HHS ID Badge Rollout Scorecard

Here are the most recent NIH badging statistics provided by HHS as of September 30, 2011.  

Sponsored: 39,345    Enrolled: 38,403   Issued: 37,966 *

*This figure represents 96.5% of individuals who have been sponsored.

Pharmacy Is First Clinical System in the Clinical Center to Use HHS ID Badge for Logical Access

The Clinical Center Pharmacy Department has begun requiring staff to use their HHS ID Badges (Smart Cards/PIV Cards) to access government computers.  

According to Dr. Jon McKeeby, CC chief information officer, the new outpatient pharmacy system is the first clinical system in the CC to require dual factor authorization to access their government computers.*

The new outpatient pharmacy system requires a pharmacist or technician to log in with their identification card and a PIN. The system restricts access based on the user's identification - not allowing a technician to approve an order, for example.

"The identification card requirement lends accountability and authentication to make sure the right person is doing the right thing," according to McKeeby.

 * With dual- or two-factor authentication, two independent items of authentication are used to prove that the individual is an authorized user of the system. The two items used are: (1) something the user has [e.g., the PIV Card/HHS ID Badge or SecureID token]; and (2) something the user knows [e.g., the PIN associated with the PIV Card/HHS ID Badge.] 

Lending Your HHS ID Badge Comes With Serious Consequences 

The following message from Dr. Alfred C. Johnson, Director of ORS and Chief Security Officer for NIH, which went out to all ORS and ORF staff on September 15, 2011, underscores the serious consequences that come with allowing others to use your ID Badge. Dr. Johnson's e-mail is reprinted in its entirety below:  

"Misuse of HHS ID Badges   

Dear Colleagues:

Several recent incidents have occurred where individuals have allowed unauthorized personnel to fraudulently use their personal identification badge to access the NIH campus and buildings.  

The practice of sharing your badge to either expedite someone's campus access or to intentionally bypass the required security checks is a felony offense of 18 U.S.C., part 499 punishable by up to 5 years imprisonment and a substantial fine.  

Four individuals have been arrested and are currently facing felony prosecution.  

As a reminder, all persons issued a badge agreed to acceptance of the following responsibilities:

HHS ID Badge Holder Responsibilities

• Protect and safeguard your ID badge
• If your ID badge is lost or stolen, you must report the missing badge to the Division of Personnel Security and Access Control, Office of Research Services, and your Administrative Officer (AO) within 24 hours of noting its disappearance. Your ID badge will be disabled and you will have to apply for a replacement.
• Do not disclose or lend your ID number and/or password to someone else to gain access to NIH IT systems. This information is for your use only and serves as your electronic signature.
• Do not lend your ID badge to anyone to gain access to NIH facilities. Lending out your ID card is prohibited. The issuance of the new HHS ID Badge is based on strict identity proofing and the determination of one's suitability for a specific position classification.

Please remind your employees and contract personnel to abide by the responsibilities above."

Helpful Tips 

How to quickly check your certificate expiration date (in the Windows environment) - Part I

The following steps show how a user can quickly check the expiration date for his or her own certificates (in the Windows environment).

Using Windows Internet Explorer (IE) select:      

1. Tools
2. Internet Options (from drop down menu)
3. Content (Tab of Internet Options pop-up window)
4. Certificates (button in middle of Internet Options pop-up window content's tab)
5. Personal (tab in Certificates' pop-up window)

At least four certificates should be displayed (3 in your name and one called PIV users). All four should have the same expiration date. If there are multiple sets of four, the latest expiration date is the expiration date of your certificates.

How to quickly check your certificate expiration date (and test your PIN and card reader) - Part II

If you know your PIN, you may want to use the following procedure to check your certificate expiration date (which is also a good way to test your PIN and card reader):

1. Insert your PIV card in the reader.
2. Double-click on the blue and white ActiveClient Agent icon in the system tray.
3. Enter your PIN and click on the OK button.                      (some may not be prompted to enter their PIN if they just used their card to unlock the screen saver.)
4. Double-click on My Certificates.
5. Double-click on the icon for one of the certificates
6. Look at the date in the "Valid to" field.  

Note: Not all Windows 7 users have ActivClient, whereas the Internet Explorer approach will work across all Windows platforms. 

Remembering your PIN  

 
Using your PIN regularly is a good way to help you remember it.  Try making it your code for retrieving voicemails or accessing your ATM. The more opportunities you have to use your PIN, the easier it will be to remember.  

Also, if your card reader and software are currently installed on your desktop, consider using dual factor authentication now. You'll be computing in a more secure IT environment and, of course, you'll be using your PIN on a regular basis.  

The HSPD-12 Program Office is offering two NED classes in October

and four classes in December for NED beginners and experienced NED users. Take advantage of this opportunity to quickly master NED in a hands-on computer lab environment.

NED for Beginners
    Date: Monday, October 24, 2011
    Time: 9 a.m. - 12:00 p.m.
    Location: 6120 Executive Blvd., Room 4 (EPS)

    Date: Thursday, December 1, 2011

    Time:  9 a.m. - 12:00 p.m.

    Location: Building 12A, Room 49/51

    Date:  Monday, December 19, 2011

    Time:  9 a.m. - 12:00 p.m.

    Location:  6120 Executive Blvd., Room 2 (EPS)    

NED for Advanced Users
   Date: Monday, October 24, 2011
   Time: 1:00 p.m. - 4:00 p.m.
   Location: 6120 Executive Blvd., Room 4 (EPS)

   Date: Thursday, December 1, 2011

   Time:  1:00 p.m. - 4:00 p.m.

   Location: Building 12A, Room 49/51

   Date:  Monday, December 19, 2011

   Time:  1:00 p.m. - 4:00 p.m.

   Location:  6120 Executive Blvd., Room 2 (EPS)