Title: Why Have Names Changed in SEARCHLIGHT? (repost)

Description: Repost: SEARCHLIGHT, the NSA internal directory, is adding middle names to link to identification systems.

Document: DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL

(U//FOUO) Why Have Names Changed in SEARCHLIGHT? (repost)
FROM: SIGINT Communications
Unknown
Run Date: 05/30/2003

(U//FOUO) You may have noticed that many names are now appearing differently in
SEARCHLIGHT-- often middle initials have been replaced with the person's full middle name.
Why is it happening, and how can you have your entry changed if it is not appearing correctly?
We'll get to the "why" a little later, but first the "how":
If your middle name now appears in full and used to be just an initial, you cannot have it
changed back to just the initial.
If an incorrect middle name is now appearing, you can have it changed by contacting
"ISMT" (
nsa or DL ISMT).
(U//FOUO) Now on to the "why": CONCERTO is the Agency's personnel system. Most of your
personnel information is in what we'll call the "HR" part of CONCERTO. This is what you, your
supervisor, and other authorized people see when you log into CONCERTO and look at your
profile. Stuff like your awards, past assignments, etc. is in there. Obviously your name and your
SSN are part of HR CONCERTO for identification purposes. There is also a SECURITY part of
CONCERTO. This is where your clearances, etc. are kept. Your name and SSN are also part of
SECURITY CONCERTO for identification purposes. The two parts of CONCERTO are kept separate
for obvious security reasons, but "Mary Jane Smith" with SSN: 123-456-7890 in HR CONCERTO
is the same person as "Smith,Mary Jane" with SSN: 123-456-7890 in SECURITY CONCERTO.
(U//FOUO) SEARCHLIGHT is the Agency's corporate directory service. The "registration" of your
name and SSN in SEARCHLIGHT (for those of you whose SEARCHLIGHT records are marked
"confirmed") originated in the HR CONCERTO. In HR CONCERTO, middle initials tend to be more
prevalent than middle names. So "Mary Jane Smith" may have appeared in SEARCHLIGHT as
"Mary J. Smith".
(U//FOUO) ...ENTER THE PKI CERTIFICATE:
(U//FOUO) A required part of creating the PKI certificate, which is used to electronically identify
you, is the inclusion of your full name. Because your PKI will be used for identification in
electronic systems and exchanges (such as e-mail), the corporate directory system,
SEARCHLIGHT, must now have you registered with your full name. Part of your PKI certificate
also includes your security credentials and the official source of this information is SECURITY
CONCERTO. To get your PKI certificate, your full name must be in SEARCHLIGHT and must
match your full name in SECURITY CONCERTO. So, in order to get a PKI certificate, "Mary J.
Smith" in SEARCHLIGHT must be changed to "Mary Jane Smith." In addition, for those people
who did not already have a PKI certificate by March 2003, it is important to know that the name
change has already occurred in SEARCHLIGHT. For those who already had a PKI certificate at
that time, the name change has been delayed until it is time to renew the PKI certificate. When
those people renew their PKI certificate, a process will be triggered to automatically change their
SEARCHLIGHT name to match their SECURITY CONCERTO name. If there are any differences
between the way names are stored in SEARCHLIGHT and HR CONCERTO, those differences will
have to be resolved by contacting Security Information, Q235 with an email to "ISMT" (as noted
above).
(U//FOUO) NAME DIFFERENCES IN PREVIOUSLY EXISTING CERTIFICATES:
(U//FOUO) Many of you who have previously received your PKI certificates, did so with your
name in SEARCHLIGHT at a time, and in a format, which preceded the "rollover" of names from
SECURITY CONCERTO. If they were different, that immediately created a mismatch between the
PKI and SEARCHLIGHT names, which equated to an identity failure and a subsequent PKI

certificate revocation. However, prior discussions recognized this problem and the subsequent
impracticality of multiple revocations throughout the agency. It was consequently decided that
existing, valid PKI certificates which would encounter this condition would not be revoked, but
rather allowed to continue existing until their normal expiration date. The requirement for full
identity validation would then occur at renewal time, ultimately bringing everything in line and
eliminating the need for numerous immediate reapplications in the meantime.
(U//FOUO) For further information, see an announcement in What's New in SEARCHLIGHT .
Contributors to article:
CRD Communications
, Concerto Representative
, Searchlight Representative

"(U//FOUO) SIDtoday articles may not be republished or reposted outside NSANet
without the consent of S0121 (DL sid comms)."

DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL
DERIVED FROM: NSA/CSSM 1-52, DATED 08 JAN 2007 DECLASSIFY ON: 20320108

Document Date: 2003-05-30

Release Date: 2016-05-16

Article Link: https://theintercept.com/snowden-sidtoday/

Links

#1 https://theintercept.com/snowden-sidtoday/ Show in Doc Search Show in New Window

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh