DPSAC News Header

October 5, 2011 issue of the DPSAC NEWS

In This Issue
HHS ID Badge Rollout Scorecard
Pharmacy is First Clinical System in the Clinical Center to Use HHS ID Badge for Logical Access
Lending Your HHS ID Badge Comes With Serious Consequences
Helpful Tips
NED Training Schedule for October 2011
News Briefs
Safety Corner



Contact Us


Division of Personnel Security and Access Control


Personnel Security 

Helpdesk: 301-402-9755

e-QIP: 301-402-9735

Appointment Line: 301-496-0051

Email: orspersonnesecurity@ 



Access Control

Helpdesk: 301-451-4766

Email: facilityaccesscontrol@ 


 DHHS Logo gif   NIH Logo gif    ORS jpg


HHS ID Badge Rollout Scorecard


Here are the most recent NIH badging statistics provided by HHS as of September 30, 2011.  


Sponsored: 39,345    Enrolled: 38,403   Issued: 37,966 *


*This figure represents 96.5% of individuals who have been sponsored.

         ID Badge Rollout Scorecard 9-30-11
            Excel Table 9-30-11 IDBadge Rollout Scorecard

Pharmacy Is First Clinical System in the Clinical Center to Use HHS ID Badge for Logical Access


The Clinical Center Pharmacy Department has begun requiring staff to use their HHS ID Badges (Smart Cards/PIV Cards) to access government computers.  


According to Dr. Jon McKeeby, CC chief information officer, the new outpatient pharmacy system is the first clinical system in the CC to require dual factor authorization to access their government computers.*


The new outpatient pharmacy system requires a pharmacist or CC Pharmacy Use of PIV Cardtechnician to log in with their identification card and a PIN. The system restricts access based on the user's identification - not allowing a technician to approve an order, for example.


"The identification card requirement lends accountability and authentication to make sure the right person is doing the right thing," according to McKeeby.


 * With dual- or two-factor authentication, two independent items of authentication are used to prove that the individual is an authorized user of the system. The two items used are: (1) something the user has [e.g., the PIV Card/HHS ID Badge or SecureID token]; and (2) something the user knows [e.g., the PIN associated with the PIV Card/HHS ID Badge.] 


Lending Your HHS ID Badge Comes With Serious Consequences 


The following message from Dr. Alfred C. Johnson, Director of ORS and Chief Security Officer for NIH, which went out to all ORS and ORF staff on September 15, 2011, underscores the serious consequences that come with allowing others to use your ID Badge. Dr. Johnson's e-mail is reprinted in its entirety below:  


"Misuse of HHS ID Badges   


Dear Colleagues:

Several recent incidents have occurred where individuals have allowed unauthorized personnel to fraudulently use their personal identification badge to access the NIH campus and buildings.  


The practice of sharing your badge to either expedite someone's campus access or to intentionally bypass the required security checks is a felony offense of 18 U.S.C., part 499 punishable by up to 5 years imprisonment and a substantial fine.  


Four individuals have been arrested and are currently facing felony prosecution.  


As a reminder, all persons issued a badge agreed to acceptance of the following responsibilities:


HHS ID Badge Holder Responsibilities

  • Protect and safeguard your ID badge
  • If your ID badge is lost or stolen, you must report the missing badge to the Division of Personnel Security and Access Control, Office of Research Services, and your Administrative Officer (AO) within 24 hours of noting its disappearance. Your ID badge will be disabled and you will have to apply for a replacement.
  • Do not disclose or lend your ID number and/or password to someone else to gain access to NIH IT systems. This information is for your use only and serves as your electronic signature.
  • Do not lend your ID badge to anyone to gain access to NIH facilities. Lending out your ID card is prohibited. The issuance of the new HHS ID Badge is based on strict identity proofing and the determination of one's suitability for a specific position classification.

Please remind your employees and contract personnel to abide by the responsibilities above."


Helpful Tips 


How to quickly check your certificate expiration date (in the Windows environment) - Part I


The following steps show how a user can quickly check the expiration date for his or her own certificates (in the Windows environment).


Using Windows Internet Explorer (IE) select:      

  1. Tools
  2. Internet Options (from drop down menu)
  3. Content (Tab of Internet Options pop-up window)
  4. Certificates (button in middle of Internet Options pop-up window content's tab)
  5. Personal (tab in Certificates' pop-up window)

At least four certificates should be displayed (3 in your name and one called PIV users). All four should have the same expiration date. If there are multiple sets of four, the latest expiration date is the expiration date of your certificates.



How to quickly check your certificate expiration date (and test your PIN and card reader) - Part II


If you know your PIN, you may want to use the following procedure to check your certificate expiration date (which is also a good way to test your PIN and card reader):

  1. Insert your PIV card in the reader.
  2. Double-click on the blue and white ActiveClient Agent icon in the system tray.
  3. Enter your PIN and click on the OK button.                      (some may not be prompted to enter their PIN if they just used their card to unlock the screen saver.)
  4. Double-click on My Certificates.
  5. Double-click on the icon for one of the certificates
  6. Look at the date in the "Valid to" field.Checking Certificate Expiration Date  

Note: Not all Windows 7 users have ActivClient, whereas the Internet Explorer approach will work across all Windows platforms. 



Remembering your PIN  

Using your PIN regularly is a good way to help you remember it.  Try making it your code for retrieving voicemails or accessing your ATM. The more opportunities you have to use your PIN, the easier it will be to remember.  


Also, if your card reader and software are currently installed on your desktop, consider using dual factor authentication now. You'll be computing in a more secure IT environment and, of course, you'll be using your PIN on a regular basis.  


NED Training Schedule for October 2011


The HSPD-12 Program Office is offering two NED classes in October

and four classes in December for NED beginners and experienced NED users. Take advantage of this opportunity to quickly master NED in a hands-on computer lab environment.


NED for Beginners
    Date: Monday, October 24, 2011
    Time: 9 a.m. - 12:00 p.m.
    Location: 6120 Executive Blvd., Room 4 (EPS)

    Date: Thursday, December 1, 2011

    Time:  9 a.m. - 12:00 p.m.

    Location: Building 12A, Room 49/51


    Date:  Monday, December 19, 2011

    Time:  9 a.m. - 12:00 p.m.

    Location:  6120 Executive Blvd., Room 2 (EPS)    



NED for Advanced Users
   Date: Monday, October 24, 2011
   Time: 1:00 p.m. - 4:00 p.m.
   Location: 6120 Executive Blvd., Room 4 (EPS)

   Date: Thursday, December 1, 2011

   Time:  1:00 p.m. - 4:00 p.m.

   Location: Building 12A, Room 49/51


   Date:  Monday, December 19, 2011

   Time:  1:00 p.m. - 4:00 p.m.

   Location:  6120 Executive Blvd., Room 2 (EPS)



Contact Lanny Newman at newmanl@mail.nih.gov to reserve a space. In your e-mail, provide Lanny with your name and IC and which course you would like to attend. Sign up soon to ensure your place in the class. Seating is limited.

News Briefs


Personal ID Verification--Agencies Should Set a Higher Priority on Using the Capabilities of Standardized ID Cards


From "GAO Highlights," September 21, 2011 (Highlights of GAO-11-751, a report to congressional requesters)


The following report from "GOA Highlights, September 21, 2011," summarizes the findings of the Government Accountability Office (GAO), which was asked to determine the progress that selected agencies have made in implementing the requirements of HSPD-12 and identify obstacles agencies face in implementing those requirements.  


To perform the work, GAO reviewed plans and other documentation and interviewed officials at the General Services Administration, OMB, and eight other agencies.


What GAO Recommends

GAO is making recommendations to nine agencies, including OMB, to achieve greater implementation of PIV card capabilities. Seven of the nine agencies agreed with GAO's recommendations or discussed actions they were taking to address them; two agencies did not comment.


What GAO Found

Overall, OMB and Federal agencies have made progress but have not fully implemented HSPD-12 requirements aimed at establishing a common identification standard for Federal employees and contractors.  


OMB, the Federal Chief Information Officers Council, and NIST have all taken steps to promote full implementation of HSPD-12. For example, in February 2011, OMB issued guidance emphasizing the importance of agencies using the electronic capabilities of PIV cards they issue to their employees, contractor personnel, and others who require access to Federal facilities and information systems.


The agencies in GAO's review--the Departments of Agriculture, Commerce, Homeland Security, Housing and Urban Development, the Interior, and Labor; the National Aeronautics and Space Administration; and the Nuclear Regulatory Commission--have made mixed progress in implementing HSPD-12 requirements. Read more...

Safety Corner


Fire Prevention Week (October 9 - 15, 2011) ... Protect Your Family from Fire


This fire safety awareness article was prepared by the ORS Division of the Fire Marshall to mark Fire Prevention Week which is observed October 9 -15, 2011.


This year's Fire Prevention Week campaign is all about keeping you and your family safer from a fire in your home. In fact, one home structure fire was reported every 87 seconds in 2009. On average, seven people die in home fires every day. Adults 65 and older face the highest risk of fire death.


Everyone in your family has a role to play in your home's fire safety. Both adults and children should be familiar with smoke alarms and home fire escape planning.  


Below is a family home fire safety checklist to help ensure your family is prepared.

    • Does your home have smoke alarms on every level, inside each bedroom, and outside each sleeping area?
    • Are the batteries working in all of your smoke alarms?
    • Do you know the sound that a smoke alarm makes?
    • Does your home have interconnected smoke alarms (when one sounds, do they all sound)?
    • Do you test the batteries in the smoke alarms at least once a month?
    • Do you know what to do if your smoke alarm sounds?
    • Are all of the exits in your home clear of furniture, toys and clutter?  
    • Does your family have a home fire-escape plan that includes two ways out of each room?  
    • Has your family picked a safe place to meet outside if a fire occurs?  
    • Does your entire family practice your home fire-escape plan twice a year?  
    • Can you see the number of your house from the street?

According to a National Fire Protection Association survey, less than one-fourth of Americans have both developed and practiced a home fire-escape plan. In addition, roughly two-thirds of home fire deaths happen in homes with no smoke alarms or no working smoke alarms.


Working smoke alarms cut the risk of dying in home fires in half. On the other hand, automatic fire sprinkler systems cut the risk of dying in a home fire by about 80%. Sprinklers are highly effective because they can contain or may even extinguish a fire in less time than it would take the fire department to arrive on the scene.


Sprinklers reduce the risk of death or injury from a fire because they dramatically reduce the heat, flames and smoke produced, allowing people time to evacuate the home.


If you have any questions regarding home fire safety or home fire-escape planning, please contact the Division of the Fire Marshal, Office of Research Services at 301-496-0487.




Q. If I discover that my HHS ID Badge certificates are expired, can I have my IC's Lifecycle Work Station (LWS) operator reissue new certificates.


A. No. Unfortunately, once your PIV Card certificates are expired, you will need to make an appointment with a DPSAC Badge Issuance Station. Your IC's LWS can only be used for PIN Resets and Certificate Renewals.


Individuals located in the Biomedical Research Center in Baltimore, the NCI-Frederick facilities at Fort Detrick in Maryland, the Research Triangle Park facilities in North Carolina or the Rocky Mountain Laboratories facilities in Hamilton, Montana should contact their local badging office for a certificate renewal or re-issuance appointment.

A biweekly e-newsletter from the Office of Research Resources, Division of Personnel Security and Access Control (ORS/DPSAC) to keep you informed as NIH rolls out "Homeland Security Presidential Directive 12" (HSPD-12) establishing a common identification standard to better safeguard NIH and its workforce.