AUSA Global Force March SureID Proprietary and Business Sensitive Information 16 February 2017 SureID, Inc. All rights reserved.

AUSA Global Force March 2017 SureID Proprietary and Business Sensitive Information 16 February 2017 SureID, Inc. All rights reserved. 1

SureID Overview Founded November 2001 Corporate Offices Alexandria, Virginia Minot, North Dakota Headquarters Hillsboro, Oregon Employees +500 +78,000 +1,000,000 +370M Vendor companies actively participate in SureID programs Vendor company employees have enrolled for RAPIDGate credentials Recorded program ingresses at secure facilities where its products are installed SureID s RAPIDGate program was awarded Platinum, for Best Access Control and Authentication Systems and Gold, for Best Integrated System for HSPD-12 & FIPS 201 Compliance at the 2016 American Security Today ASTORS Homeland Security Awards. SureID Product Brief Earned the highest level of SAFETY (Support Anti-Terrorism by Fostering Effective Technologies) Act certification RAPIDGate program awarded Best Integrated System for HSPD-12/FIPS-201 Compliance 2

US Army Installation Enterprise CURRENT STATE Continental United States (CONUS) Alaska & Hawaii Active/ Reserve Army National Guard o o o o o o 40 Standard Garrisons 70 Non Standard Garrisons 5 Joint Bases 2387 standalone facilities 350 with 10 or more personnel reporting on a daily basis 170 locations with Guard force/fence line. This map only shows IMCOM Posts and many smaller AMC, NGB and USAR posts are omitted for visual clarity 110 Covered by AIE by 2021 No Current Enterprise Solution o o o 47 AMC Stand Alone?? USACE 170 ARNG fence lines 19 Army Installations Covered by JB Lewis McChord USAG Miami Yuma PG Fort Bliss Fort Rucker USAG HI Fort Campbell Guam ANG Fort Leavenworth Aberdeen PG Fort Wainwright Fort Devens Fort McCoy Fort Greeley Fort Drum Fort Polk Fort Riley A.P. Hill Fort Lee 3

RAPIDGate Program An Intra and Inter-service Enterprise High Assurance Identity Management and Installation Access Control Solution 150+ FENCELINES 78,000+ COMPANIES* 370M+ RECORDED INGRESSES Implemented at: 19 Army Garrisons 19 Marines Bases and Stations 64 Navy Bases and Stations 16 Coast Guard Bases and Stations *As of February 9 th, 2017 4

Improvements Over Time Equipment Upgrades NCIC/III Enterprise Rollout IMESA/ NLETS PIV-I Visitor Management 2007: Wireless Access Points 2010: Wireless Access Points and Navy Handhelds 2011: Army and Marine Corps Handhelds 2012: Registration Stations and Guard Stations (Enclosures and Computers) 2014: PCs to support Windows 7 Navy Aug 2014 Marine Corps Oct 2015 USCG Jun 2015 Army 4-6 months after sponsorship Navy Apr 2010 Marines Mar 2015 Whidbey Island: Feb 2012 Marines ATO Jan 2017 Army 4-6 weeks after sponsorship NLETS Strategic partner 3Q17 Army Timeline Navy Jul 2014 Marines Nov 2015 USCG Jun 2016 Marines Apr 2017 FLWA POP FLWA 1+4 FHTX AIE POP FMWI/RIA POP+4 IMCOM 1+4 (15 Posts) 36 Post Peak AIE 3 Award 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 IMCOM 1+4 (15 Posts) J34 NORTHCOM Edict AIE 1 Award AIE 2 Award AIE 2+ Award 22 Current Posts 17 Posts Decommission 5

Securing Military Installations The Three Tiers of Protection Visitors Uniform Military DoD Civilians Military Retirees Military Dependents Federal Government Employees Transportation Workers Vendors Contractors Suppliers Service Providers 6

Vendors Contractors Suppliers Service Providers Tier One Vendors Contractors Suppliers Service Providers 7

Electronically Verify & Biometrically Authenticate Biometric Self-Registration Highly secure and convenient Vetting & Identity Authentication Extensive initial background screening and regular re-screening Credentialing Manufacturing, shipping, issuance and lifecycle management Access Control Electronically verify & biometrically authenticate in near real-time identities & credentials Access Privileges Authoritative data repository (ADR) and Access Control Point (ACP) local databases updated every 30 minutes Minimal charge Minimal charge to the government for program, equipment, maintenance, implementation, and support The Solution to Faster & More Secure Access 8

RAPIDGate Program Deliverables Registration Stations Multi-language Digital camera fingerprint scanner ADA -compliant Handheld Devices FIPS-201 compliant Mag stripe reader 2D barcode reader Fingerprint scanner Color display Easy to read Battery status 802.11G wireless connectivity to the guard station Smart chip reader Guard Stations UPS Locked enclosure Credentials GSA-approved product List cardstock and follows NIST SP800-104 topography recommendations Ongoing Support Maintenance Training Support Reporting Sustainment 9

RAPIDGate Program Enrollment One time every 3 years* Vendor/Contractor Company enrolls online RAPIDGate program representative confirms Vendor/Contractor Company Approval by Facility RAPIDGate program representative provides a company code used for employee enrollment Initial Background Check Conducted RAPIDGate Credential Manufactured and Sent to Facility for Issuance Company and Employee are Notified to Make Appt and Pickup Credential Vendor/Contractor Employee Registers* RAPIDGate Credential issued once Acceptable Identity Documents are reviewed Employee Information verified with the RAPIDGate Company Administrator (RCA) *Renew subscription annually Credential will be automatically activated within 24-48 hours 10

RAPIDGate Program Access Privileges & Enforcement Vendor/Contractor Employee Arrives at Gate Handheld Displays Access Recommendation Force Protection Personnel to Visually Match Credential to Vendor/Contractor Employee and Scan Credential Ingress Data Captured and Transferred to RAPIDGate Information System Authoritative Data Repository Credential Electronically Verified Against RAPIDGate Information System Authoritative Data Repository Ongoing Background Checks (Conducted Every 3 Months) 11

Handheld Scanner Screenshots Qualified Valid RAPIDGate Program credential Authorized access to your installation Accessing during prescribed access period The RAPIDGate Program Credential might be damaged The employee does not have access to your installation Employee has not renewed their credential Card valid for 3 years Registration valid for 1 year The Credential has not been activated The Credential has been deactivated or disabled Employee may no longer work at the company Valid RAPIDGate Program credential Authorized access to your installation Accessing outside prescribed access period Company has been disabled or company enrollment has expired 12

RAPIDGate Background Screening Identity Validation I-9 Document check at issuance Initial Suitability Screening Identity Validation NCIC/III 10-year Address History National Criminal Database Commercial Screening Electronic Database Screening Sex Offender Registry Government Watch Lists County and Federal Criminal Screening SSN Trace Program Disqualifiers Specified Felony Convictions Registered Sexual Offender Any Outstanding Criminal Warrant Credential Issuance I-9 Document Check at Issuance No-entry, Barment, No Work Lists Fingerprint Rescanning to ensure matches prints on file Certificates will be written to credential (RAPIDGate Premier ONLY) Ongoing Watchdog Electronic Re-screening Every 3 Months Adverse Action Provided to all applicants being screened to correct or dispute any Adverse findings as defined by the Federal Credit Reporting Act (FCRA) Hits against Watch lists (FBI Most Wanted, OFAC, I.C.E, INTERPOL, etc.) 13

The Extra Mile of Vetting Our Investigative Record Total # of Fails = 51, 432 Life To Date (LTD) fail rate= 0.09% including WD / 4.3% excluding WD NCIC Sex Offender 1% Warrant 9% Immigration Issues 3% Terrorist Hits 3 KST File Hits (known and appropriately suspected Terrorist Hits) No Disposition 34% Fail Rate breakdown: Data as of Feb 2017 Criminal Felony s Murder / Homicide / Voluntary Manslaughter / Drive-By Shooting = 489 Registered Sex Offenders = 527 Rape = 266 Open Want s/warrants = 6,379 Crimes Against Children Child Molestation = 186 Child Pornography = 32 Child Abuse = 232 COMMERICAL Misc (Includes Felony-Other) 4% Authority 1% SSN 11% Motor Vehicle 4% Theft 19% Violence 17% Warrant 7% Felony 53% Sex Offense 2% Drugs 35% 14

RAPIDGate Program Options One Credential Multiple Options RAPIDGate Program Approved access privileges to one installation for up to one year Multi-facility Program Approved access privileges to multiple installations with one credential RAPIDGate-90 Program Renewable 90-day credential Ideal for seasonal workers, temporary employees, short duration contracts and high turn-over workforces Approved access privileges to one installation Independent Contractors/Sole Proprietor Program Designed for companies with only one employee 15

Multi-Factor Authentication Credentials Deploying a seamless and secure authentication solution is complex and challenging. Many contractors find the requirements of SP800-171 confusing. SureID helps manage the complexity of this mandate for you so you can continue to do business with the government. Our ability to provide a comprehensive solution across different populations within the enterprise ensures organizations realize significant operational cost savings, a simplified user experience for both employees and customers, as well as greatly improved security and compliance. 16

Enhanced Features HSPD-12 Interoperable level 4 Smart Card Supports NIST 800-171 Federal Bridge Cross-Certification Meets Federal Standard for ID Verification Biometric Check Physical Access Supports Logical Access Control and Services Data Security Digital Signature Encryption PIN Code Authentication Federal Bridge Certification Authority (FBCA) Check Tamper Check Security Screening + Background Monitoring Enforcement Hardware System Activity Reporting Professional Services Credential valid for 3 years Subscription renewed annually 17

Uniform Military DoD Civilians Military Retirees Military Dependents Federal Government Employees Transportation Workers Tier Two Uniform Military DoD Civilians Military Retirees PIV-I Military Dependents Federal Employees Transportation Workers 18

RAPID-RCx Program Electronic Credential Verification Scan, read and verify a wide set of credentials including: DoD Common Access Card (CAC) DoD Retired Military & Dependent Cards PIV and TWIC Red & Green Light Access Alerts Local barment and no-entry lists Open source terrorist lists Open source law enforcement databases Verifies credential format Verifies expiration date A single handheld device can read the credentials of: Military and Government Personnel Retired Military and Authorized Dependents 19

RAPID-RCx Program - Vetting Against Open Source Law Enforcement Databases FBI Ten Most Wanted FBI Most Wanted Terrorists FBI Crimes Against Children U.S. Marshal s Most Wanted International Police Organization (INTERPOL) Wanted Fugitives + Local lists Office of Foreign Assets Control (OFAC) Bureau of Alcohol, Tobacco, Firearms & Explosives (BATFE) Most Wanted U.S. Immigration and Customs Enforcement (ICE) Most Wanted 20

Comparison of Products Features Populations Vendors Contractors Subcontractors Suppliers Service Providers Uniform Military Personnel Military Dependents/Retirees DOD Civilian Employees Non DOD Government Employees Infrequent Visitors Visitors that do not have a credential approved by the DoD to facilitate access Infrequent Visitors Long Term Visitors Special Events Credentials Personal Identification Credential Interoperable (PIV-I) Credentials Valid for 3 years (renewed annually) HSPD-12 High Assurance Identity Level 4 Interoperable Smart Card Common Access Card (CAC) Retired IDs (TESLIN) Dependent IDs (TESLIN) State DMV issued DL & IDs Transportation Worker Identification Credential (TWIC) Personal Identification Credential (PIV) Paper Pass (Short-term pass) PVC Credential (Long-term pass) Benefits Electronic Management of Installation Specific Access Privileges Fingerprint and photo recognition Supports FIPS 201-2 Physical Access Control Systems Supports NIST 800-171 Logical Access requirements Data Security (Digital Signature & Encryption) PIN Code Authentication Federal Bridge Certification Authority (FBCA) Check RAPIDGate handhelds scans all listed Credentials Electronically authenticated Free service to visitors Configurable Vetting / Screening Commercial Background Screen NCIC/III Checks Ongoing Screening (every 92 days) RAPIDGate Data Center Authentication Credential validation/authentication Installation-specific Bar no work/no entry Lists Open Source List Matching (Office of Foreign Assets Control, FBI Most Wanted, ICE, Interpol, etc.) DEERS Authentication (IMESA) DMV Authentication NCIC/III Checks Passport authentication Facial biometric matching Reporting Capabilities: Equipment Customer Support Fees Monthly reports Ad hoc reports available upon request Handhelds, Registration Stations and LRA workstations Site surveys Equipment installation Maintenance/Sustainment/Hardware Replacement Software Upgrades Vendor/Contractor Customer Support Installation Program Management Onsite training and reference materials Program Information Materials $437/Year/Installation Credential management fee $40 per credential Monthly reports Ad hoc reports available upon request Software enhancements to RAPIDGate components Installation Program Management Onsite training and reference materials Program Information Materials List management support Ad hoc reports available upon request Available only with RAPIDGate or RAPID-RCx Registration Station Printer Installation Program Management Onsite training and reference materials Program Information Materials Equipment Support Visitor Support $18,136 per gate with renewal options Available 2017 21

Visitors Tier Three Visitors 22

RAPIDGate Visitor Management Solution Visitor Kiosk Self-registration Automated Vetting in 20 seconds*: National Crime Information Center / Interstate Identification Index (NCIC/III) Electronically authenticate and verify state-issued drivers licenses and identification cards Facial biometric matching Credential Issuance Standardized Visitor Passes Electronic Access Management Continuous NCIC/III vetting (within limitations set by State and Federal CJIS Staff) Integrated with RAPIDGate *approximately 23

RAPIDGate Visitor Management Self-Service FEATURES A. Integrated Camera: Supports both high-definition credential photos and functional facial recognition. B. Passport Scanner: Document verification system scans passports and checks for microprint and other document security features. E C. Card Scanner: Scans full color duplex image of credentials and various card security features. D. Card Printer: Prints plastic badge credentials supported existing PACS. E. Paper Pass Printer: High-speed, electronically cut visitor passes in seconds. F F. Rugged Enclosure: Dual hydraulic access control arms and steel construction ensures security and durability. G. 22 Touch Monitor: Vibrant touchscreen color display makes user experience second to none. H. Dual Locks: Advanced locking mechanism prevents tampering. I. Cell Data: Out-of-the-box functionality. 24

HOW IT WORKS LIFECYCLE Lifecycle REGISTRATION In person registration for standard Day to Day operations Online pre-registration for Special Events using Transport Layer Security (TLS) encrypted website Supports authorized personnel to approve or deny visitor requests 25

Registration Options Special Events Visitors receive a unique URL/code from their military sponsor, which allows them to register and be screened/approved for installation access. Standard Operations Visitors use self registration kiosk located at Pass & ID to enroll, be vetted for unescorted access and receive a visitor pass. Process requires little to no assistance from local personnel. 26

HOW IT WORKS LIFECYCLE Lifecycle SCREEN & PROVE IDENTITY 1. Insert a valid identity document for verification 2. Conducts U.S. state DMV drivers license or identification card validation 3. Provides U.S. state DMV photographs* 4. Performs facial recognition comparisons* 5. Conducts National Crime Information Center / Interstate Identification Index (NCIC/III) Check *for those states that support that technology 27

HOW IT WORKS LIFECYCLE Lifecycle CREDENTIAL Credentialing Options Short Term Pass (less than 30 days): Paper Long Term Pass (more than 30 days): PVC card 28

HOW IT WORKS LIFECYCLE Lifecycle VALIDATE 1. Credential is scanned by security personnel with the RAPIDGate handheld 2. Credential is visually verified by security personnel 3. Credential is electronically authenticated against the RAPIDGate Information System 4. Installation perimeter access privileges are electronically verified 29

SPECIAL EVENTS HOW IT WORKS LIFECYCLE Lifecycle OBTAIN SPECIAL EVENTS ONLINE REGISTRATION ID DOCUMENTS VALIDATE 1. Visitor obtains the special events code/url from their military sponsor 2. Inputs PII into the online registration system, including drivers license, passport or ID card 3. If visit is approved, visitor arrives at the gate and provides their state issued drivers license, passport or other valid ID documents to be scanned by security personnel with the RAPIDGate handheld and visually verified 4. State issued drivers license, passport or other valid ID documents electronically authenticated against the RAPIDGate Information System and installation perimeter access privileges are electronically verified 5. A paper pass will be issued at the gate after the visitors drivers license or other identification documents are validated 30

Visitors Uniform Military DoD Civilians Military Retirees Military Dependents Federal Government Employees Transportation Workers Vendors Contractors Suppliers Service Providers The RAPIDGate Information System 31

SureID DoD End-to-End Installation Access Control Solution Installation Perimeter PACS Credentials Validated: CAC Military retiree Dependent ID s RAPIDGate Program PIV-I Locally issued visitor Federal Dept./Agency PIVs TWIC Vetting: IMESA RAPIDGate Database VMS database Local barment list No work list No entry list Nlets Visitor Management Credentials produced: Paper short term PVC long term Vetting: State DMV DL and ID card authentication US Passport authentication Facial feature biometric matching NCIC/III initial background screening IMESA continuous vetting RAPIDGate Database Credentials Produced: RAPIDGate Program PIV-I Vetting: NCIC/III Checks annually I-9 Document check at issuance Commercial background checks every 92 days DoD Local Population Database Federal PIV Approved PIV-I Locally issued visitor TWIC DoD IMESA Continuous Information Management Engine DEERS CAC Retiree Dependent IMESA provides credential updates and continuous vetting against: NCIC Person Files: Warrants, KST, NSOR, Foreign Fugitive, Identity Theft, Immigration Violators and Protective Order Terrorist Screening Database DoD wide barment list 32

RAPIDGate Information System and Enforcement Server Post Integration Project Architecture 06Sept2016 33

OPERATIONAL VIEW 34

Low Cost Solution RAPIDGate $437 per installation per year To include: Site Surveys All Hardware All Software All Hardware/Software Upgrades Maintenance & Sustainment Training Program Support RAPID-RCx $18,136 per gate per year To include: Software enhancements to RAPIDGate Program Support Unlimited Lanes List Management RAPIDGate Visitor Management Dependent on Installation size. Site survey required. Coming Soon 35

Partnership SureID/Army 36

Advantages of a RAPIDGate/Army-AIE Partnership Near term increase in security Near term reduction in risk Combination of AIE/RAPIDGate covers all garrisons Cost avoidance 37

Recommendations for a Successful Partnership Align with Navy, Marine Corps and Coast Guard NCIC/III Sponsorship from OPMG IMESA Sponsorship by OPMG RAPIDGate PIV-I Sponsorship by OPMG Designate RAPIDGate as the long term credential for vendors & contractors Army Policy/Regulations that are supportive of COTS 38

AIE 3 Requirements Comparison The collaborative features of AIE and RAPIDGate strengthens security and can cover all installations at a substantial cost savings. Acquisition Requirements # of Items RAPIDGate IMESA VMS Combined Registration 31 14/31=45% 15/31=48% 20/31=61% 30/31=97% Automatic Registration at Vehicle Lane 6 2/6=33% 5/6=83% 2/6=33% 6/6=100% Personnel Vetting 11 4/11=36% 6/11=55% 10/11=91% 11/11=100% General Access Control Point (ACP) Processing 20 10/20=50% 3/20=15% 8/20=40% 14/20=70% Process Personnel at Vehicles Lanes 28 6/28=21% 8/28=29% 7/28=25% 10/28=36% Process Personnel at Pedestrians Gates 6 3/6=50% 0/6=0% 0/6=0% 3/6=50% Physical Security 9 6/9=67% 0/9=0% 0/9=0% 6/9=67% Information Security 10 10/10=100% 0/10=0% 0/10=0% 10/10=100% Reliability, Availability and Maintainability (RAM) 17 11/17=65% 1/17=5% 11/17=65% 16/17=94% Environmental Conditions 11 10/11=91% 0/11=0% 0/11=0% 10/11=91% System Characteristics (Safety) 3 3/3=100% 0/3=0% 0/3=0% 3/3=100% System Characteristics (Physical Characteristics) 7 7/7=100% 1/7=14% 1/7=14% 7/7=100% System Design 27 20/27=74% 4/27=15% 6/27=22% 23/27=85% External Interfaces 16 9/16=56% 4/16=25% 2/16=13% 16/16=100% Total Compliance with Requirement 202 115/202=57% 47/202=23% 67/202=33% 165/202=82% RAPIDGate can cover 82% of the 202 AIE 3 requirements found in the request for proposal (RFP). Pending IMESA connectivity completion and when VMS is installed. The 18% not covered fall in the installation & construction areas. 39

RAPIDGate Program Questions Ron Green Vice President Strategic Accounts US Army rgreen@sureid.com 40

Back-up Slides 41

Acronyms ACP Access Control Point ADR Authoritative Data Repository AIE Automated Installation Entry AKO Army Knowledge Online CAC Common Access Card CIME Continuous Information Management Engine CJI Criminal Justice Information CJIS Criminal Justice Information Services CO Commanding Officer CONUS Continental United States DBIDS Defense Biometric Identification System DHRA Defense Human Resources Activity DIAC Defense Installation Access Control DMDC Defense Manpower Data Center DMV Department of Motor Vehicles DoD Department of Defense DoDAF Department of Defense Architecture Framework DoDD Department of Defense Directive DoDI Department of Defense Instruction DoDM Department of Defense Manual DTM Directive Type Memorandum ECP Entry Control Point FASC-N Federal Agency Smart Credential Number FBI Federal Bureau of Investigation GUID Globally Unique Identifier HES Hunt Engineering Systems IAW In Accordance With ICD Interface Control Document ID Identification III Interstate Identification Index IMESA Identity Matching Engine for Security & Analysis IoLS Interoperability Layer Services KST Known or Appropriately Suspected Terrorist LDAP Lightweight Directory Access Protocol LE Law Enforcement LPEDIPI Local Population Electronic Data Interchange Personal Identifier LPIdMS Local Population Identity Management System MSC Military Sealift Command MWR Morale, Welfare, and Recreation NAF Non-appropriated fund NATO North Atlantic Treaty Organization NCIC National Crime Information Center NLETS National Law Enforcement Telecommunications System NOAA National Oceanic Atmospheric Administration NSOR National Sex Offender Registry PACS Physical Access Control System PII Personally Identifiable Information PIV Personal Identity Verification PIV-I Personal Identity Verification-Interoperable RF Radio Frequency TSA Transportation Security Administration TSDB Terrorist Screening Database TWIC Transportation Worker Identification Credential USCG United States Coast Guard USG U.S. Government USPHS U.S. Public Health Service VMS Visitor Management System 42

Strengths of the RAPIDGate Program Closing the Gap RAPIDGate can be both the interim and long term low cost solution to covering all Army installations Source of Funding The majority of the RAPIDGate program is funded through vendor/contractor participation subscriptions. For $437 per installation training, equipment, maintenance, sustainment, reporting, and customer support is included The RAPIDGate program goes the extra mile to provide layers of security Seeks additional information to confirm a conviction or severity of charges to include contacting administration, research state and penal codes to clarify and verify against Rap Sheets Searches performed on court and state record databases, prison system records, and sex offender registries Partnership with I.C.E. representatives to verify legal statues We created a system to tap the most comprehensive collection of data bases in law enforcement and maintain relationships with 3552 State, County and Federal law enforcement entities. Implementation Expertise 10-12 week rollout plan with proven expertise at 150 fence lines to include site survey, equipment installation, and training Customer Service 24/7 Equipment Maintenance Support Dedicated installation and vendor/contractor population support Support on the waiver and adjudication process Vendor Community Accessibility The RAPIDGate program offers vendor/contractor the option of multi-facility access by using the same credential across military branches and regions (once approved for access) without re-enrolling. 43

Accreditations and Certifications Risk Management Framework (RMF) A six step process developed by the National Institute of Standards and Technology (NIST), and already in use by civil service agencies and the intelligence communities to mitigate information security risk. DoD categorizes information systems into four major categories. Automated Indicator Sharing, Enclave, Outsourced IT-based Process, and Platform IT Interconnection Other Certifications and Technologies Cross-Certification with the Federal Bridge Certification Authority (FBCA) Cross-Certification from the federal government as a Personal Identity Verification Interoperable (PIV-I) credential issuer, operating as a Level 4 provider U.S. Navy Mission Assurance Category (MAC) Level III Sensitive Authority to Operate (ATO) U.S. Marine Corps MAC Level III Sensitive ATO U.S. Marine Corps Authority to Connect (ATC) U.S. Coast Guard Authority to Operate (ATO) Department of Navy Privacy Impact Assessment (PIA) FBI Channeling Partner FIPS 140-2 NIST Special Publications 800-53 Wireless 802.11i OSI Layer 2 Encryption 44

Support Policies and Operational Requirements The RAPIDGate Program supports the Army in meeting policies and operational requirements AR 190-13, the Army Physical Security Program HQDA EXORD 033-15 DoD(I) 5200.08R, Physical Security Programs DTM 09-012 (change 4) Federal Information Processing Standards Publication (FIPS) 201-1 Personal Identity Verification (PIV) of Federal Employees and Contractors Homeland Security Presidential Directive (HSPD) 12 Policy for a Common Identification Standard for Federal Employees and Contractors National Guard: Code of Federal Regulations Title 28 20.36 DoDI 5525.19, DoD IMESA Access to CJI and TSDB Public Law 110-181 (FY 2008) SEC 1069 Standards for Entry to Military Installations in (the) United States DIAC Physical Access Control IoLS ICD DoD Memorandum Acceptance and Use of Personal Identity Verification-Interoperable (PIV-I) Credentials Directive Type Memorandum (DTM) 09-012 Interim Policy Guidance for DoD Physical Access, Ch. 4 DoD Instruction (DoDI) 2000.16 DoD Anti-Terrorism Standards 45

Program Pricing Company Single Installation $199 annually Multi-facility +$50* Single Installation $179 annually Per Employee Multi-facility +$75* PRICING 90-Day Option $79 per 90 days Independent Contractor/ Sole Proprietor Company fee is waived Single Installation $179 Multi-facility +$50* * One time price for more than 2 or more facilities 46

RAPIDGate and IMESA Visitor Vetting: Kiosk at garrison VCC DMV DL & ID authentication Passport authentication Facial biometric matching NCIC/III initial background screening and continuous vetting (within limitations set by State and Federal CJIS staff) DoD Local Population CAC, Retiree and Dependent Locally issued visitor credential DoD Local Population Database Scanning & Verifying: Perimeter ACP local server RAPIDGate Data Center Local Bar, No Work, No Entry Lists RAPID-RCx only Electronically verified & biometrically authenticated RAPIDGate Vetting: NCIC/III Checks* I-9 Document check at issuance Electronic Database Screening Hits against Watch List (OFAC, FBI Most Wanted, ICE, Interpol, Registered Sexual Offender, etc.) 10 Year Address History County and Federal Screens SSN Validation Outstanding Criminal Warrants 90 day watchdog checks RAPIDGate Database IMESA DEERS Database DEERS Database Non-DoD Federal PIV DoD approved PIV-I Locally issued visitor credentials TWIC IMESA continuously credential updates and vetting against: NCIC Warrants., KST, NSOR, Foreign Fugitive file, Identity Theft file, Immigration Violators file, and Protective Order file Other NCIC files (as applicable). Terrorist Screening Database (TSDB). DoD wide bar list. 47

IMESA NCIC TSDB DoD Debarments DEERS Continuous Information Management Engine DoD LP DB Interoperability Layer Service Visitor Centers ID proofing Screening Vetting Army (AIE) Navy (DBIDS) Air Force (DBIDS) Marines (RAPIDGate) Coast Guard (RAPIDGate) DoD Agencies and Field Activities 48