposed rule (published in the same Federal Register edition as the TWIC final rule) that proposes to combine the elements of all four current merchant mariner professional credentials into one certificate called the Merchant Mariner Credential (MMC). The Coast Guard and TSA are streamlining the process for the two credentials to reduce costs, duplication of effort and processing time for mariners. If the MMC proposed rulemaking is finalized as currently written, the Coast Guard would begin issuing the MMC in September of 2008 and would phase in the replacement of mariner's current credentials over a period of five years. Mariners would be issued their credential in the form of an MMC at the time they renew their current credential, or when applying for a new credential. The proposed rulemaking would not affect the validity of a mariner's current credential.
- What measures are in place to protect small businesses, such as small passenger vessels?
- TSA and the Coast Guard worked with the Small Business Administration to minimize adverse financial and operational impacts on small businesses wherever possible. The rule includes provisions that allow MTSA -regulated passenger vessels (excluding cruise ships) to establish employee access areas for crewmembers that do not require unescorted access to secure areas such as the pilot house and engine room. Employee access areas are typically include locations where waiters, entertainers and galley staff work and live. This provision reduces the impact on employees who rarely need to use spaces beyond those designated for support of passengers, while maintaining the integrity of a vessel's secure areas.
The Small Entity Guide for Owners and Operators and a Small Entity Guide for Applicants provides useful information to small businesses and their personnel on the TWIC program.
- How do I know my personal information is safeguarded?
- Privacy and the security of your personal information are critical to the TWIC program. Information collected at the enrollment center or during the pre-enrollment process (including the TWIC Disclosure and Certification Form and identity or immigration-related documents) is scanned into the TWIC system for the security threat assessment process. To ensure privacy is protected, applicant data is encrypted and stored at a secure government facility using methods that protect the information from unauthorized retrieval or use.
- Will this credential be required for all modes of transportation?
- At this time, the TWIC program is focused on the maritime mode, specifically MTSA-regulated facilities and vessels.
- Is TWIC an acceptable form of ID at an airport screening checkpoint?
- Yes, the TWIC card is an approved government issued photo ID.
- Who can I contact to get more information on TWIC?
- Web site: www.tsa.gov/twic
- TWIC Program Help Desk: 1-866-DHS-TWIC (1-866-347-8942) Monday through Friday from 8 a.m. - 12 a.m. EST.
- Please visit homeport.uscg.mil/twic for answers relating to Coast Guard enforcement and TWIC implementation.
- Owners/operators/FSOs/VSOs/CSOs are encouraged to seek guidance directly from their local Captain of the Port TWIC action officer.
Rulemaking
- Where can I read the TWIC rule?
- The TWIC Final Rule is available on TSA's website and more information on port security is available at the U.S. Coast Guard's Homeport site.
- How was the public involved in the rulemaking?
- In addition to direct involvement from the National Maritime Security Advisory Committee, TSA and the U.S. Coast Guard held four public meetings around the nation and received more than 1,900 comments from workers, port owners and operators, small businesses and others who would be affected by the new program. All comments were carefully considered and significant changes to the rule were incorporated as a result.
Pin resets
- How do I reset the personal identification number (PIN) on my TWIC?
If you were issued a card after October 21st:
- To reset your PIN, you must bring your TWIC card to an enrollment center, walk-ins are welcome. Click here to find the closest enrollment center.
If you were issued a card before October 21st:
- The power outage that disrupted TWIC activations on Oct. 21, 2008 permanently damaged the equipment used to reset TWIC PINs. No data or personal information was lost or compromised. As a result, if you were issued a TWIC prior to this date and forgot your PIN, you will be issued a replacement card free of charge. In order to do this, please contact the TWIC Help Desk (1-866-DHS-TWIC) to open a ticket and receive further instructions. Once your replacement card is ready for pick up, you will be notified via phone or email (the option you selected during enrollment). At that time, you make an appointment for activation at www.tsa.gov/twic.
- Note: In order to be reissued a TWIC, you are required to return your existing card. If the current TWIC is not returned, the request will be treated as a lost card which requires a payment of $60.
Card Transfers
- What if I enroll for my TWIC card in an Enrollment Center in one region of the country, but need to activate (pick up) my TWIC card at a different Enrollment Center location due to a move or my employment requires me to be in another region?
- We now have the ability to transfer a TWIC card from one Enrollment Center location to a different Enrollment Center due to extenuating circumstances, such as, job transfers, seasonal work, residential move, et cetera. If you need your card transferred to a different Enrollment Center location, please call the TWIC Help Desk at, 1-866-DHS- TWIC (1-866-347-8942) or email the Help Desk at TWIC.Helpdesk@gcrm.com and request a card transfer. Your card should arrive at the requested Enrollment Center within 3-4 weeks.
Replacement Card Process
- How can I request a replacement card?
-
We have now added the capability to process lost/stolen or damaged cards with a Visa® or Master Card® credit card over the phone via the TWIC Help Desk at 1-866-DHS-TWIC (1-866-347-8942). Lost/stolen/damaged replacement cards are $60.00. If you report your card lost/stolen or damaged to the Help Desk, they will initiate the replacement and email you a payment receipt with the payment confirmation number immediately upon confirmation. If you do not have access to email, it is recommended that you still go to your nearest Enrollment Center to report your card lost/stolen and purchase your replacement card in order to secure your receipt.
Whether you report your card at an Enrollment Center or via the TWIC Help Desk, please ensure that you are given a receipt for payment (in person or via email) as well as a ticket number, which is a record of your transaction. Please note that your replacement card will be shipped to the enrollment center where you initially enrolled. You should allow up to two weeks to receive an automated notification about the availability of their new card. If you need your card to go to another location once the new card is available, please call the TWIC Help Desk at, 1-866- DHS-TWIC (1-866-347-8942) and request a card transfer.
Once you have reported your card lost or stolen, you may have 7 days of unescorted access to a facility, at the facility’s discretion, if you meet the below requirements:
- The facility’s security staff knows that you had a valid TWIC
- You have previously been given unescorted access
- You have reported your card lost or stolen to TSA (which occurs when you receive your ticket number when ordering your replacement card)
Additionally, U.S. Coast Guard Policy Advisory Council (PAC) 03-09 guidance allows the owner/operator of a facility or vessel to authorize an additional 30 days of unescorted access if your replacement TWIC is not received within 7 days. This authority remains in effect until July 15, 2009. For any questions about PAC 03-09, please contact your local Coast Guard contact.
Deletes
- If you no longer require your TWIC card or wish to hold a TWIC card prior to the expiration date, please contact us at https://contact.tsa.dhs.gov/DynaForm.aspx?FormID=210.
- Please include, in the description portion of the request, that you no longer require your TWIC card or wish to hold a TWIC card.
Back to Top
ELIGIBILITY
General
- What are the eligibility requirements for a TWIC?
- An individual must be a U.S. citizen or fall into an eligible immigration category (click here for immigration categories) and can not have been convicted of certain crimes. In addition, individuals cannot be connected to terrorist activity or lack mental capacity.
- What if I do not meet the eligibility requirements?
- Applicants who are denied a TWIC will be sent a letter explaining the reason for denial and instructed on how to apply for an appeal or waiver. See the disqualifications, waivers, and appeals section for more information. Once issued a TWIC, the applicant has an obligation to inform TSA if they are no longer eligible to hold a TWIC.
Immigration
- What immigration categories are eligible to apply for a TWIC?
- Click here for the eligible immigration categories. (PDF, 161 KB)
- What documents are required in order to verify my immigration status?
- Click here for a listing of acceptable documents that verify a lawful immigration status. Applicants should bring these documents with them to the enrollment center to facilitate efficient processing. (PDF, 80 KB)
- Will a non-U.S. citizen be able to get a TWIC?
- The TWIC regulation includes a list of various immigration categories that are eligible to apply for a TWIC, including nationals, refugees, lawful non-immigrants with unrestricted work authorization, and certain professionals with restricted work authorization. Click here to view the listing of eligible immigration categories.
- Can a U.S. citizen born outside the U.S. receive a TWIC?
- An applicant that is a U.S. citizen but was born outside the U.S must bring the proper documentation to the enrollment center or they may be initially disqualified related to their immigration status. Click here to review the listing of acceptable documents that the applicant should bring with them to TWIC enrollment (see page 2 which covers applicants who are U.S. citizens born outside the United States).
- Can the Merchant Mariner Document (MMD) verify an applicant's U.S. citizenship?
- The Coast Guard verifies U.S. citizenship when issuing an MMD, and therefore, the MMD can be presented during TWIC enrollment to verify that an individual is a U.S. citizen. Note: "Citizenship: UNITED STATES" will be printed on the MMD.
- Can the Merchant Mariner Document (MMD) verify a non-U.S. citizen's status?
- An MMD does not satisfy the TWIC immigration requirements for applicants who are not U.S. citizens. In order to confirm that these applicants meet the TWIC immigration standards, these applicants are required to present other acceptable documents that verify immigration status, such as an unexpired foreign passport, unexpired Employment Authorization Document (I-766), unexpired Permanent Resident Card (I-551), etc.
- What documents should a commercial driver licensed in Canada or Mexico to transport hazardous materials and/or conduct business in the U.S present at the time of TWIC enrollment?
- Mexicans
- Passport, Visa, and I-94 or
- Border Crossing Card (BCC) and I-94 or
- BCC, Passport, and I-94 or
- BCC
- Canadians
- I-94 AND:
- Passport or
- NEXUS or Secure Electronic Network for Travelers Rapid Inspection (SENTRI) Card or
- Free and Secure Trade (FAST) Card or
- Enhanced Driver's License or
- Driver's license and birth certificate (only until 6/2009)
- What is required of TWIC applicants with Temporary Protected Status (TPS)?
- What should an applicant do if they receive an initial disqualification letter (IDTA) due to their citizenship/immigration status?
- Applicants should follow the instructions in the enclosure section of their IDTA letter. Applicants should request an appeal using the TWIC cover sheet and provide valid documentation demonstrating they are one of the categories identified above.
- What happens to my TWIC when my lawful nonimmigrant status expires?
- The applicant must report the disqualifying condition to TSA and surrender the TWIC. In addition, the TWIC becomes invalid if the applicant is in one of the permissible visa categories and the employment for which the visa was granted ends; one of the following then needs to take place:
- The employer retrieves the TWIC from the applicant and provides it to TSA,
- The applicant surrenders the TWIC to the employer, or
- If an employer terminates an applicant working under a nonimmigrant status or the applicant otherwise ceases working for the employer, the employer must notify TSA within five business days and provide the TWIC to TSA if possible.
Back to Top
DISQUALIFICATION, WAIVERS, AND APPEALS
Disqualification
- What can disqualify me from getting a TWIC?
- An individual who lacks lawful presence and certain immigration status in the United States, has a connection to terrorist activity, has been determined to lack mental capacity or was convicted of certain crimes will be ineligible for a TWIC.
- What if I do not meet the qualification standards?
- Applicants who are denied a TWIC will be notified of the reason for denial and instructed on how to apply for an appeal or waiver. Once issued a TWIC, the applicant has the continuing obligation to inform TSA if they are no longer eligible for a TWIC.
- What are the disqualifying offenses? What are the waiver policies for each type of offense?
- Parts A and B provide a comprehensive list of disqualifying offenses and the waiver policies for each.
Part A – Permanent Disqualifying Offenses
Conviction for one of the following felonies is disqualifying regardless of when it occurred, and the applicant is not eligible for a waiver.
- Espionage or conspiracy to commit espionage.
- Sedition, or conspiracy to commit sedition.
- Treason, or conspiracy to commit treason.
- A federal crime of terrorism as defined in 18 U.S.C. 2332b(g), or comparable State law, or conspiracy to commit such crime.
Conviction for one of the following felonies is disqualifying regardless of when it occurred, and the applicant may apply for a waiver.
- A crime involving a transportation security incident. A transportation security incident is a security incident resulting in a significant loss of life, environmental damage, transportation system disruption, or economic disruption in a particular area, as defined in 46 U.S.C. 70101. The term "economic disruption" does not include a work stoppage or other employee-related action not related to terrorism and resulting from an employer-employee dispute.
- Improper transportation of a hazardous material under 49 U.S.C. 5124, or a State law that is comparable.
- Unlawful possession, use, sale, distribution, manufacture, purchase, receipt, transfer, shipping, transporting, import, export, storage of, or dealing in an explosive or explosive device. An explosive or explosive device includes an explosive or explosive material as defined in 18 U.S.C. 232(5), 841(c) through 841(f), and 844(j); and a destructive device, as defined in 18 U.S.C. 921(a)(4) and 26 U.S.C. 5845(f).
- Murder.
- Making any threat, or maliciously conveying false information knowing the same to be false, concerning the deliverance, placement, or detonation of an explosive or other lethal device in or against a place of public use, a state or government facility, a public transportations system, or an infrastructure facility.
- Violations of the Racketeer Influenced and Corrupt Organizations Act, 18 U.S.C. 1961, et seq., or a comparable State law, where one of the predicate acts found by a jury or admitted by the defendant, consists of one of the crimes listed in Column A.
- Attempt to commit the crimes in Part A, items 1 - 4.
- Conspiracy or attempt to commit the crimes in Part A, items 5 – 10.
Part B – Interim Disqualifying Offenses
Conviction for one of the following felonies is disqualifying if the applicant was convicted, pled guilty (including 'no contest'), or found not guilty by reason of insanity within 7 years of the date of the TWIC application; OR if the applicant was released from prison after conviction within 5 years of the date of the application. The applicant may apply for a waiver.
- Unlawful possession, use, sale, manufacture, purchase, distribution, receipt, transfer, shipping, transporting, delivery, import, export of, or dealing in a firearm or other weapon. A firearm or other weapon includes, but is not limited to, firearms as defined in 18 U.S.C. 921(a)(3) or 26 U.S.C. 5 845(a), or items contained on the U.S. Munitions Import List at 27 CFR 447.21.
- Extortion.
- Dishonesty, fraud, or misrepresentation, including identity
fraud and money laundering where the money laundering is related to a crime described in Columns A or B. Welfare fraud and passing bad checks do not constitute dishonesty, fraud, or misrepresentation for purposes of this paragraph.
- Bribery.
- Smuggling.
- Immigration violations.
- Distribution of, possession with intent to distribute, or
importation of a controlled substance.
- Arson.
- Kidnapping or hostage taking.
- Rape or aggravated sexual abuse.
- Assault with intent to kill.
- Robbery.
- Fraudulent entry into a seaport as described in 18 U.S.C.
1036, or a comparable State law.
- Violations of the Racketeer Influenced and Corrupt
Organizations Act, 18 U.S.C. 1961, et seq. , or a comparable State law, other than the violations listed in Part A, item 10
- Conspiracy or attempt to commit felonies listed in Part B.
- What if a conviction is "exonerated?"
- If a conviction is expunged or pardoned, the criminal records may reveal this. If they do not, TSA sends the applicant a letter (Initial Determination) explaining what the records show and how the applicant can correct inaccurate records.
- What if my initial disqualifying crime is no longer applicable? Can I reapply for a TWIC?
- Applicants are encouraged to reapply if their initial disqualifying offense is no longer applicable. Applicants will need to understand the nature of the initial disqualification and the corresponding look-back periods of 5 or 7 years if applicable. Reapplying can occur as long as there are no secondary disqualifying events.
- What if I have a disqualifying crime that was expunged from my record?
- The applicant should proceed with TWIC enrollment as though they do not have a disqualifying offense, as long as the record is truly expunged. Per 49 C.F.R. §1570.3, a conviction is expunged when "the conviction is removed from the individual's criminal history record and there are no legal disabilities or restrictions associated with the expunged conviction, other than the fact that the conviction may be used for sentencing purposes for subsequent convictions." However, if the applicant is a credentialed mariner or intends to apply for a mariner credential, he or she must report convictions that were expunged on their application to obtain the MMC. Failure to disclose expunged convictions could result in a determination that the application for the mariner credential is fraudulent.
- Can a person under indictment apply for a TWIC? Do they still have the appeal and waiver process available to them?
- An individual under indictment for a disqualifying criminal offense may not hold a TWIC until the indictment is dismissed. If the applicant has an indictment pending, the applicant could apply for a waiver; however a request for a waiver does not guarantee that a waiver will be granted.
Waivers and Appeals
- What options are available to me if I am denied a TWIC?
- Applicants who are initially determined to be ineligible for a Transportation Worker Identification Credential (TWIC) will be provided with TSA's justification for denial, and instruction for how to apply for an appeal or waiver. The process is straight forward, and no legal knowledge is needed, nor is legal representation necessary. Requests may be typed or handwritten.
- Appeal -- If you believe you that you should not have been determined to be ineligible for a TWIC (i.e. you may think the decision was based on incorrect court records or incorrect information provided at enrollment), you may request an appeal. You may request copies of the materials that TSA used to make the determination to assist you in deciding whether a correction must be made to your court records and/or what information must be provided to justify your appeal.
- Waiver -- If you have a disqualifying offense, meet the description of mental incapacity, or are an alien under temporary protected status, you may request a waiver. When completing a waiver request, the applicant should describe why he/she no longer poses a security threat. Information that assists TSA with this determination includes:
- The circumstances surrounding the conviction.
- The length of time the applicant has been out of prison if sentenced to incarceration.
- The applicant's work and personal history since the conviction.
- Whether the applicant made restitution or completed mitigation remedies, such as probation or community service.
- References from employers, probation officers, parole officers, clergy, and others who know the applicant and can attest to his/her responsibility and good character.
- If denied due to mental incapacity, court records or official medical release documents that relate to the applicant's mental health may also be included with the waiver request.
- If an alien under temporary protected status, information attesting to that.
- What options are available if I am denied an appeal or waiver?
- Applicants who appeal a disqualification based on ties to terrorism or request a waiver and are denied may seek review by an Administrative Law Judge (ALJ). Additional information on the ALJ process is available in section 49 CFR 1515.11.
- What is the timeframe for submitting a request for an appeal?
- Applicants must send appeal requests to TSA within 60 days of receiving TSA's initial determination of ineligibility letter. If an applicant needs more than 60 days to request an appeal, the applicant should send a letter to TSA asking for an extension.
- What is the timeframe for submitting a request for a waiver?
- Applicants must send waiver requests no later than 60 days after the date of the initial determination of ineligibility letter, unless the applicant requested and received an extension of time to respond. If the applicant does not respond to TSA within 60 calendar days, TSA's decision regarding the applicant's eligibility for a TWIC automatically becomes final (a final determination of ineligibility) and the applicant is disqualified from holding a TWIC.
- Where do I send appeals or waivers requests?
- Correspondence must be mailed via U.S. Postal Service (note: Registered Mail is accepted) to:
Transportation Security Administration
TSA TWIC Processing Center
P.O. Box 8118
Fredericksburg, VA 22404-8118
Can I see a sample initial determination of ineligibility letter?
- Click here to see a sample letter. Note these letters are tailored to the individual and their circumstances.
- Where else can I get information on the appeals and waivers process?
- A Small Entity Compliance Guide has been prepared for applicants and is located on the Coast Guard's website, http://homeport.uscg.mil/twic, under 'Outreach Resources'. The Small Entity Compliance Guide has specific sections on appeals and on waivers.
In addition, the National Employment Law Project (NELP) has prepared materials related to the TWIC background check and applicant's rights to an appeals and waivers process. You can find translations in many other languages on the NELP website at http://www.nelp.org/nwp/second_chance_labor_project. Please note that TSA and the Coast Guard have not confirmed the accuracy of these translations, and it is important to note that they do not replace or amend the TWIC appeal and waiver process in anyway. The link to the NELP translations is provided for your information.
- If someone is denied, can they access secure areas of a port pending the appeal/waiver process or do they have to wait for its completion?
- Access to these areas will depend on the owner/operator security plan and their escorting procedures, as well as the enforcement and compliance date for that particular USCG Captain of the Port zone.
Back to Top
ENROLLMENT
General
- When will I be able to get a TWIC?
- Click here to view the quarterly schedule for the deployment of TWIC enrollment centers
- What is the process for obtaining a TWIC?
|
|
|
|
• Applicants can save time by pre-enrolling online or via phone (optional)
• During pre-enrollment, applicants will:
- Enter biographic information required for the security threat assessment
- Make an appointment at the enrollment center
• Pre-enrollment is available by clicking here |
• Applicants are required to bring identity documents to the enrollment center
• Click here to access the latest listing of acceptable documents (to include those documents required to prove immigration status if not born in the U.S.). |
• Applicants must visit an enrollment center where they will:
- Complete a TWIC Disclosure and Certification Form
- Pay the enrollment fee
- Provide biographic information (if applicant did not pre-enroll) and a complete set of fingerprints
- Sit for a digital photograph |
• Applicants will be notified by email or phone, as specified during enrollment, when their TWIC is available at the enrollment center
• Applicants must return to the center at which they enrolled to pick up their TWIC
• TWICs will be issued to workers 3 – 4 weeks after enrollment
• Applicants can check the status of their card and schedule a pick-up appointment by clicking here |
- How long does enrollment take?
- The enrollment process for a pre-enrolled applicant takes approximately 10 minutes. The enrollment process for those who did not pre-enroll takes approximately 15 minutes. There may be a wait time at the enrollment center depending on the amount of workers choosing to enroll at any particular time. Individuals can save time by making an appointment – you can make an appointment by pre-enrolling online.
- What are the addresses and hours of operation for the enrollment centers?
- Click here to get enrollment site locations and hours of operation
- How can I pre-enroll and make an appointment?
- Pre-enrollment is available by clicking here.
- The pre-enrollment process allows applicants to provide much of the biographic information required for enrollment; to select an enrollment center where they wish to complete the enrollment; and to make an appointment. Applicants are encouraged, but not required, to "pre-enroll."
- Are appointments required for enrolling?
- No. Appointments are encouraged to save applicants time, but are not required and walk-ins are welcome.
- How can I get a mobile enrollment workstation at my facility?
- Click here to view a document that provides background information, requirements, and contact information for requesting and hosting a mobile enrollment facility.
- Can hats or religious headgear be worn for the photo taken during TWIC enrollment?
- Unless worn daily for religious reasons, all hats or headgear should be removed for the photo. For clarification, a ball cap, knit cap, or do-rag is not considered religious headgear. A signed statement from the applicant must be submitted at the time of enrollment verifying the item is worn daily for religious reasons. In all cases, no item or attire should cover or otherwise obscure any part of the face.
- Can eyeglasses be worn for the photo?
- Eyeglasses worn on a daily basis can be worn for the photo. However, there should be no reflections from the eyeglasses that obscure the eyes. Dark glasses or nonprescription glasses with tinted lenses are not acceptable unless they are needed for medical reasons. A medical certificate may be required.
- Are photographs required for TWIC enrollment?
- Since the TWIC serves as a form of visual identification, a photograph is required for all applicants.
Required Documentation
- What identity documentation is required for a TWIC?
- TWIC applicants are required to provide identity verification documents to complete the enrollment process. The attached document covers U.S. citizens born within the United States, as well as U.S. citizens born abroad. Applicants are required to present acceptable documentation from this list at the time of enrollment. Click here to access the latest listing of acceptable documents.
- Was the TWIC Disclosure and Certification Form recently revised?
- Based on stakeholder input, we recently revised the TWIC Disclosure and Certification Form to make it more user-friendly; we also translated it into additional languages. Please make sure you download the latest version (available on the website and in enrollment center) and bring it with you to enrollment. Previous editions of this form are obsolete.
- Is the TWIC Disclosure and Certification Form translated into other languages?
- The TWIC Disclosure and Certification Form is available in 13 languages (click on the language choice in order to download the appropriate one):
Payment
- How much does a TWIC cost?
- The fee for TWIC is $132.50 and is valid for five years. Workers with current, comparable background checks will pay a reduced fee of $105.25. If workers are eligible to pay the lower price, their TWIC will expire 5 years from the date of the comparable credential (additional information is provided in the next question). The cost of a replacement TWIC, if the original is lost, stolen, or damaged, is $60.
- What are the methods of payment?
- Payment must be made with credit card (Visa® or MasterCard® only), money order, or certified/cashier's check. Checks should be made payable to Lockheed Martin. An additional option has been provided through the use of company purchased pre-paid debit cards. For companies choosing to use the pre-paid option, please visit http://www.twiccard.com .
In all cases, payment will be made at the enrollment center at the beginning of the enrollment process.
- What is the fee for a replacement card?
- The card replacement fee (for lost, stolen, or damaged TWICs) is $60.
- How can employers purchase TWIC cards for their employees?
- This method of payment is a prepaid Visa® card and is intended for employers who wish to purchase TWICs for their employees. They may be purchased in bulk and are redeemable at any TWIC enrollment center. The website for additional information or purchasing them is at: http://www.twiccard.com.
- If I have a comparable assessment, how can I determine which fee is more economical -- the reduced fee or the full, 5 year fee?
- It is most beneficial for applicants who will use a comparable security threat assessment and pay the reduced fee to do so within 12 months of receiving the comparable threat assessment. After 12 months, it is more cost effective to pay the full fee for TSA to complete the security threat assessment and issue a TWIC with an expiration date 5 years from the date of issuance.
Security Threat Assessment
- How is the security threat assessment conducted?
- The assessment includes checks against criminal history records, terrorist watch lists and immigration databases.
- Will the results of my threat assessment be shared with my employer?
- If TSA determines that an applicant poses an imminent threat to the transportation system or national security, TSA may notify the applicant's employer. Generally, TSA will not provide the reason(s) for a disqualification to an employer. However, if TSA has reliable information concerning an imminent threat posed by an applicant and providing limited threat information to an employer, facility, vessel owner or Coast Guard Captain of the Port would minimize the risk, then TSA would provide such information.
- What if I have already completed a comparable threat assessment?
- A reduced fee of $105.25 will be made available for applicants who will not require the security threat assessment. The reduced fee is available for the following:
- applicants who hold a valid Hazardous Materials Endorsement (HME) issued after May 31, 2005,
- applicants who hold a valid Free and Secure Trade (FAST) card,
- applicants who hold a Merchant Mariner Document (MMD) issued after February 3, 2003, or
- applicants who hold a Merchant Marine License (MML) issued after January 13, 2006.
Note: For those applicants seeking to pay the reduced fee, they must present their HME, FAST card, MMD, or MML (meeting the requirements outlined above) at the time of enrollment.
- Are the background checks for a TWIC the same as the background checks conducted for an individual applying for a Hazardous Material Endorsement?
- Yes. They have the same eligibility requirements, share a consistent waivers and appeals process and leverage the same fingerprint-based criminal history records check.
- Does someone with a Hazardous Material Endorsement (HME) have to repeat the criminal history records check (CHRC) if they are applying for a TWIC?
- No. As a result of this, an applicant who applies for a TWIC after successfully completing the HME security threat assessment does not have to pay for a second CHRC - and the fee for the TWIC is reduced by $27.25. All TWIC applicants must pay the fees that cover the other components of the TWIC program, including enrollment and card issuance.
Card Issuance
- How will the cards be issued?
- The applicant will be notified by email or phone, as specified during enrollment, when his/her credential is available at the enrollment center. The applicant must return to the same enrollment center to pick up his/her TWIC.
- How long does it take to receive a TWIC?
- Currently, there is typically three to four week turnaround from enrollment until card activation. Eligibility issues or insufficient paperwork may increase the turnaround time.
- How can I check the status of my card and schedule a pick-up?
- Click here to check the status of your card and schedule a pick-up
Card Technology and Durability
- What technologies are being used on the TWIC?
- The TWIC is a Smart Card (i.e., a card with a small integrated circuit chip embedded in the card) and contains the following technologies:
- Dual Interface Integrated Circuit Chips (ICC) - a small computer chip that can be read by either inserting the card in a slot in a "contact" card reader; or, holding the card within 10 centimeters of a "contactless" card reader
- Magnetic Stripe - commonly found on the back of credit cards; read by "swiping" the card through a magnetic stripe card reader
- Linear Bar Code - commonly used to quickly identify items by scanning the codes with an optical reader—i.e. scanning grocery items at a checkout counter
- How durable is the TWIC?
- In general, while TWIC holders should treat their cards with care, they were created to be durable in the maritime operational environment. The durability of the TWIC is based on the FIPS 201-1 and ANSI 322 card durability requirements and testing conditions (refer to paragraph 4.1.3 Physical Characteristics and Durability in FIPS 201, page 16). These tests include: card flexure, U/V exposure, humidity, surface abrasion, fading, and a "laundry test."
- Can a hole be punched in a TWIC in order to hang it on a lanyard?
- Punching a hole in a TWIC card will likely break the antenna that resides at the edge of the card (the antenna is used for the contact-less mode of the card when using with access control systems). Punching a hole in a TWIC card should be strongly discouraged since it would affect the usefulness of the card.
Back to Top
COMPLIANCE
General
- When will I be required to have a TWIC?
- Workers will be required to possess a TWIC by the compliance date set for their specific Captain of the Port (COTP) zone.
- Below is the latest schedule for COTP zone compliance. All compliance announcements will be made in the Federal Register at least 90 days in advance.
Date
|
COTP Zone(s)
|
October 15, 2008 |
Northern New England
Boston
Southeastern New England |
November 28, 2008 |
Corpus Christi
North Carolina
Cape Fear River |
December 01, 2008 |
Long Island Sound
Charleston
Savannah
Jacksonville
Change as of 10/27:
Buffalo
Duluth
Detroit
Lake Michigan
Sault Ste. Marie |
December 30, 2008 |
Baltimore
Delaware Bay
Mobile
Pittsburgh
Ohio Valley
Lower Mississippi River
San Diego |
January 13, 2009 |
Hampton Roads
Morgan City
New Orleans
Upper Mississippi River
Miami
Key West
St. Petersburg |
February 12, 2009 |
Honolulu
South East Alaska
Prince William Sound
Western Alaska |
February 28, 2009 |
Puget Sound
Portland(OR)
San Francisco Bay |
March 23, 2009 |
New York |
April 14, 2009 |
Guam
Houston/Galveston
Los Angeles/Long Beach
San Juan
Port Arthur |
- Why should I get a TWIC now if I can wait until a couple of months before the compliance date for my port?
- The national compliance date, when all workers who require unescorted access to secure areas of maritime facilities and vessels, and all U.S. credentialed mariners must have a TWIC, is April 15, 2009. However, TWIC requirements for regulated maritime facilities will be phased in by Captain of the Port (COTP) zones leading up to April 2009. Workers needing unescorted access to secure areas at those facilities will be required to possess a TWIC. We strongly encourage workers to apply as soon as possible to avoid any delays and enforcement actions being taken. If workers are concerned about their eligibility due to disqualifying crimes or other circumstances, it is recommended that they apply as soon as possible to account for the appeals and waivers process.
- What Captain of the Port zones (COTPs) have compliance dates been announced for?
- Why was the compliance date recently realigned?
- The April 15, 2009 compliance date reflects a realignment of the Sept. 25, 2008 compliance date set in the final rule. The seven month extension is a direct result of collaboration with port officials and industry, and honors our commitment to provide an 18 month enrollment period.
- What areas will require individuals to possess a TWIC?
- Secure areas have been designated to meet specific security measures in accordance with a Coast Guard approved security plan and are specific to the vessel and facility security plans at each port.
- Does TWIC apply to mutual aid, first responders, etc. in the event of an emergency?
- Will the facility ID card, which would be based on the TWIC, be acceptable for access to secured areas?
- Regulations allow a plant or facility owner to use their own plant/facility specific card as their access control measure, as long as they ensure individuals without a TWIC cannot gain unescorted access to secure areas and the TWIC is checked at least once before the specific card is reissued/accepted. There is no requirement to check/verify TWICs for access to restricted areas, only secure areas.
- Can a TWIC be confiscated, or taken from an individual, by an employer?
- TWIC is a government-issued credential and is the property of the Transportation Security Administration (per 49 CFR 1572.19). Accordingly, the holder applies for and uses the card, however TSA owns it. Employers cannot take or otherwise 'hold' the card without the employee’s consent, regardless of who paid for it.
- What are the training requirements for Transportation Worker Identification Credential (TWIC) holders who act as escorts for individuals who do not hold TWICs in secure areas of Maritime Transportation Security Act (MTSA) regulated vessels, facilities, and OCS facilities?
- TWIC holders who escort non-TWIC holders in secure areas of MTSA regulated vessels, facilities, and OCS facilities are required to meet the training requirements listed in 33 CFR 104.225, 105.215, or 106.220 (Security training for all other vessel/facility/OCS facility personnel). Specifically, escorts must have knowledge of owner/operator's escorting procedures, and the procedures and contingency plans determined by the owner/operator if an escorted individual is engaged in activities other than those for which escorted access was granted.
While monitoring or side-by-side physical accompaniment must be conducted by individuals who possess TWICs, escorts are not considered "facility personnel with security duties" as described in 33 CFR 104.220 or 105.210 or 106.215.
Back to Top
OUTREACH
General
- What outreach efforts have been deployed in support of TWIC?
- TSA, the U.S. Coast Guard and its contractors have conducted extensive outreach to educate workers on the impact of this critical security program. This includes:
- Regular meetings with ports, unions, trade groups and others affected by TWIC
- Four formal public hearings for workers and industry
- A toll free contact center 1-866-DHS-TWIC (1-866-347-8942) to answer workers' specific questions
- Ongoing communication via the Web site, which includes an extensive question and answer section
- Signage, pamphlets and other port specific communications that will keep workers informed on enrollment dates and resources to answer their questions - stakeholders can get a copy of these materials here.
Members of TSA and the Coast Guard will continue to meet with unions, associations and other industry stakeholder groups to provide updates on the status of the program and will update materials on the TSA and USCG web sites. Small entity guides for TWIC applicants and owners/operators are available here. The U.S. Coast Guard Navigation and Vessel Inspection Circular (NVIC) is also available. The majority of stakeholder outreach efforts supporting the deployment of the program will be coordinated and carried-out by TSA's contractor, Lockheed Martin.
- What materials can I use to promote TWIC at my port or facility?
- Click here for materials to promote TWIC at your port or facility
Back to Top
TWIC Pilot Test
- What does TSA hope to achieve with the TWIC pilot test?
- As required by the SAFE Port Act of 2006, TSA will conduct a pilot test to evaluate the impact of verifying a worker's identity by using card readers to conduct a one-to-one match of a worker's biometric to the biometric stored on the TWIC. The technical performance of readers and the operational and business impact of using readers will be evaluated by the pilot.
- Where will the pilot test be conducted?
- The pilot includes facilities and vessels at the ports of New York/New Jersey; Brownsville, TX; and Los Angeles and Long Beach. The pilot also includes vessel operations in Annapolis, MD and Vicksburg, MS.
- Who will purchase readers and infrastructure necessary to conduct the pilot test?
- Facility and vessel owners participating in the pilot test will purchase readers and other infrastructure using Port Security Grant Program (PSGP) funds.
- Since PSGP funds will be used for the acquisition of readers for the pilot test does the Government have final approval authority over their purchase ?
- All readers purchased with PSGP funds must meet TWIC test requirements. However, pilot test participants may select the readers which best meet their specific requirements from among those meeting TWIC test requirements.
- Is the Government's intention to test all three reader types during the pilot test (e.g., handheld, fixed outdoor, fixed indoor)?
- The desire is to test all configurations of readers in the Pilot phase of the program.
- We have heard reference to an "early operational assessment" reader test that will occur at ports or vessels before the full operational test commences. Can the Government provide more details on the scope of this phase of the pilot test?
- The Early Operational Assessment (EOA) reader test is under development. The focus of the EOA is primarily to assess the technical performance of readers—i.e. how they function in the field rather than their operational or business impacts. More information will be communicated to industry as relevant details become available.
- What is the expected time line for the start and completion of early operational assessment pilot testing and full production pilot testing?
- We anticipate starting the EOA around the end of 2008 or early in 2009. Full production testing (System Test and Evaluation Phase) will begin late spring or early summer 2009.
FAQs pertaining to pilot reader tests and evaluations:
- What is the process for testing and evaluating TWIC readers during the pilot?
- The process for testing and evaluating TWIC readers is described in a series of Broad Agency Announcements (BAAs) issued by TSA. The first was issued on June 20, 2008. A link to the most recent BAA can be found under pilot links on this website. The BAAs provide additional details on the testing program which are not repeated in the FAQs. However, an overview is provided below:
The BAAs invited interested vendors to submit information to participate in the first of three initiatives to identify readers capable of reading TWIC cards. A second purpose of the BAAs is to inform vendors of how the Government plans to systematically move from a research and development mode to providing a standardized assessment process for approving readers when the final TWIC Reader Rule is in place. The three reader initiatives are to:
(1) Conduct an initial evaluation of readers to determine their ability to read a TWIC, and from this evaluation, establish a list of readers from which the port, facility, and vessel pilot test participants can choose and acquire the readers best suited for their needs—this is the Initial Capability Evaluation (ICE);
(2) Conduct laboratory tests to assess the conformance of a limited number of readers to the technical and environmental requirements of the TWIC specification—this is the Specification Conformance Test (SCT); and,
(3) Develop a standard test to assess reader compliance with the final TWIC specification for the final TWIC Reader Rule—this is the Final Reader Assessment (FRA)
- Will the Government provide TWIC test cards to reader manufacturers?
- There are no plans to do so during the pilot.
- Will readers be submitted for environmental conformance testing (i.e., temperature, humidity, shock, vibration, etc.)?
- All readers will need to meet both laboratory testing and some level of real world operational testing requirements. In drafting the reader test plan we are considered how to perform the environmental portion of the testing that will both meet the needs of maritime facility and vessel operators as well as provide a range of environmental test options to vendors. The BAAs provide more details on environmental testing plans.
- Will readers be submitted for "scenario" testing with human subjects to validate such requirements as throughput and matching accuracy?
- Scenario testing is under investigation. It is reasonable to presume a combination of laboratory and real world operational testing will occur to determine such factors as throughput and matching accuracy.
- Is there any fee to be charged to vendors who submit products for such testing?
- There is no fee for tests associated with the pilot. Post-pilot reader testing requirements will be covered by the anticipated TWIC reader rule.
- Will completion of the Initial Capability Evaluation (ICE) testing be on a "pass" or "fail" basis?
- Our goal is to allow the introduction of as many types of readers that will meet the needs of maritime facility and vessel operators while having a level of assurance that a supply of readers will accurately read a TWIC. Card reading performance (technical read of the card) therefore is on a PASS / FAIL basis.
- Will there be a Qualified Products List (QPL) maintained by the Government for the TWIC readers and will there be an opportunity for on-going testing for conformance as new products are developed?
- During the pilot TSA will not maintain a QPL, but will publish a list of readers that demonstrate their ability to satisfactorily complete the above described ICE. A link to the current ICE list is available on this website. We anticipate that some form of a qualified product list will be maintained by the program at some point prior to the effective date of the TWIC reader rule.
- If a stand-alone product does not meet some of the environmental requirements (e.g., temperature range), but could comply with these requirements when integrated into an enclosure (e.g., a heated pedestal/stand), how will these products be tested for conformance?
- Details of the environmental testing process are still under development.
- Does a PIN interface to access the fingerprints on the card qualify as the fingerprint interface you need for our solution to be compliant?
- TWIC strongly prefers the use of the TWIC Privacy Key (TPK) and the enciphered biometrics held by the TWIC card-application to retrieve the reference biometrics. The rationale for this is that TWIC holders will rarely use the PIN on the card and may not remember their PIN value which will invariably complicate PACS registration. Also, PIN requires the use of the contact interface—the easiest way to retrieve the TPK. The reference biometric from the card, successfully compared to the card holder, satisfies the Chain-of-Trust requirement.
If the TWIC reader used for the PACS registration has already satisfactorily demonstrated support of TPK usage to TSA during a previously completed ICE, this will be accepted as meeting the Chain-of-Trust requirement.
If a separate application is written to allow use of a laptop, a PC/SC reader, fingerprint sensor, etc, then this custom solution would need to be demonstrated using the ICE scenarios to the satisfaction of TSA.
TWIC Specification
General FAQs pertaining to v1.1.1 of Specification:
- Where can I find a copy of the current TWIC Reader Hardware and Card Application Specification?
- The current TWIC specification (v1.1.1) was issued May 30, 2008 and can be viewed through the following link on this website: [Please insert link here]
- Is there any change in scope in Version 1.1.1 of the specification from the previous release?
- Version 1.1.1 retains the same scope as the previous release though some details have been expanded in Version 1.1.1 as a result of vendor enquiries and the specification editorial process.
- Who can I contact if I have questions on either version of this specification?
- General questions can be submitted using the email link available on the TSA / TWIC pilot test web page. Specification detailed technical questions or proposed contributions should be directed to the Project Editor; refer to Section 1.3 of the Version 1.1.1 specification for contact details.
TWIC Pilot Test—Reader Technology
FAQs pertaining to technical issues regarding reader tests:
- Which version of the TWIC specification does TSA use for evaluating TWIC readers for possible use in the Pilot test?
- TSA uses Version 1.1.1 for the TWIC reader baseline.
- Do you expect that fixed readers will test the validity of the Security Object? I don't see the Security Object referenced in any of the workflow descriptions.
- It is not expected that fixed readers will test the validity of the TWIC Application Security Object.
- The Security Object on the TWIC card issued to me does not contain a hash for the TWIC Privacy Key, as specified in the TWIC spec (page 30):
"The objects hashed are: the Unsigned CHUID (0x3002), The TWIC Privacy Key (0x2001), the Signed CHUID (0x3000), and the signed fingerprint templates (0x2003)." The other object hashes are there. Is this a problem that the card producer should be notified about?
- The problem here lies in the specification; not an omission by the card producer. The security object may contain mappings and hash values for any data objects selected by the Issuer per policy. In this case the TPK is NOT included in the security object. The specification will be amended to reflect this fact.
- Finally, a suggestion on the TWIC Privacy Key Network Processing portion of the spec (page 39): I think it might be better in the long run to return not just the AES encryption key, but the whole contents of the TWIC Privacy Key buffer. That way, applications would not need to be hard-coded to use AES-ECB-128, but could easily be written to support any of the other AES types in the future. It wouldn't add much network overhead and would enhance expandability.
- This is a very good suggestion as it allows changes to the AES key length without having to modify reader communications software.
- The spec says "The reader shall provide an automated alert or lockout after a configurable number of biometric matching attempts (facility chooses). Is the intent of this specification to provide an automated alert or lockout after a configurable number of consecutive failed biometrics matching attempts?
- The automated alert is intended to trigger after X (configurable) consecutive failures to match.
- The spec says that Appendix B is "the method used to perform the TWIC Privacy Key retrieval from the PACS system." Does this really mean that this is the only way this can be done, or that it's the preferred way, or just a suggested way?
- Appendix B should be read as an Informative Annex in that the method described is preferred and suggested; but not mandated.
- The spec says "The input parameter value corresponds to the unique user ID that was read from the TWIC card as a binary value and base64 encoded". What is this unique user ID?
- The unique user ID is determined by the local facility but is expected to be the FASC-N or a portion of the FASC-N (such as the first 5 fields of the FASC-N).
- The spec says "The response would be the base64-encoded 128-bit (16-byte) AES encryption key", but the example response decodes to 17 bytes. Is this a mistake?
- The annex has incorrect information in both of the value fields. Here is a simplified example ->
- For Annex B set the Content-length to "xx" for both the input request and the response indicating "length was not computed for this example"
- The TPK shall be 16 bytes [30313233343536373839303132333435] base64 encoded as [MDEyMzQ1Njc4OTAxMjM0NQ==]
- For the "unique user ID" use a full FASC-N of 25 bytes [D70339DAA1822C10842125A1685821084216C1B9870339A3EB] base64 encoded as [1wM52qGCLBCEISWhaFghCEIWwbmHAzmj6w==].
- Note that [ ] are not part of either the hexadecimal value or the base64 encoded string.
- Does TWIC offer a Certificate Revocation List (CRL)?
- Yes. The TWIC program CRL maintains a regularly updated list of all revoked TWIC certificates. The CRL is in addition to the Hotlist mechanism found on the pre-enrollment web site. TWIC readers can automatically retrieve the location of the CRL by looking at any of the certificates on the TWIC Card. TWIC certificates are formatted per rfc3280 and support the "CRL Distribution Points" extension indicating the Internet addresses available to reach the TWIC CRL.
- How does TWIC encode the ANSI 378 template on the card in the case where no biometrics were enrolled?
- TWIC immediately notifies the TWIC reader of this case by encoding the CBEFF Header field entitled "Length of biometric data (BDB)" with a value of zero.
- Why does my TWIC reader software generate a padding error on some TWIC cards when attempting to decipher the TWIC biometrics template?
- TWIC cards produced before May 9, 2008 used an AES-128 enciphering algorithm that did not correctly pad the data in the case of the data being divisible by the block size; 16 bytes in this case. By setting the decipher mode to "no padding" the operation will no longer produce this specific error at the expense of adding from 0 to 16 padding bytes at the end of the result. As the biometrics template is TLV encoded these extra bytes do not cause a problem in interpretation. Alternatively your software might continue to use the "padding" mode of AES-128 but trap any error and, in such a case, re-run the operation in "no padding" mode. This will work as well AND eliminate any extra padding bytes in the result at the expense of a longer time to decipher the template.
- My testing of TWIC cards indicates some TWIC cards have an expired content signing certificate in the signed CHUID. What should my software do in such a case?
- TWIC has published a TWIC Technical Advisory TA-2008-TWIC001-V1.0 that spells out what should be done when this specific content signing certificate is discovered. This Technical Advisory is posted on the Pilot Test portion of the TWIC web site.
- Our organization has detected that the LDAP URL in the Authority Info Access extension of all TWIC certificates is missing a formatting character. What is TWIC doing to correct this issue?
- The Lightweight Directory Access Protocol (LDAP) link is indeed missing a formatting character ('%') in front of the 'US' portion of the URL. This has been corrected in all TWIC cards activated after October 22, 2008. In addition the badly formed URL is supported by our PKI infrastructure should you have a need to reference this URL. That said, TWIC does NOT support an Online Certificate Status Protocol (OCSP) server or LDAP presence at this time.
International Biometric Industry Association (IBIA) November 2007 submitted to TSA for comment.
OVERVIEW
The following responses are to questions submitted to TSA and the U.S. Coast Guard by the International Biometric Industry Association (IBIA). These questions and responses are specific to the November 19, 2007 public meeting to discuss the TWIC reader hardware and card application specification.
GENERAL
Estimate of Number of TWIC Readers
- Manufacturers of reader devices will need to make engineering changes to existing products to meet the requirements of the TWIC Reader Hardware and Card Application specification. There is a need for manufacturers to accurately forecast the potential market for these readers to enable an informed business decision as to how to price their products competitively and in such a way that they recover the unique product development costs over a reasonable time period. The requirement for TWIC readers in the maritime environment, in terms of projected quantities, is heavily dependent on several policy positions that have yet to be fully developed by the Coast Guard and TSA. Specifically, there are 3,200 facilities and 10,000 vessels that are subject to regulations under the Maritime Transportation Security Act (MTSA) and each maritime worker will be required to present a TWIC card for unescorted access to secure areas. Reader manufacturers are asking for policy guidance regarding the extent to which TWIC readers will be required for use in reading the TWIC card at entry points and the reader authentication mechanisms that will be required at various threat levels (e.g., CHUID only, CHUID + biometric). Reader manufacturers also need to know if policy will require TWIC readers at each facility exit point (in addition to the entry points), in order to enable awareness of what personnel are in the secure area at any given time. Can the Government please provide general guidance as to the expected operational use of TWIC readers?
- In due course, we will be providing guidance. That said, the operational use case is expected in the short term to vary dramatically from one location to another due to the need to satisfy local operational practice, provisional law, and established policy.
- Can the government provide guidance on the expected ratio of fixed indoor; fixed outdoor; and handheld devices in a typical deployment?
- There is no "typical deployment". Each deployment has unique characteristics in terms of access control policy, secure areas, manpower, etc. As such there is no general guidance available as of today with respect to the distribution of reader types (fixed outdoor, fixed indoor and mobile).
Feature Extractor Used to Store Reference Fingerprint Minutiae Templates
- What specific vendor template feature extractor has been used by the TWIC implementation contractor to generate the reference fingerprint minutiae templates stored on the TWIC card?
- The TWIC program has selected a NIST certified extractor.
- Has this template generator been tested and approved as a compliant feature extractor by NIST through the MINEX on-going testing program?
- The selected template generator is NIST tested and approved.
- If so, what is the specific SDK code that is used to create the reference fingerprint templates on the TWIC card?
SPECIFIC QUESTIONS RELATED TO SECTIONS OF TWIC SPECIFICATIONS
Section 4.2.1.2 - 4th and 6th bullets
- The specification requires the use of the stored fingerprint templates on the TWIC card to be matched during the mode "Biometric Verification - Network Attached Reader". There is no mention of a provision for an alternate "operational" biometric that may be stored off of the TWIC card. While not explicit in the specification, our assumption is that when the reader is in "CHUID only" mode, the local operator could require the user to present an "operational" biometric that is indexed by the CHUID pointer within a repository of separately enrolled biometric data. We assume that such an implementation would be permitted but is outside the scope of the TWIC reader hardware and card application specification. Is this assumption correct?
- The assumption is correct.
Reference Sections 5.1.4, 5.1.4.1, and 5.1.4.2
- Please define or give examples of how "…or equivalent commercial practice…" may be successfully demonstrated.
- It is preferred to meet the requirements as stated in the referenced clauses. Alternate, equivalent means to meet these referenced requirements are yet to be defined and may not ultimately be considered.
The following example is offered as guidance on the use of equivalent commercial practice.
EXAMPLE: "equivalent commercial practice" might be a certification obtained by an accredited test house that performed similar tests to those referenced in the specification. Such documentation might be reviewed against the specification referenced requirements and, on a case by case basis, considered as proof of successfully demonstrating the referenced requirements have been satisfied using "commercial practice". This example presumes what would be submitted in lieu of documentation of performing the preferred, required tests would include:
- the name, address, and contact within the accredited test house,
- the certification obtained,
- the test methods and procedures used to achieve the certification, and
- a statement by the manufacturer indicating what specification requirements are considered in scope of the equivalent commercial practice.
Reference Section 8 - Last Paragraph
- Does the TWIC reader require the use of template matchers that have been certified by NIST under the MINEX On-Going Test Program?
- Yes. The reader and card application specification references SP800-76 which requires said certification by NIST.
Reference Section 11.1
- The note below the table describing the Card-application Identifier states: "As not all TWIC cards may be issued with the TWIC application as the default selected card-application, the reader shall explicitly select the TWIC card-application." Please describe an example of a TWIC card that is not issued with the TWIC application as the default selected card-application.
- Future versions of the TWIC card may have more than one version of the TWIC application (as determined by the Proprietary Extension (PIX) of the Application identifier). In addition future applications may desire to return File Control information (FCI) to the reader that contains "discovery information" useful to the transaction session. This is why an explicit SELECT is warranted.
Reference Appendix A.2 - 8) b)
- This reference states that "the reader could be locally configured with a copy of every trusted document signing certificate." Since there is only one central issuing authority for TWIC cards, what is the estimate of the maximum number of document signing certificates that will need to be stored in the reader?
- The exact number is not defined. The total number is expected to be small given the central issuing authority structure. Further document signing is not currently anticipated as a normal mode of operation.
Reference Appendix A.3
- Since active card authentication over the contactless interface is only supported through selection of the PIV application and is not directly performed within the TWIC card application, is it correct to assume that this function will typically not be performed during routine access with a TWIC reader and will more likely occur at a PC workstation such as in a security office when a worker is being initially registered into a physical access control system?
- It is NOT correct to presume the TWIC card will be used in this way.
- The fifth paragraph in this section states: "The reader (or bi-directional panel) would need to have access to a system clock capable of providing the current date and time in order to determine the expiration status of the credential." Is it not also possible for the expiration data of a TWIC card to be registered one time in the PACS head end server during initial privilege granting and have the PACS disable any CHUID that has expired? In such a scenario, there is no need for the reader to send the expiration date to the panel - only the CHUID. Is this a valid implementation scenario?
- The expiration date might be stored at the head end. The expiration date is part of the CHUID. [If you meant to just send the FASC-N within the CHUID in this scenario this MAY be acceptable depending on the requirement to verify the signature field of the CHUID].
Back to Top
Download Plug-in
Some of the links on this page require a plug-in to view them, which are available below.
Adobe Acrobat (PDF)