Skip to navigation Skip to content
Click Here to Join TSA

Frequently Asked Questions

Transportation Worker Identification Credential (TWIC™)

TWIC Home | TWIC Pilot Test | TWIC FAQs | Helpful Links | Pre-Enrollment
Contact Info | Press Releases | Testimonies
Week of 5/5: The following enrollment centers will open this week:  Houma, LA; Sandusky, OH; Anchorage, AK; and Morgan City, LA.

News! Click here for the recent press release on the re-alignment of the TWIC Compliance date. Click here to see where TWIC is coming next. Click here to get enrollment center addresses. Click here to check the status of your TWIC or to schedule a pick up.

GENERAL

How was TWIC created?

Congress, through the Maritime Transportation Security Act, or MTSA, directed the federal government to issue a biometric transportation security credential to any individual with unescorted access to secure areas of facilities and vessels and all mariners holding Coast Guard issued credentials or qualification documents. Controlling access to secure areas is a critical component of the Department of Homeland Security's (DHS) efforts to enhance port security.

What is TWIC?

TWIC is a common identification credential for all personnel requiring unescorted access to secure areas of MTSA-regulated facilities and vessels, and all mariners holding Coast Guard-issued credentials. TSA will issue workers a tamper-resistant "Smart Card" containing the worker's biometric (fingerprint template) to allow for a positive link between the card itself and the individual.

Who must get a TWIC?

An estimated one million individuals will be required to obtain a TWIC. This includes Coast Guard-credentialed merchant mariners, port facility employees, longshoremen, truck drivers, and others requiring unescorted access to secure areas of maritime facilities and vessels regulated by MTSA.

How will the TWIC be used?

During the initial rollout of TWIC, workers will present their cards to authorized personnel, who will compare the holder to his or her photo, inspect security features on the TWIC and evaluate the card for signs of tampering. The Coast Guard will verify TWICs when conducting vessel and facility inspections and during spot checks using hand-held scanners, ensuring credentials are valid. A second rulemaking will propose enhanced access control requirements, including the use of electronic readers by certain vessel and facility owners and operators.

Will TWICs be used for access control?

Yes. Upon the effective compliance date for their Captain of the Port (COTP) Sector, owners and operators will be required to visually inspect the TWIC for each worker granted unescorted access to secure areas of a facility or vessel. Also, some owners and operators may choose to integrate TWIC cards into their existing access control systems, although owners and operators are not required to purchase, install, or maintain card readers until technologic and logistic improvements are complete and are included in a second rulemaking. The Coast Guard will conduct checks using handheld readers to confirm the identity of TWIC holders during regular inspections and unannounced spot checks. A second regulation will propose card reader requirements that utilize all of the unique technologies employed in the TWIC.

Where can I read the TWIC rule?

The TWIC final rule is available on TSA's website here and more information on port security is available at the U.S. Coast Guard's Homeport site here. It can also be accessed at the DOT Docket Management system here, by searching on docket number 24196 and document number 857. This final rule was amended on May 2, 2008 in order to realign the national compliance date to April 15, 2009. Click here to view this amendment.

Where can I find TWIC documents translated in other languages?

The TWIC program provides communications materials in Spanish and English. Our pre-enrollment website (https://twicprogram.tsa.dhs.gov/TWICWebApp/) and our help desk (1-866-347-8942) are offered in Spanish and English. The TWIC Disclosure Form accommodates the use of a translator in order to assist individuals who are not proficient in English. Additionally, general fact sheets and informational flyers, in both English and Spanish, on the program are available at http://twicinformation.tsa.dhs.gov/twicinfo/twic_information.jsp. Port-specific materials are located at http://twicinformation.tsa.dhs.gov/twicinfo/schedule.jsp.

Lastly, the National Employment Law Project (NELP) has prepared materials related to the TWIC background check and applicant's rights to an appeals and waivers process. We have provided both the English version and Spanish version on our website in order to assist applicants. Please note: other translations can be found on the NELP site at http://www.nelp.org/nwp/second_chance_labor_project/. However, the accuracy of these translations has not been confirmed by TSA and it is important to note that they do not replace or amend the TWIC appeal and waiver process in anyway. TSA is providing the link to the NELP translations for your information.

Was the public involved in the rulemaking?

Yes. In addition to direct involvement from the National Maritime Security Advisory Committee, TSA and the U.S. Coast Guard held four public meetings around the nation and received more than 1,900 comments from workers, port owners and operators, small businesses and others who would be affected by the new program. All comments were carefully considered and significant changes to the NPRM were made in the development of the final rule.

How will I be notified to get a TWIC?

Facility and vessel owners/operators are required to inform employees of their responsibility to possess a TWIC and what parts of the facility and vessel will require a TWIC for unescorted access. The intent of this requirement is for owners/operators to determine which of their employees will need a TWIC and inform those employees in enough time for them to comply with the requirements. Owners/operators are also encouraged, but not required, to provide this same information to personnel who are not facility or vessel employees, e.g. contractors, truck drivers. Coast Guard Captains of the Port will also be working with the local Area Maritime Security Committees to communicate enrollment center locations and scheduling, as well as TWIC requirements and compliance dates.

What is the enrollment schedule?

TWIC enrollment began October 16, at the Port of Wilmington and will be phased in, at both small and large ports to ensure the smooth implementation of the program, over the course of 2007 and 2008. Click here to view the Quarterly Deployment Plan.

What are the addresses for the enrollment centers?

Click here to get information on enrollment centers.

Can employers require their employees to enroll for a TWIC even if their job does not require them to have unescorted access to facilities and vessels regulated by Maritime Transportation Security Act (MTSA)?

On the TWIC Disclosure Form, which all applicants are required to complete, one must certify that a TWIC is required in order to perform their employment duties (e.g., they require unescorted access to secure areas of MTSA-regulated facilities and vessels; they are currently, or are applying to be, a merchant mariner; or they are a commercial HME driver licensed in Canada or Mexico). Applicants also certify that the information they provide during the enrollment process is true, complete, and correct. If required, civil or criminal action may be taken if an individual provides false statements (per 49 CFR 1570.5 and 18 U.S.C. 1001). Similarly, the TWIC rule provides that no person can make another falsify a record, such as a TWIC enrollment application. Therefore, if an employer requires employees to falsify their enrollment information (e.g., by falsely certifying that they require unescorted access to secure areas), then legal action may be pursued against the employer.

TWIC is intended to provide a secure credential for mariners and individuals who require unescorted access to secure areas of regulated vessels or facilities. It is not intended for use by companies or employees working in locations or fields unrelated to activities regulated by MTSA.

What is the national compliance date for the TWIC program?

Workers who require unescorted access to secure areas of maritime facilities and vessels and all U.S. credentialed mariners must enroll for a TWIC no later than April 15, 2009. Workers will be required to possess and facilities will be required to check for a TWIC on a gradual basis, by Captain of the Port zone (COTP). The compliance date for each COTP zone will be published via notice in the Federal Register 90 days prior to the compliance date.

Why was the compliance date recently realigned?

The original compliance date set in the final rule was September 25, 2008. The rule was recently amended in order to extend the national compliance date to April 15, 2009. This date was set as a result of collaboration with port officials and industry. Since all 147 fixed enrollment centers will be operational by the end of 2008, workers will have adequate time to obtain a TWIC.

How durable is the TWIC?

In general, while TWIC holders should treat their cards with care, an accidental trip through the laundry should not cause it to malfunction or delaminate. The card is also designed to withstand cleaning with a mild soap and water mixture. The durability of the TWIC is based on the FIPS 201-1 and ANSI 322 card durability requirements and testing conditions (refer to paragraph 4.1.3 Physical Characteristics and Durability in FIPS 201, page 16). These tests include: card flexure, U/V exposure, humidity, surface abrasion, fading, and a "laundry test".

Who can I contact to get more information on TWIC?

TSA is responsible for conducting background checks, reviewing waivers and appeals, card issuance, revocation and renewal. The Coast Guard is responsible for enforcing the TWIC program as an access control measure and incorporating compliance into existing inspection policies. Both agencies are participating in stakeholder outreach activities. Since TSA and the USCG perform different roles, each agency established a Help Desk to address questions and concerns.

TSA's TWIC Program Help Desk can be reached at 1-866-DHS-TWIC (1-866-347-8942). The help desk will be available Monday through Friday from 8:00 a.m. until 12:00 a.m. EST.

Please visit homeport.uscg.mil/twic for answers relating to Coast Guard enforcement and TWIC implementation. Owners/operators/FSOs/VSOs/CSOs are encouraged to seek guidance directly from their local Captain of the Port TWIC action officer.

What measures are in place to protect small businesses, such as small passenger vessels?

TSA and the Coast Guard worked with the Small Business Administration to minimize adverse financial and operational impacts on small businesses wherever possible. The rule includes provisions that allow MTSA-regulated passenger vessels (excluding cruise ships) to establish employee access areas for crewmembers that do not require unescorted access to secure areas such as the pilot house and engine room. Employee access areas are areas that support the passenger areas, and crewmembers who are typically in these areas are waiters, entertainers, and galley staff. This provision reduces the impact on employees who rarely need to use spaces beyond those designated for support of passengers, while maintaining the integrity of a vessel's secure areas.

Other measures include the production and distribution of a Small Entity Guide for Owners and Operators available here and a Small Entity Guide for Applicants available here; as well as temporary access provisions for newly hired employees, an informational web site and a live help desk to assist small businesses with compliance through successful implementation of the program.

What are secure areas, passenger access areas, employee access areas, and public access areas?

Secure areas are required to meet specific security measures for access control in accordance with a Coast Guard approved security plan. Once the new credentialing program is in place, an individual will be required to have a TWIC in order to gain unescorted access to these sections of the facility or vessel.

A ferry, passenger vessel, or cruise ship may designate areas within the vessel as passenger access areas. These are areas that passengers frequent and does not require a TWIC for unescorted access. If passenger access areas are designated, the owner or operator must maintain a visual representation onboard the vessel with the approved Vessel Security Plan (VSP) detailing where these areas are located as required by 33 CFR 104.120(c). Examples of areas that may be considered as passenger access areas include; dining rooms, seating areas, parking decks, public restrooms, and bars.

A ferry or passenger vessel, excluding cruise ships, may designate areas within the vessel as employee access areas. An employee access area is a defined space with access controls that is open only to employees . It is not a secure area and does not require a TWIC for unescorted access. Employee access areas may not include any areas defined as restricted areas in the vessel security plan . If employee access areas are designated, the owner or operator must maintain a visual representation onboard the vessel with the approved VSP detailing where these areas are located as required by 33 CFR 104.120(c). Examples of areas that may be considered as employee access areas include; galleys, storage areas, dressing rooms, and food service areas.

A public access area is a defined space within a facility that is open to all persons and provides pedestrian access through the facility from public thoroughfares to the vessel. Any facility serving ferries or passenger vessels certificated to carry more than 150 passengers, other than cruise ships, may designate an area with in the facility as a public access area. Public access areas were previously outlined in 33 CFR 105.106. Therefore, approved facility security plans have already incorporated this definition upon implementation of MTSA.

How do I know my personal information is safeguarded?

Privacy and the security of your personal information are critical to the TWIC program. Information collected at the enrollment center or during the pre-enrollment process, including the signed privacy consent form and identity documents, is scanned into the TWIC system for storage. Information is encrypted and stored at a secure government facility using methods that protect the information from unauthorized retrieval or use.

What technologies are being used on the TWIC?

The TWIC will be a Smart Card (i.e., a card with a small integrated circuit chip embedded in the card) and will contain the following technologies:

Back To Top

ELIGIBILITY

General Eligibility Questions

What can disqualify me from getting a TWIC?

An individual who lacks lawful presence and certain immigration status in the United States, has a connection to terrorist activity, has been determined to lack mental capacity, or was convicted of the certain crimes will be ineligible for a TWIC.

What if I do not meet the qualification standards?

Applicants who are denied a TWIC will be notified of the reason for denial and instructed on how to apply for an appeal or waiver. See the Waivers and Appeals section for more information. Once issued a TWIC, the applicant has the continuing obligation to inform TSA if they are no longer eligible for a TWIC.

Immigration

What immigration categories are eligible to apply for a TWIC?

The immigration categories per 49 CFR 1572.105 are:

(1) A U.S. citizen;
(2) A lawful permanent resident of the United States;
(3) A refugee admitted under Title 8, U.S.C., Section 1157;
(4) An alien granted asylum under Title 8, U.S.C., Section 1158;
(5) An alien in valid M-1 nonimmigrant status who is enrolled in the United States Merchant Marine Academy or a comparable state maritime academy;
(6) A nonimmigrant alien admitted under the Compact of Free Association between the United States and the Federated States of Micronesia, the Republic of the Marshall Islands, or Palau;
(7) An alien in lawful nonimmigrant status who has unrestricted authorization to work in the United States, except an alien:
(i) In valid S-5 (informant of criminal organization information);
(ii) In valid S-6 (informant of terrorism information);
(iii) In valid K-1 (Fiancé(e)); or
(iv) In valid K-2 (Minor child of Fiancé(e));
(8) An alien in the following lawful nonimmigrant status who has restricted authorization to work in the United States:
(i) C-1/D Crewman Visa;
(ii) H-1B Special Occupations;
(iii) H-1B1 Free Trade Agreement;
(iv) E-1 Treaty Trader;
(v) E-2 Treaty Investor
(vi) E-3 Australian in Specialty Occupation;
(vii) L-1 Intracompany Executive Transfer;
(viii) O-1 Extraordinary Ability;
(ix) TN North American Free Trade Agreement;
(x) B1/OCS - Business Visitor/Outer Continental Shelf; or
(xi) Another authorization that confers legal status, when TSA determines that the legal status is comparable to the legal status set out in paragraphs 1-8.
(9) A commercial driver licensed in Canada or Mexico who is admitted to the United States under Title 8, C.F.R., Section 214.2(b)(4)(i)(E) to conduct business in the United States.

Will a non-U.S. citizen be able to get a TWIC?

Yes. The rule includes a list of various immigration categories that are eligible to apply for a TWIC, including nationals, refugees, asylees, lawful non-immigrants with unrestricted work authorization, and certain professionals with restricted work authorization.

What documentation is an applicant required to bring to the enrollment center if he/she is a U.S. citizen, but was not born in the United States?

Applicants should bring one of the following documents:

(1) Department of State - Certificate of Report of Birth (Form DS-1350);
(2) Department of State - Consular Report of Birth Abroad (Form FS-240); or
(3) U.S. Passport.

Note: If the Certificate of Birth Abroad, Consular Report of Birth Abroad, or an expired U.S. Passport are presented, additional documents will be required to verify identity; see list of acceptable identity documents. If a current (unexpired) U.S. Passport is presented, it is the only identity verification document required.

If an applicant who was born outside the U.S. but is a U.S. citizen does not bring the proper documentation to the enrollment center, they may receive an Initial Determination of Threat Assessment (IDTA) related to their immigration status. In such a case, what should the applicant do?

The applicant should make a photocopy of one of the documents listed below and submit an appeal using the TWIC cover sheet (that comes with their IDTA).

(1) Department of State - Certificate of Report of Birth (Form DS-1350);
(2) Department of State - Consular Report of Birth Abroad (Form FS-240); or
(3) U.S. Passport.

What should an applicant do if they receive an IDTA due to their citizenship/immigration status?

Applicants should follow the instructions in the enclosure section of their IDTA letter. Applicants should request an appeal using the TWIC cover sheet and provide valid documentation demonstrating they are one of the categories identified above.

What happens to my TWIC when my lawful nonimmigrant status expires?

The applicant must report the disqualifying condition to TSA and surrender the TWIC. In addition, the TWIC becomes invalid. If the applicant is in one of the permissible visa categories and the employment for which the visa was granted ends, then one of the following needs to take place:

Back To Top

Disqualifying Crimes

What is a permanent disqualifying criminal offense?

What are the permanent disqualifying criminal offenses?

Per 1572.103(a):
(1) Espionage or conspiracy to commit espionage
(2) Sedition or conspiracy to commit sedition
(3) Treason or conspiracy to commit treason
(4) A federal crime of terrorism (18 U.S.C. 2332(g)) or comparable State law
(5) A crime involving a TSI (transportation security incident). Note: A transportation security incident is a security incident resulting in a significant loss of life, environmental damage, transportation system disruption, or economic disruption in a particular area. The term "economic disruption" does not include a work stoppage or other employee-related action not related to terrorism and resulting from an employer-employee dispute.
(6) Improper transportation of a hazardous material under 49 U.S.C. 5124 or a comparable state law
(7) Unlawful possession, use, sale, distribution, manufacture, purchase...or dealing in an explosive or explosive device
(8) Murder
(9) Threat or maliciously conveying false information knowing the same to be false, concerning the deliverance, placement, or detonation of an explosive or other lethal device in or against a place of public use, a state or government facility, a public transportations system, or an infrastructure facility
(10) Certain RICO (Racketeer influenced and Corrupt Organizations) Act violations where one of the predicate acts consists of one of the permanently disqualifying crimes
(11) Attempt to commit the crimes in items (a)(1)-(a)(4)
(12) Conspiracy or attempt to commit the crimes in items (a)(5)-(a)(10)

Note:
- Convictions for (a)(1)-(4) are not eligible for a waiver.
- Convictions for (a)(5)-(12) may be eligible for a waiver if the applicant is initially disqualified

What is an interim disqualifying criminal offense?

What are the interim disqualifying criminal offenses?

Per 1572.103(b)(2):
(i) Unlawful possession, use, sale, manufacture, purchase, distribution...or dealing in a firearm or other weapon
(ii) Extortion
(iii) Dishonesty, fraud, or misrepresentation, including identity fraud and money laundering (except welfare fraud and passing bad checks)
(iv) Bribery
(v) Smuggling
(vi) Immigration violations
(vii) Distribution, possession w/ intent to distribute, or importation of a controlled substance
(viii) Arson
(ix) Kidnapping or hostage taking
(x) Rape or aggravated sexual abuse
(xi) Assault with intent to kill
(xi) Robbery
(xii) Fraudulent entry into a seaport
(xiii) Lesser violations of the RICO (Racketeer Influenced and Corrupt Organizations) Act
(xiv) Conspiracy or attempt to commit crimes above

Note:
- Applicants may be eligible for a waiver if initially disqualified for any of the above

What if a conviction is "exonerated?"

If a conviction is expunged or pardoned, the criminal records may reveal this. If they do not, TSA sends the applicant a letter (Initial Determination) explaining what the records show and how the applicant can correct inaccurate records.

Can a person under indictment apply for a TWIC? Do they still have the appeal and waiver process available to them?

An individual under indictment for a disqualifying criminal offense may not hold a TWIC until the indictment is dismissed. If the applicant has an indictment pending, the applicant could apply for a waiver; however a request for a waiver does not guarantee that a waiver will be granted.

What if my initial disqualifying crime is no longer applicable? Can I reapply for a TWIC?

Applicants are encouraged to reapply if their initial disqualifying offense is no longer applicable. Applicants will need to understand the nature of the initial disqualification and the corresponding look-back periods of 5 or 7 years if applicable. Reapplying can occur as long as there are no secondary disqualifying events.

What should an applicant do if he/she has a disqualifying crime that was expunged from their record?

The applicant should proceed with TWIC enrollment as though they do not have a disqualifying offense, as long as the record is truly expunged. Per 49 C.F.R. §1570.3, a conviction is expunged when "the conviction is removed from the individual's criminal history record and there are no legal disabilities or restrictions associated with the expunged conviction, other than the fact that the conviction may be used for sentencing purposes for subsequent convictions." However, if the applicant is a credentialed mariner or intends to apply for a mariner credential, he or she must report convictions that were expunged on their application to obtain the MMC. Failure to disclose expunged convictions could result in a determination that the application for the mariner credential is fraudulent.

Back To Top

ENROLLMENT

What is the enrollment process?

The enrollment process consists of the following components: optional pre-enrollment, in-person enrollment, security threat assessment and notification of the results, and issuance of the TWIC to the applicant. Applicants may pre-enroll online to enter all of the biographic information required for the threat assessment and make an appointment at the enrollment center to complete the process (although appointments are not required). Then applicants must visit the enrollment center where they will pay the enrollment fee, complete a TWIC Application Disclosure Form, provide biographic information and a complete set of fingerprints, and sit for a digital photograph. The applicant must bring identity verification documents to enrollment and in the case of aliens, immigration documents that verify their immigration status, so that the documents can be scanned into the electronic enrollment record.

What documentation is required for a TWIC?

TWIC applicants are required to provide identity documents to TSA to complete the enrollment process. There are two lists of identity verification documents and applicants are required to furnish either one identity document from List A or two documents from List B with one of the two being a government-issued photo ID. Click here to access the latest listing of acceptable documents.

What is the purpose of the TWIC Disclosure Form?

The TWIC Disclosure Form provides additional information to the applicant on the security threat assessment process, as well as a notice on privacy and paperwork reduction. The applicant is also required to review and certify statements pertaining to eligibility for a TWIC, military service, and, once a TWIC is issued to the applicant, their responsibility to disclose information to TSA that would disqualify them from holding a TWIC. The applicant signs and dates the form, and if required, the helper/translator will also sign the form and provide contact information.

Applicants are encouraged to review the TWIC Disclosure Form in order to familiarize themselves with it, and to complete and bring it with them to the enrollment center.

What if I do not have the required forms of identification or do not wish to sign the TWIC Disclosure Form?

You will not be able to enroll at that time or obtain a TWIC. Applicants are required to present these documents as well as complete the TWIC Application Disclosure Form.

Where can I enroll?

TSA will use a combination of fixed and mobile enrollment stations to make the enrollment process as efficient as possible for applicants and owners or operators. The current listing of enrollment locations is available on this site.

What is pre-enrollment?

The pre-enrollment process allows applicants to provide much of the biographic information required for enrollment; to select an enrollment center where they wish to complete enrollment; and to make an appointment to complete enrollment at the enrollment center of their choosing. Applicants are encouraged, but not required, to "pre-enroll." Pre-enrollment is available by clicking here.

Are appointments required for enrolling?

No. Appointments are encouraged to save applicants time but are not required and walk-ins are welcome.

How long does enrollment take?

The enrollment process for a pre-enrolled applicant is expected to take approximately 10 minutes. The enrollment process for an individual who chose not to pre-enroll is expected to take approximately 15 minutes.

Back To Top

FEES

How much will port workers be charged for a TWIC?

The fee for TWIC will be $132.50 and it is valid for five years. Workers with current, comparable background checks will pay a reduced fee of $105.25. If workers are eligible to pay the lower price, their TWIC will expire 5 years from the date of the comparable credential (additional information is provided in the next question). The cost of a replacement TWIC, if the original is lost, stolen or damaged is $60.

If I have a comparable assessment, how can I determine which fee is more economical -- the reduced fee or the full, 5 year fee?

It is most beneficial for applicants who will use a comparable security threat assessment and pay the reduced fee to do so within 12 months of receiving the comparable threat assessment. After 12 months, it is more cost effective to pay the full fee for TSA to complete the security threat assessment and issue a TWIC with an expiration date 5 years from the date of issuance.

What are the methods of payment?

Payment must be made with credit card (Visa® or MasterCard® only), money order, or certified/cashier's check. Checks should be made payable to Lockheed Martin. An additional option has been provided through the use of company purchased pre-paid debit cards. For companies choosing to use the pre-paid option, please visit http://www.twiccard.com.

In all cases, payment will be made at the enrollment center at the beginning of the enrollment process.

What is the pre-paid debit card for the TWIC Program?

This method of payment is a prepaid Visa® card and is intended for employers who wish to purchase TWICs for their employees. They may be purchased in bulk and are redeemable at any TWIC enrollment center. The website for additional information or purchasing them is at http://www.twiccard.com.

What is the fee for a replacement card?

The card replacement fee (for lost, stolen, or damaged TWICs) is $60.

Back To Top

SECURITY THREAT ASSESSMENT

What does the security threat assessment consist of?

The assessment includes checks against criminal history records, terrorist watch lists, and immigration status.

How long does it take to receive the credential?

At this time, cards are taking longer to deliver and activate than expected due to technical capacity challenges that resulted from the sophisticated encryption that ensures the security of the cards. To ensure workers do not experience long waits when activating their credential, TSA has slowed the rate of issuance and now anticipates a 6 to 8 week turnaround. This is a temporary issue that TSA is working hard to address through software and hardware improvements. TSA expects that by spring, TWICs will be issued to workers within a month of completion of enrollment.

Remember, TWIC is not required for port access at this time so the current situation should not negatively affect a worker.

Will the results of my threat assessment be shared with my employer?

If TSA determines that an applicant poses an imminent threat to transportation or national security, TSA may notify the applicant's employer. Generally, TSA will not provide the reasons for a disqualification to an employer. However, if TSA has reliable information concerning an imminent threat posed by an applicant and providing limited threat information to an employer, facility, vessel owner, or Coast Guard Captain of the Port would minimize the risk, then TSA would provide such information.

What if I have already completed a comparable threat assessment?

A reduced fee of $105.25 will be made available for applicants who will not require the security threat assessment. The reduced fee is available for the following:

For those applicants seeking to pay the reduced fee, they must present their HME, FAST card, MMD, or MML (meeting the requirements outlined above) at the time of enrollment.

Q: Are the background checks for a TWIC the same as the background checks conducted for an individual applying for a Hazardous Material Endorsement (HME)?

A: Yes. They have the same eligibility requirements, share a consistent waivers and appeals process, and leverage the same fingerprint-based criminal history records check (CHRC).

Q: Does someone with a Hazardous Material Endorsement (HME) have to repeat the criminal history records check (CHRC) if they are applying for a TWIC?

A: No. As a result of this, an applicant who applies for a TWIC after successfully completing the HME security threat assessment does not have to pay for a second criminal history records check (CHRC) - and the fee for the TWIC is reduced by $27.25. All TWIC applicants must pay the fees that cover the other components of the TWIC program, including enrollment and card issuance.

Back To Top

WAIVERS AND APPEALS

Where else can I get information on the appeals and waivers process?

The National Employment Law Project (NELP) has prepared materials related to the TWIC background check and applicant's rights to an appeals and waivers process. We have provided both the English version and Spanish version on our website in order to assist applicants. Please note: other translations can be found on the NELP site at http://www.nelp.org/nwp/second_chance_labor_project/. However, the accuracy of these translations has not been confirmed by TSA and it is important to note that they do not replace or amend the TWIC appeal and waiver process in anyway. TSA is providing the link to the NELP translations for your information.

Is there going to be an appeals and waivers process?

Yes. Applicants who are denied a TWIC will be notified of the reason for denial and instructed on how to apply for an appeal or waiver. All applicants have the opportunity to appeal a disqualification, and may apply to TSA for a waiver if disqualified for certain crimes, or if they are aliens in Temporary Protected Status. Applicants who seek a waiver and are denied may seek review by an Administrative Law Judge (ALJ). Also, applicants who are disqualified due to intelligence-related issues and are denied an appeal or a waiver may seek ALJ review.

What is the time frame for an appeal?

Applicants must send appeal requests to TSA within 60 days of receiving TSA's IDTA. Within 60 calendar days of receipt of an applicant's appeal request, TSA will provide notice as to whether an appeal request has been granted or denied. Please note that for good cause, TSA may take longer than 60 days to effect notification. If an applicant needs more than 60 days to request an appeal, the applicant should send a letter to TSA asking for an extension of time.

What is the time frame for a waiver?

Applicants must send waiver requests no later than 60 days after the date of the Final Determination of Threat Assessment (FDTA). However, applicants do not need to wait until receiving a FDTA and may file the waiver at any time after receiving the IDTA. Within 60 calendar days of receipt of an applicant's waiver request, TSA will provide notice whether the waiver request has been granted or denied. If an applicant needs more time to request a waiver, the applicant should send a letter to TSA asking for an extension of time. Please note that for good cause, TSA may take longer than 60 days to effect notification.

If someone is denied, can they access secure areas of a port pending the appeal/waiver process or do they have to wait for its completion?

Access to these areas will depend on the owner/operator security plan and their escorting procedures, as well as the enforcement and compliance date for that particular USCG Captain of the Port zone.

Back To Top

CARD ISSUANCE

How will the cards be issued?

The applicant will be notified by email or phone, as specified during enrollment, when his/her credential is available at the enrollment center. The applicant must return to the same enrollment center to pick up his/her TWIC.

How long is the TWIC card good for?

TWICs remain valid for five years, unless the expiration date was based on a comparable credential (FAST card, Merchant Mariner Document or Hazmat Endorsement). The expiration date is displayed on the face of the credential and TWIC holders will be responsible for renewal. For applicants who pay the reduced fee, the expiration date of their TWIC will be 5 years from the date listed on the credential associated with the comparable security threat assessment.

Back To Top

ROLL-OUT SCHEDULE

Will you rollout TWIC to all ports immediately?

No. The initial enrollment will be phased in throughout the country.

Once enrollment begins, when will workers be required to have a TWIC?

The Coast Guard will publish TWIC compliance dates for each Captain of the Port zone in the Federal Register. We expect this compliance date to closely follow the end of the initial enrollment period for the relevant COTP Zone. The Coast Guard will provide 90 days notice prior to the compliance date in a particular COTP. Facility owners and operators are responsible for ensuring that their employees are aware of enrollment and compliance dates.

Why was the Port of Wilmington selected to be first?

The Port of Wilmington participated in the prototype activities of the program. Leveraging this experience, as well as taking into account risk based factors such as the size and location of the port, made it the appropriate choice to begin the rollout of this critical security measure.

Back To Top

STAKEHOLDER OUTREACH

What outreach will the federal government undertake prior to the start of enrollment?

TSA, the U.S. Coast Guard and its contractors have conducted extensive outreach to educate workers on the impact of this critical security program. This includes:

Over the next year, members of TSA and the Coast Guard will continue to meet with unions, associations, and other industry stakeholder groups to provide updates on the status of the program and will update materials on the TSA and USCG web sites. Small entity guides for TWIC applicants and owners/operators are available here. The U.S. Coast Guard Navigation and Vessel Inspection Circular (NVIC) is also available. The majority of stakeholder outreach efforts supporting the deployment of the program will be coordinated and carried-out by TSA's contractor, Lockheed Martin.

Back To Top

MERCHANT MARINERS

Will these rules affect all Merchant Mariners?

Yes. All credentialed U.S. merchant mariners must obtain a TWIC. This includes all persons holding a Coast Guard-issued merchant mariner's license, merchant mariner's document (MMD), Standards of Training, Certification and Watchkeeping (STCW) Certificate, or certificate of registry (COR). With the implementation of TWIC, the Coast Guard MMD would primarily serve as proof of the bearer's professional qualifications. The Coast Guard has drafted a supplementary proposed rule (published in the same Federal Register edition as the TWIC final rule) that proposes to combine the elements of all four current merchant mariner professional credentials into one certificate called the Merchant Mariner Credential (MMC). The Coast Guard and TSA are streamlining the process for the two credentials to reduce costs, duplication of effort, and processing time for mariners. If the MMC proposed rulemaking is finalized as currently written, the Coast Guard would begin issuing the MMC in September of 2008 and would phase in the replacement of mariner's current credentials over a period of five years. Mariners would be issued their credential in the form of an MMC at the time they renew their current credential, or when applying for a new credential. The proposed rulemaking would not affect the validity of a mariner's current credential.

Back To Top

COMPLIANCE

Does TWIC apply to mutual aid, first responders, etc. in the event of an emergency?

State and local emergency responders are exempt from the requirement to have a TWIC when they are responding to an emergency. Additional guidance has been included in the NVIC.

Will the facility ID card, which would be based on the TWIC, be acceptable for access to secured areas?

Regulations allow a plant or facility owner to use their own plant/facility specific card as their access control measure, as long as they ensure individuals without a TWIC cannot gain unescorted access to secure areas and the TWIC is checked at least once before the specific card is reissued/accepted. There is no requirement to check/verify TWICs for access to restricted areas, only secure areas.

What are secure areas, passenger access areas, employee access areas, and public access areas?

In accordance with a Coast Guard approved security plan, owner/operators define the areas of vessels or facilities that are "secure areas" and therefore require access control measures. A "passenger access area" is a defined space, within the secure area, of a ferry, passenger vessel, or cruise ship that is open to passengers. It is not a secure area and does not require a TWIC for unescorted access. If passenger access areas are designated, the owner or operator must maintain a visual representation onboard the vessel with the approved VSP detailing where these areas are located.

Ferries and passenger vessels, excluding cruise ships, may also designate areas within the vessel as "employee access areas". An employee access area is a defined space, within the secure area, of a ferry or passenger vessel that is open only to employees and not to passengers. It is not a secure area and does not require a TWIC for unescorted access. Employee access areas may not include any areas defined as restricted areas in security plans. If employee access areas are designated, the owner or operator must maintain a visual representation onboard the vessel with the approved VSP detailing where these areas are located.

A "public access area" is a defined space within a facility that is open to all persons and provides pedestrian access through the facility from public thoroughfares to the vessel. Any facility serving ferries or passenger vessels certificated to carry more than 150 passengers, other than cruise ships, may designate an area with in the facility as a public access area. Implementation information can be found in the USCG NVIC.

Back To Top

PROTOTYPE

How many transportation workers participated in the prototype evaluation?

As of December 31, 2005, more than 4,000 workers were issued prototype TWICs. Participants in the Philadelphia and Los Angeles/Long Beach areas received TWICs after completing TSA-performed name-based threat assessment. Participants in the state of Florida underwent a criminal background check conducted by the state of Florida as well as the name-based assessment performed by TSA before being issued prototype TWICs.

Where did the prototype take place?

The prototype was conducted at 26 locations in the geographical areas of Los Angeles/Long Beach, Wilmington/Philadelphia and Florida's deepwater ports. Participation was voluntary for the prototype. Examples of participants included truck drivers, longshoremen, and container terminal and airport personnel.

During the prototype phase TSA tested the card in other modes of transportation. Will this credential be required for rail or airport employees?

The initial rollout of TWIC will be focused on the maritime mode, which will include rail workers and truck drivers who require unescorted access to secure areas of MTSA-regulated facilities, and vessel personnel. Once the initial maritime rollout is complete DHS will look at the possibility of requiring use of the credential in other modes of transportation.

Back To Top

TWIC Pilot Test

FAQs pertaining to v1.1 of Specification:

Is there any change in scope in Version 1.1 of the specification from the previous release?

Version 1.1 retains the same scope as the previous release though some details have been expanded in Version 1.1 as a result of vendor enquiries and the specification editorial process.

Who can I contact if I have questions on either version of this specification?

General questions can be submitted using the email link available on the TSA / TWIC pilot test web page. Specification detailed technical questions or proposed contributions should be directed to the Project Editor; refer to Section 1.3 of the Version 1.1 specification for contact details.

Which version will TSA use for evaluating TWIC readers for possible use in the Pilot test?

TSA plans to use Version 1.1 for the TWIC reader baseline as will be published soon in the Federal Register.

Will TSA / Coast Guard provide any outreach on the Version 1.1 specification as well as an update on the Pilot Test?

Several options are under consideration to provide the latest Pilot Test information and the revised TWIC reader specification to the public. TSA / Coast Guard will make an announcement in the near future on how this outreach will be achieved.

Do you expect that fixed readers will test the validity of the Security Object? I don't see the Security Object referenced in any of the workflow descriptions.

It is not expected that fixed readers will test the validity of the TWIC Application Security Object.

The Security Object on the TWIC card issued to me does not contain a hash for the TWIC Privacy Key, as specified in the TWIC spec (page 30):
"The objects hashed are: the Unsigned CHUID (0x3002), The TWIC Privacy Key (0x2001), the Signed CHUID (0x3000), and the signed fingerprint templates (0x2003)." The other object hashes are there. Is this a problem that the card producer should be notified about?

The problem here lies in the specification; not an omission by the card producer. The security object may contain mappings and hash values for any data objects selected by the Issuer per policy. In this case the TPK is NOT included in the security object. The specification will be amended to reflect this fact.

Finally, a suggestion on the TWIC Privacy Key Network Processing portion of the spec (page 39): I think it might be better in the long run to return not just the AES encryption key, but the whole contents of the TWIC Privacy Key buffer. That way, applications would not need to be hard-coded to use AES-ECB-128, but could easily be written to support any of the other AES types in the future. It wouldn't add much network overhead and would enhance expandability.

This is a very good suggestion as it allows changes to the AES key length without having to modify reader communications software.

The spec says "The reader shall provide an automated alert or lockout after a configurable number of biometric matching attempts (facility chooses). Is the intent of this specification to provide an automated alert or lockout after a configurable number of consecutive failed biometrics matching attempts?

The automated alert is intended to trigger after X (configurable) consecutive failures to match.

The spec says that Appendix B is "the method used to perform the TWIC Privacy Key retrieval from the PACS system." Does this really mean that this is the only way this can be done, or that it's the preferred way, or just a suggested way?

Appendix B should be read as an Informative Annex in that the method described is preferred and suggested; but not mandated.

The spec says "The input parameter value corresponds to the unique user ID that was read from the TWIC card as a binary value and base64 encoded". What is this unique user ID?

The unique user ID is determined by the local facility but is expected to be the FASC-N or a portion of the FASC-N (such as the Personal Identifier field).

The spec says "The response would be the base64-encoded 128-bit (16-byte) AES encryption key", but the example response decodes to 17 bytes. Is this a mistake?

The annex has incorrect information in both of the value fields. Here is a simplified example ->

For Annex B set the Content-length to "xx" for both the input request and the response indicating "length was not computed for this example"

The TPK shall be 16 bytes [30313233343536373839303132333435] base64 encoded as [MDEyMzQ1Njc4OTAxMjM0NQ==]

For the "unique user ID" use a full FASC-N of 25 bytes [D70339DAA1822C10842125A1685821084216C1B9870339A3EB] base64 encoded as [1wM52qGCLBCEISWhaFghCEIWwbmHAzmj6w==].

Note that [ ] are not part of either the hexadecimal value or the base64 encoded string.

Does TWIC offer a Certificate Revocation List (CRL)?

Yes. The TWIC program CRL maintains a regularly updated list of all revoked TWIC certificates. The CRL is in addition to the Hotlist mechanism found on the pre-enrollment web site. TWIC readers can automatically retrieve the location of the CRL by looking at any of the certificates on the TWIC Card. TWIC certificates are formatted per rfc3280 and support the "CRL Distribution Points" extension indicating the Internet addresses available to reach the TWIC CRL.

OVERVIEW

The following responses are to questions submitted to TSA and the U.S. Coast Guard by the International Biometric Industry Association (IBIA). These questions and responses are specific to the November 19, 2007 public meeting to discuss the TWIC reader hardware and card application specification.

GENERAL

Estimate of Number of TWIC Readers

Manufacturers of reader devices will need to make engineering changes to existing products to meet the requirements of the TWIC Reader Hardware and Card Application specification. There is a need for manufacturers to accurately forecast the potential market for these readers to enable an informed business decision as to how to price their products competitively and in such a way that they recover the unique product development costs over a reasonable time period. The requirement for TWIC readers in the maritime environment, in terms of projected quantities, is heavily dependent on several policy positions that have yet to be fully developed by the Coast Guard and TSA. Specifically, there are 3,200 facilities and 10,000 vessels that are subject to regulations under the Maritime Transportation Security Act (MTSA) and each maritime worker will be required to present a TWIC card for unescorted access to secure areas. Reader manufacturers are asking for policy guidance regarding the extent to which TWIC readers will be required for use in reading the TWIC card at entry points and the reader authentication mechanisms that will be required at various threat levels (e.g., CHUID only, CHUID + biometric). Reader manufacturers also need to know if policy will require TWIC readers at each facility exit point (in addition to the entry points), in order to enable awareness of what personnel are in the secure area at any given time. Can the Government please provide general guidance as to the expected operational use of TWIC readers?

In due course, we will be providing guidance. That said, the operational use case is expected in the short term to vary dramatically from one location to another due to the need to satisfy local operational practice, provisional law, and established policy.

Can the government provide guidance on the expected ratio of fixed indoor; fixed outdoor; and handheld devices in a typical deployment?

There is no "typical deployment". Each deployment has unique characteristics in terms of access control policy, secure areas, manpower, etc. As such there is no general guidance available as of today with respect to the distribution of reader types (fixed outdoor, fixed indoor and mobile).

Feature Extractor Used to Store Reference Fingerprint Minutiae Templates

What specific vendor template feature extractor has been used by the TWIC implementation contractor to generate the reference fingerprint minutiae templates stored on the TWIC card?

The TWIC program has selected a NIST certified extractor.

Has this template generator been tested and approved as a compliant feature extractor by NIST through the MINEX on-going testing program?

The selected template generator is NIST tested and approved.

If so, what is the specific SDK code that is used to create the reference fingerprint templates on the TWIC card? See http://fingerprint.nist.gov/minex/QPL.html for reference.

The TWIC program has selected a NIST recognized SDK.

Pre-Pilot Reader Test and Certification

What is the process under which TWIC readers will be approved for participation in the upcoming TWIC reader pilot field test?

The testing process is under development and no further details are available as of this writing.

Will the Government provide TWIC test cards to reader manufacturers?

Cards for testing TWIC readers are under investigation with a recommended process for manufacturers to obtain cards forthcoming.

Will readers be submitted for environmental conformance testing (i.e., temperature, humidity, shock, vibration, etc.)?

We anticipate that all readers will need to meet both laboratory testing and some level of real world operational testing requirements. In drafting the reader test plan we are considering how to perform the environmental portion of the testing that will both meet the needs of maritime facility and vessel operators as well as provide a range of environmental test options to vendors. As soon as the reader test plan is approved we will provide specific guidance to all vendors.

Will readers be submitted for "scenario" testing with human subjects to validate such requirements as throughput and matching accuracy?

Scenario testing is under investigation. It is reasonable to presume a combination of laboratory and real world operational testing will occur to determine such factors as throughput and matching accuracy.

Is there any fee to be charged to vendors who submit products for such testing?

There is no decision on this point as of this writing. A fee based testing methodology is one option under consideration.

Will completion of conformance testing be on a "pass" or "fail" basis?

The testing process is under development and no further details are available as of this writing. Our goal is to allow the introduction of as many types of readers that will meet the needs of maritime facility and vessel operators while having a level of assurance that a supply of readers will operate in some of the harsh conditions found in maritime operations. That said; we expect that all readers must accurately read a TWIC. Card reading performance (technical read of the card) would therefore be on a PASS / FAIL basis.

Will there be a Qualified Products List (QPL) maintained by the Government for the TWIC readers and will there be an opportunity for on-going testing for conformance as new products are developed?

We anticipate that some form of a qualified product list will be maintained by the program at some point prior to the effective date of the TWIC reader rule.

If a stand-alone product does not meet some of the environmental requirements (e.g., temperature range), but could comply with these requirements when integrated into an enclosure (e.g., a heated pedestal/stand), how will these products be tested for conformance?

The testing process is under development and no further details are available as of this writing.

When will a calendar-based milestone schedule for the pre-pilot test and certification process be published?

We will publish a milestone schedule along with the release specifics regarding the reader test plan.

Will the pre-pilot test plan protocols be published for public comment? If so, when?

The testing process is under development and no further details are available as of this writing. Should such protocols be published the public will be notified prior to publication.

Will detailed pre-pilot test results data and analysis be made available to the participating vendors? To what extent, if any, will this information also be available to the public and to other vendors?

The testing process is under development and no further details are available as of this writing.

Pilot Test

What organization will be purchasing reader products used in the pilot test?

Facility and vessel owners participating in the pilot test will purchase readers and other infrastructure.

Will Port Security Grant Program funds be used for the acquisition of readers used in the five pilot test locations? If so, does the Government then have final approval authority over the purchase of readers to be used in the pilot test?

Port Security Grant (PSG) funds will be used to acquire readers and other infrastructure necessary to conduct the pilot test. The Government does NOT have final approval authority over the purchase of readers. That said, all readers purchased with PSG funds must meet TWIC test requirements.

Is the Government's intention to test all three reader types during the pilot test (e.g., handheld, fixed outdoor, fixed indoor)?

The desire is to test all configurations of readers in the Pilot phase of the program.

We have heard reference to an "early operational assessment" reader test that will occur at ports or vessels before the full operational test commences. Can the Government provide more details on the scope of this phase of the pilot test?

The Early Operational Assessment (EOA) reader test is under development. More information will be communicated to industry as relevant details become available.

What is the expected time line for the start and completion of early operational assessment pilot testing and full production pilot testing?

We anticipate starting the EOA early in 2008. Full production testing (System Test and Evaluation Phase) will begin in mid-2008.

SPECIFIC QUESTIONS RELATED TO SECTIONS OF TWIC SPECIFICATIONS

Section 4.2.1.2 - 4th and 6th bullets

The specification requires the use of the stored fingerprint templates on the TWIC card to be matched during the mode "Biometric Verification - Network Attached Reader". There is no mention of a provision for an alternate "operational" biometric that may be stored off of the TWIC card. While not explicit in the specification, our assumption is that when the reader is in "CHUID only" mode, the local operator could require the user to present an "operational" biometric that is indexed by the CHUID pointer within a repository of separately enrolled biometric data. We assume that such an implementation would be permitted but is outside the scope of the TWIC reader hardware and card application specification. Is this assumption correct?

The assumption is correct.

Reference Sections 5.1.4, 5.1.4.1, and 5.1.4.2

Please define or give examples of how "…or equivalent commercial practice…" may be successfully demonstrated.

It is preferred to meet the requirements as stated in the referenced clauses. Alternate, equivalent means to meet these referenced requirements are yet to be defined and may not ultimately be considered.

The following example is offered as guidance on the use of equivalent commercial practice.

EXAMPLE: "equivalent commercial practice" might be a certification obtained by an accredited test house that performed similar tests to those referenced in the specification. Such documentation might be reviewed against the specification referenced requirements and, on a case by case basis, considered as proof of successfully demonstrating the referenced requirements have been satisfied using "commercial practice". This example presumes what would be submitted in lieu of documentation of performing the preferred, required tests would include:

- the name, address, and contact within the accredited test house,
- the certification obtained,
- the test methods and procedures used to achieve the certification, and
- a statement by the manufacturer indicating what specification requirements are considered in scope of the equivalent commercial practice.

Reference Section 8 - Last Paragraph

Does the TWIC reader require the use of template matchers that have been certified by NIST under the MINEX On-Going Test Program?

Yes. The reader and card application specification references SP800-76 which requires said certification by NIST.

Reference Section 11.1

The note below the table describing the Card-application Identifier states: "As not all TWIC cards may be issued with the TWIC application as the default selected card-application, the reader shall explicitly select the TWIC card-application." Please describe an example of a TWIC card that is not issued with the TWIC application as the default selected card-application.

Future versions of the TWIC card may have more than one version of the TWIC application (as determined by the Proprietary Extension (PIX) of the Application identifier). In addition future applications may desire to return File Control information (FCI) to the reader that contains "discovery information" useful to the transaction session. This is why an explicit SELECT is warranted.

Reference Appendix A.2 - 8) b)

This reference states that "the reader could be locally configured with a copy of every trusted document signing certificate." Since there is only one central issuing authority for TWIC cards, what is the estimate of the maximum number of document signing certificates that will need to be stored in the reader?

The exact number is not defined. The total number is expected to be small given the central issuing authority structure. Further document signing is not currently anticipated as a normal mode of operation.

Reference Appendix A.3

Since active card authentication over the contactless interface is only supported through selection of the PIV application and is not directly performed within the TWIC card application, is it correct to assume that this function will typically not be performed during routine access with a TWIC reader and will more likely occur at a PC workstation such as in a security office when a worker is being initially registered into a physical access control system?

It is NOT correct to presume the TWIC card will be used in this way.

The fifth paragraph in this section states: "The reader (or bi-directional panel) would need to have access to a system clock capable of providing the current date and time in order to determine the expiration status of the credential." Is it not also possible for the expiration data of a TWIC card to be registered one time in the PACS head end server during initial privilege granting and have the PACS disable any CHUID that has expired? In such a scenario, there is no need for the reader to send the expiration date to the panel - only the CHUID. Is this a valid implementation scenario?

The expiration date might be stored at the head end. The expiration date is part of the CHUID. [If you meant to just send the FASC-N within the CHUID in this scenario this MAY be acceptable depending on the requirement to verify the signature field of the CHUID].

Back To Top

Download Plug-in
Some of the links on this page require a plug-in to view them, which are available below.

Click Here to Download Adobe Acrobat Reader Adobe Acrobat (PDF)