DPSAC News Header

February 22, 2012 issue of the DPSAC NEWS

In This Issue
HHS ID Badge Rollout Scorecard
Mandatory Smart Card Use for Remote VPN Access to NIH Net -- Another Reason to Renew Your PKI Digital Certificates
All NIH Remote Access Users To Be Moved Into Two-Factor VPN Groups
ICs and DPSAC Make it Easy to Renew Smart Card Digital Certificates
Onsite LWS Units Offer Many Benefits
NED Training Schedule for March, 2012
Helpful Tips
News Briefs
FAQs
Safety Corner

   

 

Contact Us

 

Division of Personnel Security and Access Control

 

Personnel Security 

Helpdesk: 301-402-9755

e-QIP: 301-402-9735

Appointment Line: 301-496-0051

E-mail: orspersonnesecurity@ 

mail.nih.gov

 

Access Control

Helpdesk: 301-451-4766

E-mail: facilityaccesscontrol@ 

mail.nih.gov

 DHHS Logo gif   NIH Logo gif    ORS jpg

    

HHS ID Badge Rollout Scorecard

  

Here are the most recent NIH badging statistics provided by HHS as of February 17, 2012.  

 

Sponsored: 39,739    Enrolled: 38,828   Issued: 38,481 *

 

*This figure represents 96.8% of individuals who have been sponsored.

            
2-17-12 Pie Chart Badge Scorecard

            
2-17-12 Excel table ID Badge Scorecard


Mandatory Smart Card Use for Remote VPN Access to NIH Net -- Another Reason to Renew Your PKI Digital Certificates

 

Until now, the principal reasons to renew your smart card PKI digital certificates were to enable the sending and receiving of encrypted e-mail and to digitally sign e-mail messages. Also, up-to-date smart card certificates have been required for those who must use their card to login to the NIH network [e.g., AO Sponsors and others who need to access restricted sites on the network].

 

Starting March 1, 2012, individuals who use remote VPN to access the NIH Net will need to use their smart cards (with up-to-date PKI digital certificates) to login. CIT is leading this effort and has notified NED AO and AT users (see below: 'All NIH Remote Access Users To Be Moved Into Two-Factor VPN Groups') to make sure everyone is prepared for this transition.

 

This is an important milestone in the continued implementation of HSPD-12 to protect the NIH workforce, facilities and the data residing on the NIH network. As NIH continues to expand the requirements to use the HHS ID Badge for logical access, additional services will become unavailable for individuals with expired certificates. 

 

 

A quick way to check smart card certificate expiration dates 

The PKI digital certificates that reside on everyone's smart cards need to be current before the cards can be used to access the NIH network.

 

Individuals who are not sure about the status of their card's certificates -- whether they are up to date, expired or will be expiring soon -- can quickly check their card's certificate expiration date using the following five steps. (in the Windows environment). Make sure to first insert your smart card into your card reader:

 

Using Windows Internet Explorer (IE) select:      

  1. Tools
  2. Internet Options (from drop down menu)
  3. Content (Tab of Internet Options pop-up window)
  4. Certificates (button in middle of Internet Options pop-up window content's tab)
  5. Personal (tab in Certificates' pop-up window)

At least four certificates should be displayed (3 in your name and one called PIV users). All four should have the same expiration date. If there are multiple sets of four, the latest expiration date is the expiration date of your certificates.

 

ICs can track an individual's certificate status

Your IC is able to track the certificate status for individuals in their organization. This information can be helpful when planning appointments with local Lifecycle Work Station (LWS) operators who will be renewing the certificates on site. 

 

The Office of the Chief Information Officer (OCIO) has posted on its website a spreadsheet listing, alphabetically by IC, the names of subscribers along with their SAC or Admin Code, certificate expiration date, and other information that would be helpful to the ICs.  

 

The expiration dates will be posted chronologically and will be added to the list based on a rolling two-year time frame (one year for contractors).

 

To view the Smart Card subscriber spreadsheet, click on: http://smartcard.nih.gov/PKI_subscribers.htm. From there, click on the link found under the first bullet: "NIH Smart Card (PIV) badge holders as of xx/xx/20xx (spreadsheet)."

 

Note: Do not bookmark this latter link ["NIH Smart Card (PIV) badge holders..."] as it is subject to change due to periodic updates.

 

RemoteAll NIH Remote Access Users to be Moved Into Two-Factor VPN Groups 

 
 
The following e-mail message regarding NED and NIH VPN Remote Access went out to the NED AO and AT User community on February 21, 2012:

  

NED AO and AT users,

 

Please review the following CIT communication, especially "What This Means for You."

 

            Remote VPN Users Table from CIT

 
Please note that while NED will only display two-factor VPN groups beginning March 1, the NED VPN authorization process will remain the same. 

 

For information regarding the NED process, please refer to the NED VPN remote access job aid

 

 

ICs and DPSAC Make It Easy to Renew Smart Card Digital Certificates

 

PIV cardholders receive a 'certificate expiration notification' from HHS six (6) weeks prior to the certificate expiration date. These e-mails alert the Cardholder of the impending expiration and provide OPDIV-specific directions on how to get their certificates renewed.

 

Two Options Available to Renew PKI Digital Certificates* 

In the sample notification below, NIH PIV cardholders can select from one of two options to renew their certificates (and reset their PINs):

 

       1.  Make an appointment with their IC's local Lifecycle Work

           Station operator. These operators are trained to renew

           certificates and/or reset PINs and may be located on campus

           or in one of the off-campus Federal buildings. This option is

           usually the most convenient and time saving alternative.

 

       2. Make an appointment to visit one of DPSAC's Badge Issuance

           offices on campus.

 

Sample Certificate Renewal Notification from HHS

HHS sends this notification to NIH holders of the HHS ID Badge (smart card) whose names are stored in the Department's Identity Management System (IDMS).

 

Subject: ACTION REQUIRED: The certificates on your HHS ID Badge must be renewed

 

<Dear *NAME*>

 

You are receiving this e-mail because the PKI digital certificates loaded on your HHS ID Badge are expiring <on *DATE*> and must be renewed. The PKI digital certificates have a shorter lifespan than the expiration date printed on your HHS ID Badge.

 

To renew your digital certificates (and reset your PIN if you've forgotten it), you may choose one of two options:

 

(1)   You can arrange to have your IC renew your certificates locally

       using an on-site Lifecycle Work Station (LWS)

  • Many Institutes and Centers have purchased one or more Lifecycle Work Stations (LWS) so that their staffs can save time and travel by renewing certificates (or resetting PINs) at a convenient nearby location.

To find LWS service near your office or laboratory, go to: 

http://www.ors.od.nih.gov/ser/dpsac/badge/Pages/lifecycle.aspx.

 

 

(2) You can visit an NIH Badge Issuance office

You must be logged into the NIH network to access the appointment scheduler or you may call 301-451-4766 or 301-402-9755.

 

Note: Individuals located at the following remote sites should contact their local Badge Issuance office for a certificate renewal appointment or for PIN resetting:

 

-         Biomedical Research Center, Baltimore, MD

-         NIEHS, Research Triangle Park, NC

-         Rocky Mountain Labs, Hamilton, MT

-         NCI & NIAID, Fort Detrick, Frederick, MD

 

Failure to renew your digital certificates <by *DATE*> will prevent you from sending and receiving encrypted e-mail, digitally signing e-mail or logging into the NIH network remotely using VPN.

 

 

* Public Key Infrastructure (PKI) offers a way to enhance digital security. A simplified explanation of PKI can be found on the Office of the Chief Information Officer website at: http://pki.nih.gov/PKI_101.htm

 

Onsite LWS Units Offer Many Benefits

 

DPSAC News has reported in the past how ICs are benefiting by using LWS units for local PIN resets and certificate renewals. For example, Joe Ford, an LWS operator for the National Library of Medicine, sees approximately 30 NLM staff each week for both PIN resets and certificate renewals. His customers appreciate the convenience and time saved by not having to travel to the Building 31 Badge Issuance office.

 

Ford points out that with the three units on hand, NLM is able to mobilize one or two of the units to visit other NLM offices. This makes the process especially efficient since the LWS operators can arrange group appointments and the HHS ID Badge holders don't have to travel, he adds.

 

Also, the LWS unit that remains on site is available to support walk-ins and last minute tickets.

 

Learning how to operate the LWS took just a couple of hours and the help desk is available by phone to answer questions, Ford noted.

 

Help is Available
Cindy Mair-Jones, who oversees the Lifecycle Work Station help desk, advises LWS users to "feel free to contact the DPSAC help desk at 301-402-9755 if they have questions about their work stations. DPSAC staff can help walk them through their issues."

 

Users clicking on the training aid link posted on the idbadge website  (http://idbadge.nih.gov) will find step-by-step instructions on the use of the LWS for resetting PINs and updating certificates.

 

Mair-Jones points out that LWS users can find lots of helpful information in the installation and training guide CD that came with every workstation.

 

NED Training Schedule for March, 2012

 

The HSPD-12 Program Office continues to offer free NED training for beginners and experienced NED users. Take advantage of this opportunity to quickly master NED in a hands-on computer lab environment.

 

NED for Beginners
    

    Date:      Thursday, March 22, 2012

    Time:      9 a.m. - 12:00 p.m.

    Location: 6120 Executive Blvd., Room 6 (EPS) 

 

 

NED for Advanced Users
    

    Date:      Thursday, March 22, 2012

    Time:      1 p.m. - 4:00 p.m.   

    Location: 6120 Executive Blvd., Room 6 (EPS) 

 

Contact Lanny Newman at newmanl@mail.nih.gov to reserve a space. In your e-mail, provide Lanny with your name and IC and which course you would like to attend. Sign up soon to ensure your place in the class. Seating is limited.

Helpful Tips  

 

ICs prepared to help with PIN resets, certificate renewals -- DPSAC is urging all ICs to reach out to their staffs to use their local LWS resources for PIN resets and certificate updates.

 

 

DO NOT fax e-QIP investigation questionnaires when submitting other required e-QIP paperwork -- Faxing the entire questionnaire (which can run over 60 pages) wastes paper, slows down the investigation process, and ties up the fax machines.

 

If DPSAC staff need to review the questionnaires, they can do so electronically. The most secure and accurate way to transmit the e-QIP attachments is via scanned attachment directly into the e-QIP account. Information on this option is provided in the instructional e-mail that goes out when the e-QIP account is generated.

 

Applicants can also find information on this option under the FAQs on the e-QIP Applicant homepage at: http://www.opm.gov/e-qip/reference.asp

 

Please help NIH and DPSAC conserve resources, time and money.

 

 

Remembering your PIN -- Using your PIN regularly is a good way to help you remember it. Try making it your code for retrieving voicemails or accessing your ATM. The more opportunities you have to use your PIN, the easier it will be to remember.  

 

Also, if your card reader and software are currently installed on your desktop, consider using dual factor authentication now. You'll be computing in a more secure IT environment and, of course, you'll be using your PIN on a regular basis.

 

 

Do not lend your ID badge (smart card) to anyone -- Lending out your smart card (HHS ID Badge) is prohibited. The issuance of the new HHS ID Badge is based on strict identity proofing and the determination of one's suitability for a specific position classification.

 

News Briefs

 

ORS Director and NIH Police Chief Honored at 2011 HHS Departmental Awards Ceremony

 

Dr. Alfred Johnson, Director of the Office of Research Services, and Chief Alvin Hinton, Director of the Division of Police were honored at the 2011 Departmental Awards Ceremony on Tuesday, February 21 held in the Hubert H. Humphrey Building.

 

Dr. Johnson received the 2011 Secretary's Award for Meritorious Service for his "...efforts in developing and implementing an integrated strategic plan for the Office of Research Services while supporting and promoting world-class customer service for the NIH."

 

Chief Hinton received recognition for 50 years of service to the Federal government.

FAQs

 

Q. What is dual- or two-factor authentication?

 

A. WithWith dual- or two-factor authentication, two independent items of

    authentication are used to prove that the individual logging into 

    the NIH network is an authorized user of the system.

  

    The two items used are: (1) something the user has [e.g., the

    smart card (HHS ID Badge) or SecureID token]; and (2) something

    the user knows [e.g., the PIN associated with the smart card (HHS

    ID Badge)].

 

 

 

Q. Once I've updated my certificates or retrieved my old certificates,

     is there anything else I need to do before I can continue to

     receive and read encrypted e-mails?

 

A.  Yes, there are a few additional steps you need to take. To continue

     to receive encrypted e-mail with your new certificates, you must: 

 

         - Publish your new certificate to the Global Address List (GAL).

           See Outlook Configuration Guide published by the Office of the

           Chief Information Officer (OCIO) for instructions; Mac users

           should refer to the Publish to Active Directory (PAD) Guide.

 

          - Make sure the SENDER has updated their local contacts list

            with your new certificates. This can be accomplished by having

            the sender update your contact information from the GAL or by

            sending them a digitally signed e-mail which they would then

            use to update your contact information.

 

You can continue to read old encrypted e-mail even if the certificates that were used to originally encrypt that e-mail have long since expired or been revoked. All that's needed to read the old e-mail is a copy of your previous digital certificate and associated private key.

 

Click here for instructions on how to obtain prior copies of your smart card certificates.

 

For more information about working with certificate updates, visit the OCIO website at: http://www.smartcard.nih.gov/PIV_update.htm#CONFIGURE

 

You may also want to read an article that ran in the August 10, 2011 issue of DPSAC News, on 'Key Recovery.' This article explains how cardholders with valid smart cards/PIV Cards and certificates can log into the HHSIdentity PIV Portal via an HHSNet connection and recover current or expired certificates.  

Safety Corner

 

Basic Personal Defense Course for Women Fills Quickly - NIH Police Accepting Names for Future Classes

 

On February 17, 2012 the NIH Police sent out a notice inviting NIH female employees and contractors to sign up for the Rape Aggression Defense (R.A.D.) Basic Personal Defense System course. The class, described as a "national program of realistic self-defense tactics and techniques taught for women only," filled soon after the notification went out.

 

As a result of the overwhelming response, the NIH Community Policing Office sent out a second notice informing everyone that all classes were filled but that more course dates would be offered in the upcoming months. Individuals who would like to add their name to the wait list for upcoming classes should e-mail Corporal Matthew Catherwood at catherwoodmp@mail.nih.gov or call 301-496-3020.

 

The original NIH Police e-mail describing the R.A.D. system and its goals is reprinted below:

 

In the United States, a rape or sexual assault takes place an average of every 6 minutes. The potential exists for an act of violence to alter a person's life forever. The Community Policing Office of the NIH Police would like to offer the Rape Aggression Defense (R.A.D.) Basic Personal Defense System course to our female employees and contractors within the NIH community.

 

This program is a national program of realistic self-defense tactics and techniques taught for women only. The course will be taught by Corporal Matthew Catherwood of the NIH Police. He is a nationally certified R.A.D. Instructor. There is no cost.

 

The goal of R.A.D. is to provide realistic self-defense options to women, regardless of their level of physical conditioning. Students at all levels of ability, age, experience, and strength will be provided with techniques and information that can be effectively used from the first day of class. R.A.D. is not a martial arts program, nor does it require students to be athletes in training to succeed.

 

The R.A.D. system will provide students with the knowledge to make an educated decision about personal defense. Information is provided on physical and non-physical options, as well as insight into the attacker mindset.

 

In order to receive the full benefits of R.A.D. training, students should attend all four sessions. Registration is required, but attendance at all classes is not mandatory.

 

R.A.D. Course Information

 

Dates:

Wednesday, March 7

Wednesday, March 14

Wednesday, March 21

Wednesday, April 4

 

Time: 5:00 p.m. - 8:00 p.m.

 

Location:     NIH Police Training Office

                     301 North Stonestreet Avenue

                     Rockville, MD 20582

                     (Four blocks from the Rockville Metro Station/Parking is also available)

 

**NO COST TO ENROLL BUT CLASS SIZE IS LIMITED**   THESE CLASSES ARE NOW FILLED

 

Contact Corporal Matthew Catherwood with the NIH Police at 301-496-3020 or catherwoodmp@mail.nih.gov for more information or to register now!

 

Every student receives a manual for reference and practice. Once a student has completed a R.A.D. program, her signed manual becomes a ticket for free lifetime return and practice with any R.A.D. instructor in the U.S. and Canada.

 

The NIH Police are proud to be part of the living national network of R.A.D instructors.*

 

* R.A.D. is the largest network of its kind with over 7,000 instructors. These instructors teach at various colleges, universities, and municipal law enforcement agencies as well as various other community organizations internationally. R.A.D. has trained more than 300,000 women throughout the U.S. and Canada since the program began in 1989.

 

Individuals with disabilities who need Sign Language Interpreters and/or reasonable accommodation to participate in this event should contact Corporal Matthew Catherwood at 301-496-3020 or catherwoodmp@mail.nih.gov and/or the Federal Relay (1-800-877-8339).

A biweekly e-newsletter from the Office of Research Resources, Division of Personnel Security and Access Control (ORS/DPSAC) to keep you informed as NIH rolls out "Homeland Security Presidential Directive 12" (HSPD-12) establishing a common identification standard to better safeguard NIH and its workforce.