Contact Us
Division of Personnel Security and Access Control
Personnel Security
Helpdesk: 301-402-9755
e-QIP: 301-402-9735
Appointment Line: 301-496-0051
E-mail: orspersonnesecurity@
mail.nih.gov
Access Control
Helpdesk: 301-451-4766
E-mail: facilityaccesscontrol@
mail.nih.gov
|
|
|
HHS ID Badge Rollout Scorecard
Here are the most recent NIH badging statistics provided by HHS as of March 2, 2012.
Sponsored: 39,810 Enrolled: 38,891 Issued: 38,523 *
*This figure represents 96.8% of individuals who have been sponsored.
|
Two-factor Authentication Now Required for Remote VPN Access to the NIH Network
As of March 1, 2012, all employees, contractors and affiliates are now required to use two-factor authentication for Virtual Private Network (VPN) remote access. For most individuals, this will mean using their HHS ID Badge (smart card, PIV card) and PIN. However, since NIH doesn't issue PIV cards to all staff requiring VPN remote access, some may need to use a SecurID token.
Those using a smart card will need to have up-to-date PKI digital certificates.*
To read the notification that recently went out to NED AO and AT users to assist them with this transition, click here.
This is an important milestone in the continued implementation of HSPD-12 to protect the NIH workforce, facilities and the data residing on the NIH network.
* Public Key Infrastructure (PKI) offers a way to enhance digital security. A simplified explanation of PKI can be found on the Office of the Chief Information Officer website at: http://pki.nih.gov/PKI_101.htm.
|
Improper Entries in SF-86 'Cohabitant' Field Will Trigger Unnecessary Background Search
The Office of Personnel Management, Federal Investigative Services (OPM-FIS) recently published an advisory warning that some individuals filling out the SF-86 form in their e-QIP application are improperly entering "Relative" information in the 'Cohabitant' section or are improperly providing "Spouse" information in both the "Spouse" AND "Cohabitant" sections of the form.
The SF-86 provides the following instructions regarding a 'cohabitant':
"A cohabitant is a person with whom you share bonds of affection, obligation, or other commitment, as opposed to a person with whom you live with for reasons of convenience (e.g. a roommate). If applicable, complete the following about your cohabitant. If your cohabitant was born outside the U.S., provide citizenship information."
The OPM advisory explains that an applicant should only enter information for a true cohabitant in the cohabitant section of the form. The applicant should not use the cohabitant section to list parents, relatives, or even their spouse with whom they live. A separate section is provided for entering information about a spouse.
The advisory cautions that when the applicant enters information in the cohabitant section of the SF-86, a search of the Security/Suitability Investigations Index (SII) will automatically be triggered to see what investigations might be on file for that individual.
If no background investigations have been completed on that person, OPM will schedule a National Agency Check (NAC). According to OPM, "this causes manual processing by our scheduling staff to ensure we are not conducting additional/unnecessary checks."
"When reviewing investigative submissions in e-QIP, please alert your staff to pay particular attention to this section to ensure (the applicant) does not double-list relative/spouse information in the cohabitant section of the form that is accounted for elsewhere," the advisory concludes.
|
We'd Like To Hear From You
Do you know your PIN (Personal Identification Number) for your HHS ID Badge (smart card)? If you do, or if you don't ... we'd like to hear from you.
Send a simple 'yes' or 'no' reply to: Lanny.Newman@nih.gov. PLEASE, do NOT send your PIN or any personally identifiable information. This is merely an informal poll.
Your response is greatly appreciated.
Note: If you've forgotten your PIN and need to reset it, you can:
(1) contact a Lifecycle Work Station operator in your IC: http://www.ors.od.nih.gov/ser/dpsac/badge/Pages/lifecycle.aspx; or
(2) visit the Badge Issuance office in Building 31, Rm. B1A26, or
Building 10, Room 1C52 (South Lobby). The process should take
less than five minutes. |
NED Training Schedule for March, 2012
The HSPD-12 Program Office continues to offer free NED training for beginners and experienced NED users. Take advantage of this opportunity to quickly master NED in a hands-on computer lab environment. Space is still available for the upcoming March classes.
NED for Beginners
Date: Thursday, March 22, 2012
Time: 9 a.m. - 12:00 p.m.
Location: 6120 Executive Blvd., Room 6 (EPS)
NED for Advanced Users
Date: Thursday, March 22, 2012
Time: 1 p.m. - 4:00 p.m.
Location: 6120 Executive Blvd., Room 6 (EPS)
Contact Lanny Newman at newmanl@mail.nih.gov to reserve a space. In your e-mail, provide Lanny with your name and IC and which course you would like to attend. Sign up soon to ensure your place in the class. Seating is limited.
|
How to Renew Your Smart Card Digital Certificates
HSPD-12 Badge holders receive a 'certificate expiration notification' from HHS six (6) weeks prior to the certificate expiration date. These e-mails alert the cardholder of the impending expiration and provide OPDIV-specific directions on how to get their certificates renewed.
Two Options Available to Renew PKI Digital Certificates*
Most NIH employees and contractors can select from a couple of options to renew their digital certificates (and reset their PIN if they've forgotten it):
(1) They can arrange to have their IC renew their certificates
locally using an on-site Lifecycle Work Station (LWS).
- Many Institutes and Centers have purchased one or more Lifecycle Work Stations (LWS) so that their staffs can save time and travel by renewing certificates (or resetting PINs) at a convenient nearby location.
To find LWS service near your office or laboratory, go to:
http://www.ors.od.nih.gov/ser/dpsac/badge/Pages/lifecycle.aspx.
(2) They can visit an NIH Badge Issuance office
The individual must be logged into the NIH network to access the appointment scheduler or they may call 301-451-4766 or 301-402-9755.
Note: Individuals located at the following remote sites should contact their local Badge Issuance office for a certificate renewal appointment or for PIN resetting:
- Biomedical Research Center, Baltimore, MD
- NIEHS, Research Triangle Park, NC
- Rocky Mountain Labs, Hamilton, MT
- NCI & NIAID, Fort Detrick, Frederick, MD
* Public Key Infrastructure (PKI) offers a way to enhance digital security. A simplified explanation of PKI can be found on the Office of the Chief Information Officer website at: http://pki.nih.gov/PKI_101.htm.
|
Updating Your Digital Certificates - The Rest of the Story
You may think that once you've updated your digital certificates (or retrieved your old certificates) your job is done and you can continue to receive and read encrypted e-mails. Not quite.
To continue reading encrypted e-mail with your new certificates, a couple of additional steps are required.
1. You'll need to publish your new certificate to the Global Address List (GAL). See Outlook Configuration Guide published by the Office of the Chief Information Officer (OCIO) for instructions; Mac users should refer to the Publish to Active Directory Guide.
2. You'll need to make sure the SENDER has updated their local contacts list with your new certificates. This can be accomplished by having the sender update your contact information from the GAL or by sending them a digitally signed e-mail which they would then use to update your contact information.
You can continue to read old encrypted e-mail even if the certificates that were used to originally encrypt that e-mail have long since expired or been revoked. All that's needed to read the old e-mail is a copy of your previous digital certificate and associated private key.
Click here for instructions on how to obtain prior copies of your smart card certificates.
For more information about working with certificate updates, visit the OCIO website at:
http://www.smartcard.nih.gov/PIV_update.htm#CONFIGURE.
Also, the August 10, 2011 issue of DPSAC News includes an article on 'Key Recovery' and explains how cardholders with valid smart cards/PIV Cards and certificates recover current or expired certificates by logging into the HHSIdentity PIV Portal via an HHSNet connection.
|
Helpful Tips
Remembering your PIN -- try using your 6-8 digit PIN as your code for retrieving voicemails. Chances are you'll be more likely to remember your PIN if you use it regularly.
Also, if your card reader and software are currently installed on your desktop, consider using your smart card and PIN for accessing the NIH network now. You'll be computing in a more secure IT environment, and you'll be using your PIN on a regular basis.
Do not lend your HHS ID badge (smart card) to anyone -- lending out your HHS ID Badge (smart card) is prohibited. The issuance of the new HHS ID Badge is based on strict identity proofing and the determination of one's suitability for a specific position classification.
|
News Briefs
e-QIP Version 3.0 Goes Live
OPM recently deployed the new version of the e-QIP application, e-QIP version 3.0, following the successful completion of testing with external system interfaces.
Training materials and job aids are available in the Public Library section of the OPM Secure Portal. To view instructions for locating the job aids on the OPM Portal home page, click here. Also, a Quick Guide is available on the home page.
|
FAQs
Q. We recently found out that the family of one of our contractors
who recently died threw away her badge and parking hanger. I
am trying to locate the amount the IC pays for an HHS ID badge
and whether there is a process to follow so that the IC doesn't
have to continue paying this fee.
A. You are correct that there is a monthly fee of approximately five
dollars that the ICs are assessed on the 10th of each month to
cover the cost of the HHS ID badges issued to their employees,
contractors and affiliates. The IC is charged only for the months
that the staff member's NED record is active, so once the NED
record is deactivated the charges are discontinued.
Note: these badges are government property and should be
returned to NIH once the person leaves the employ of NIH.
Q. What is dual- or two-factor authentication?
A. With dual- or two-factor authentication, two independent items of
authentication are used to prove that the individual logging into
the NIH network is an authorized user of the system.
The two items used are: (1) something the user has [e.g., the
smart card (HHS ID Badge) or SecureID token]; and (2) something
the user knows [e.g., the PIN associated with the smart card (HHS
ID Badge)]. |
Safety Corner
Fire Safety Tips for Using Personal Computers
The Division of the Fire Marshal, Office of Research Services offers these fire safety tips for using personal computers with the hope that they will help prevent injury or the loss of life or property in the workplace and at home.
· Make sure that a multipurpose fire extinguisher (e.g., one rated for ordinary combustibles and electrical fires) is located within a reasonable distance from your personal computer.
· When you leave your personal computer on and unattended, turn off the monitor during your absence. Monitors generate high voltage internally with the potential to start an electrical fire, or even trigger an explosion if the computer is located in a flammable atmosphere (such as one might encounter from a gas leak or from flammable vapors resulting from a chemical spill in a laboratory).
The switch for the monitor is typically found at the bottom of the screen, on the side of the monitor, or in some cases at the rear of the unit.
Turning off the monitor while leaving the computer on will NOT disrupt the computer's operation or compromise data integrity. When you return, simply turn the monitor back on and wait a few seconds for it to warm up.
· Never leave on a personal computer, monitor, or printer with protective dust covers in place. Doing so may cause excessive heat build-up, which can cause hardware failure and potentially result in electrical fires.
· Never place liquids on computer components or other electronic equipment where damage from spills could occur.
· Make sure that your computer's electrical outlet is properly grounded and has a sufficient power rating to handle all the components connected to it.
· Keep backup copies of important data in a remote location (i.e., in another building or in a safe deposit box). This will allow you to restore your data subsequent to a fire or other catastrophic event, rather than experiencing the expense of recovery, or worse, the irreversible loss of data.
If you have questions concerning fire safety tips for personal computers in the workplace or in the home, please contact the Division of the Fire Marshal, Office of Research Services at 301-496-0487. |
A biweekly e-newsletter from the Office of Research Resources, Division of Personnel Security and Access Control (ORS/DPSAC) to keep you informed as NIH rolls out "Homeland Security Presidential Directive 12" (HSPD-12) establishing a common identification standard to better safeguard NIH and its workforce. |
|
|
|