Sub-Contractors Can Submit RFID Data to WAWF

It is not always feasible for the Department of Defense (DOD) Prime Contractor to submit Radio Frequency Identification (RFID) data to Wide Area Workflow (WAWF). When product packaging and shipping is performed by a sub-contractor it usually makes more sense for the sub-contractor to also submit the related RFID data to WAWF. This article discusses some ways that this can be done and related security issues.

When a sub-contractor packages and ships product to the DOD, they are in possession of the related RFID data. There are three primary ways that this data can reach WAWF:

  1. The Prime Contractor Enters the Data The sub-contractor can forward the RFID data
    to the Prime Contractor, who then enters the data into WAWF. We normally see
    this as a fairly manual process, in which the sub-contractor would scan the
    RFID tags or save a log of printed tags, forward this data to the Prime
    Contractor via email, and the Prime Contractor would type, or copy and paste,
    the RFID data into WAWF’s web screens. Obviously this is a reasonable option
    only for very small numbers of RFID tags.
  2. The Sub-Contractor Enters the Data Acting as the Prime The Prime Contractor can
    provide the Sub-Contractor with a WAWF userid and password for the Prime
    Contractor CAGE code. Then the Sub-Contractor can log into WAWF as the Prime
    Contractor and do anything that the Prime Contractor could do. We see this
    done a lot, probably because it is kind of obvious and easy to implement. The
    downside is that this creates a data security problem. The Sub-Contractor can
    see every contract and shipment for that CAGE code and can perform any
    transaction in WAWF that a Prime Contractor user with similar permissions can
    perform.
  3. The Sub-Contractor Enters the Data Using CAGE Extension Option 1 (above) grants
    Sub-Contractors no WAWF access. Option 2 (above) grants
    Sub-Contractors complete WAWF access. This third option
    grants Sub-Contractors with limited access. Each Prime
    Contractor has in WAWF one or more CAGE codes assigned to them. Each CAGE code
    can have zero, one or multiple CAGE Extension assigned.

The CAGE Extension has allows the Prime to grant sub-contractors the ability to submit WAWF transactions on their behalf, while restricting access and defining more specific notification email addresses.

The easiest way to explain this is with an example. Our fictitious
Prime Contractor, Widget Makers Inc., uses CAGE Code: 12345. Their fictitious Sub-Contractor, Drop Shipper Inc., has the CAGE Code: AAAAA.

When Makers Inc. creates in WAWF a CAGE Extension of 11111-AAAAA, that has the effect of being an additional location for the purposes of shipping contracts owned by the Prime. To this CAGE Extension Drop Shipper submits Receiving Report and/or RFID Pack Updates to WAWF, they submit with the CAGE Extension of 11111-AAAAA rather than just using their CAGE of AAAAA. Users from both the Prime and the Sub receive email notifications of the transaction (provided WAWF is configured to send those emails to those users).

So with a CAGE-Extension in place, Drop Shipper can submit RFID data for the shipment, without having full access to all contracts and shipments in WAWF for the Prime.

Details of how to set up CAGE Extensions are at the WAWF Training Website. Look under Group Administrator (GAM), and Administer Location Codes.