HHS ID Badge Rollout Scorecard

Here are the most recent NIH badging statistics provided by HHS as of May 11, 2012.  

Sponsored: 40,112    Enrolled: 39,049   Issued: 38,631*

*This figure represents 96.3% of individuals who have been sponsored.

June 18, 2012 Deadline Fast Approaching for Mandatory HHS ID Badge Smart Card & PIN Login to ITAS

As reported in a recent issue of DPSAC News, starting June 18, 2012, NIH will transition to mandatory use of the HHS ID Badge smart card and PIN (two-factor authentication) for everyone logging into the Integrated Time and Attendance System (ITAS). Logging into ITAS with a username and password will no longer be available to Windows users following this deadline.

Over 1,200 ORS staff recently participated in a pilot to test 'smart card login' with their HHS ID Badge and PIN. ORS's Information Technology Branch (ITB) reported few difficulties with the transition, with only a handful of individuals needing either smart card software updates, PIN resets or HHS ID Badge certificate renewals.  

The NIH is conducting additional pilot rollouts with the Office of the Chief Information Officer (OCIO) and the Center for Information Technology (CIT) to continue the learning process from the ORS pilot.  Lessons learned and best practices from these pilots will be shared with ICs to provide guidance on how best to introduce smart card login with the HHS ID Badge and PIN to the whole of NIH with as little inconvenience and interruption of work as possible.  

Note: the NIH has set a tentative deadline of March 29, 2013 to require all NIH employees, contractors and affiliates to use their HHS ID Badge smart card and PIN to access the NIH network on computers that run Windows.

Transitioning to a login policy that replaces username/password login with HHS ID Badge smart card/PIN login at NIH is part of the Federal government's continued implementation of HSPD-12 to safeguard the Federal community, information, systems, and facilities through identity certification and access management.

HHS Notifying Badge Holders to Renew their Digital Certificates    

To help ensure that everyone who needs to use their HHS ID Badge to access ITAS on June 18 can do so, the Department has begun notifying those with expiring digital certificates on their smart cards (HHS ID Badges) to contact their local Lifecycle Work Station operator to have their 'certs' renewed.

A directory of LWS operators is posted on the DPSAC website at: http://www.ors.od.nih.gov/ser/dpsac/badge/Pages/lifecycle.aspx.

ORS Adds Resources to Renew 'Cert' & Reset PINs     

The Office of Research Services (ORS) is working to acquire additional resources to assist individuals who need to renew their digital certificates and/or reset their PINs. As these resources become available, ORS will begin to communicate their availability to NIH ICs.

Most recently, ORS placed an LWS operator on site in Building 31, Room 1B37 for the sole purpose of renewing certificates or resetting PINs for anyone needing these services. Employees, contractors and affiliates can drop in at this location between the hours of 8:00 a.m. - 5:00 p.m. 

The June 18, 2012 ITAS deadline will be here soon. The HSPD-12 Program Office, DPSAC, the NED Team, the OCIO, and ORS are working together to make sure that this transition proceeds smoothly and with minimal inconvenience to the ICs and their employees.

See the FAQ section below for some common questions regarding the upcoming transition to two-factor authentication for ITAS login.  

If you have any questions, please feel free to contact the HSPD-12 Program Office at HSPD-12@mail.nih.gov.  

CIT Launches Site to Test HHS ID Badge Smart Cards

The Center for Information Technology (CIT) has created a simple test site that allows people to try smart card login through a simulated iTtrust (NIH Login) page. You can confirm your PIN and check if your digital certificates on your HHS ID Badge are working. Visit the test site at: http://testmysmartcard.nih.gov.  

The testing process will also help individuals identify any issues with their smart card reader or the configuration of their computer.  

If an individual has forgotten their PIN or has expired certificates, they should arrange a visit with a Lifecycle Workstation (LWS) operator. All other issues should be reported to the NIH IT Service Desk. 

The HSPD-12 Program Office continues to offer free NED training for beginners and experienced NED users. Take this opportunity to quickly master NED in a hands-on computer lab environment. 

NED for Beginners     

    Date:      Tuesday, May 22, 2012

    Time:      9:00 a.m. - 12:00 p.m.

    Location: Building 12, Room B51

NED for Advanced Users     

Contact Lanny Newman at newmanl@mail.nih.gov to reserve a space. In your e-mail, provide Lanny with your name and IC and which course you would like to attend. 

Tools to Help You Implement HSPD-12

Want to find out more about how you can prepare for the transition to two-factor authentication for logging into your computer and the NIH network?      

Visit: http://www.ors.od.nih.gov/ser/dpsac/Pages/Continued-Implementation-of-HSPD-12.aspx.   

There, you'll find a collection of tools and easy-to-use 'Get Smart Card Ready' guides on how to log in with an HHS ID Badge and PIN. Materials will be added to the site as they become available.   

 Two-factor authentication defined: Two independent items of authentication are used to prove that the individual logging into the NIH network is an authorized user of the system.

The two items used are: (1) something the user has [e.g., the smart card (HHS ID Badge) or SecureID token]; and (2) something the user knows [e.g., the PIN associated with the smart card (HHS ID Badge)].

FAQs

Answers to some common questions about smart card (HHS ID Badge)/PIN login to ITAS:

Q. Will Blackberry users still be able to log into ITAS?

A. Yes. ITAS will continue to support username/password login on Blackberry devices.

Q. Are only Federal employees affected?

A. No. All ITAS users who have an HHS ID Badge (e.g., contractors who hold Timekeeper roles in ITAS) will need their HHS ID Badge and PIN to log in.

Q. What happens if a user requires access to ITAS but cannot successfully log in with their HHS ID Badge and PIN?

A. A temporary exemption process is under development to enable access if an individual has a legitimate reason for not being able to access ITAS by smart card login.

                                           ___

Q. In terms of logging into ITAS and the looming deadline for Federal employees having to use their smart card (HHS ID Badge), what will be the protocol for employees that don't have their HHS ID Badge yet?

A. For employees who don't yet have their HHS ID Badge, their ITAS coordinator will need to perform whatever tasks are necessary for that individual. Once the individual has been issued their badge, s/he will be able to enter ITAS information on their own.

Please note: Individuals with disabilities and individuals whose duty station is abroad are exempt from this requirement. No other exceptions will be considered since there will always be someone (an ITAS coordinator or alternate) who will be able to perform these tasks on the person's behalf.

Q. I'm part of the ORS pilot that is required to use my HHS ID Badge and PIN to login to my computer and the NIH network. When I received notification that my password was about to expire and that I should renew it, I ignored the message thinking I wouldn't be needing my password anymore. When my password did expire, however, I found that I was locked out of my computer. What's going on?

A. Everyone who is transitioning away from username/password to HHS ID Badge smart card/PIN login will still need to update their password when they receive an e-mail notification that their password is about to expire. Otherwise, they will be locked out of their computer until they have updated their password, even though they may not be using their password for login.

Once the individual has updated their password, they will be able to log in with their HHS ID Badge and PIN. Everyone will need to continue to update their expiring password for the time being.

Q. How long will this password requirement last before it is discontinued?

A. According to the Office of the Chief Information Officer, as long NIH continues to use username/password authentication with Active Directory (AD), the password change policy will apply. AD will not allow you to login to a computer (with or without a PIV card) if your password is expired. This policy is expected to remain in effect for at least 2 more years.

Q. I know that the digital certificates in my HHS ID Badge smart card are up to date, but when I try to log in to the NIH network nothing happens. Any suggestions?

A. Yes. You should first try to log in using another computer and card reader. If you are able to log on successfully, it's likely that your card reader is broken or dirty. Your IC's IT department should be able to provide you with a new card reader.  

If you're still unable to log in, you should stop by the DPSAC Badging office where a badge issuer can diagnose the problem. If your badge is broken, you will be issued a new one.