HHS ID Badge Rollout Scorecard

Here are the most recent NIH badging statistics provided by HHS as of May 25, 2012.  

Sponsored: 40,190    Enrolled: 39,063   Issued: 38,608*

*This figure represents 96.1% of individuals who have been sponsored.

Get Ready - Mandatory HHS ID Badge Smart Card & PIN Login to ITAS Starts June 18, 2012 

Starting June 18, 2012, NIH will transition to mandatory use of the HHS ID Badge smart card and PIN (two-factor authentication) for everyone logging into the Integrated Time and Attendance System (ITAS). Logging into ITAS with a username and password will no longer be available to Windows users following this deadline.

This change in login policy is part of the Federal government's continued implementation of HSPD-12 to safeguard the Federal community, information, systems and facilities through identity certification and access management.

With the changeover less than three weeks away, anyone needing to renew their certificates and/or reset their PIN must act quickly to ensure that they will be able to log into ITAS when the deadline arrives.   

A directory of LWS operators is posted on the DPSAC website at: http://www.ors.od.nih.gov/ser/dpsac/badge/Pages/lifecycle.aspx.

See the FAQ section for some common questions regarding the upcoming transition to two-factor authentication for ITAS login.  

If you have any questions, please feel free to contact the HSPD-12 Program Office at HSPD-12@mail.nih.gov.      

Online Table of Expiring Digital Certificates Now Viewable Only by ISSOs

The directory that shows digital certificate expiration dates by IC has moved. These files, which were previously accessible to anyone who could log into http://smartcard.nih.gov/PKI_subscribers are now viewable online only by ISSOs. The move was prompted to protect the data from the potential of cyber attacks.   

AOs/ATs requesting this information from their IC's ISSO are asked to be patient since some ISSOs may not be able to login to SharePoint and respond the same day.

A version of this report will also be made available to the IC HSPD-12 Implementation Points of Contact on the team SharePoint site.

CIT Launches Site to Test HHS ID Badge Smart Cards

The Center for Information Technology (CIT) has created a simple test site that allows people to try smart card login through a simulated iTtrust (NIH Login) page. You can confirm your PIN and check if your digital certificates on your HHS ID Badge are working. Visit the test site at: http://testmysmartcard.nih.gov.  

The testing process will also help individuals identify any issues with their smart card reader or the configuration of their computer.  

If an individual has forgotten their PIN or has expired certificates, they should arrange a visit with a Lifecycle Workstation (LWS) operator. All other issues should be reported to the NIH IT Service Desk. 

Legacy Badges Instead of HHS ID Badges for NIH Workers Ineligible for Social Security Numbers

DPSAC reports seeing an increase in the number of individuals who are ineligible for a social security number due to a variety of work visa situations. In these cases, the individual does not qualify for, nor should they have been be issued an HHS ID Badge (PIV card).

According to DPSAC, individuals ineligible for a social security number who have been issued an HHS ID Badge will need to replace their HHS ID Badge with an NIH legacy badge. If these individuals need logical access, they will need to work with their AO.  

DPSAC wants the Administrative Community to understand that individuals who don't have a social security number cannot have a background investigation; and, without a background investigation, these individuals cannot be issued or possess a PIV card (HHS ID Badge). This policy is cited in FIPS-201-1.

DPSAC is currently in the process of deactivating HHS ID Badges (PIV cards) for those who do not have a social security number in NED. Also, the PIV cards (HHS ID Badges) cannot be re-activated without a social security number and background investigation.

The NIH is changing the way NED interfaces with other systems in order to be compliant with Homeland Security directives. Effective June 11, 2012, NED will no longer receive updates and NED records will no longer be auto-deactivated by other systems such as Human Resources Database (HRDB), Fellowship Payment System (FPS2), and the Division of International Service's fsaAtlas (database for foreign visiting scientists, fellows, guests and volunteers).  

When the connector is disabled, the not-to-exceed (NTE) date will be cleared on NED records that are "linked" to an authoritative source.

(Note: The NED system will continue to auto-de-register NED records based on the NTE date. This process runs at 6:00 AM the morning following the NTE date.)

Prompt deactivation of NED records important  

It is especially important to promptly deactivate NED records to remove facility and computer system access by staff separated from NIH.

The data fields affected by this change are: gender, social security number, city of birth, state of birth, date of birth, country of birth, US Citizen, classification, institute or center (IC), SAC code, home address, EOD date, and NTE date. These fields that were once mastered by an authoritative source can be changed via an Update or Transfer task in NED. Any changes to these fields in HRDB, FPS2, or fsaAtlas, will require a separate update to the NED record.

The process change is part of a NED corrective action plan to ensure compliance with HSPD-12 and FIPS 201-1 (PIV) mandates.  

It is especially important to promptly deactivate NED records to remove facility and computer system access by staff separated from NIH.

In addition to improving data integrity, timeliness, and tracking, this process change will also facilitate Division of Personnel Security and Access Control's (DPSAC's) conduct of mandatory background investigations and performance of related security and access control functions.    

Do not lend your HHS ID Badge (smart card) to anyone -- lending out your HHS ID Badge (smart card) is prohibited. The issuance of the new HHS ID Badge is based on strict identity proofing and the determination of one's suitability for a specific position classification.

Two-factor authentication defined -- two independent items of authentication are used to prove that the individual logging into the NIH network is an authorized user of the system.

The two items used are: (1) something the user has [e.g., the smart card (HHS ID Badge) or SecureID token]; and (2) something the user knows [e.g., the PIN associated with the smart card (HHS ID Badge)].

FAQs

Answers to some common questions about smart card (HHS ID Badge)/PIN login to ITAS:

Q. Will Mac users be required to use smart card login for ITAS?

A. While NIH is not requiring smart card login from Macs on the June 18 date, some ICs may choose to include their Macs in the June deployment.   We expect that all Mac users will have to meet this HHS requirement in the near future. 

Q. Will Blackberry users still be able to log into ITAS?

A. Yes. ITAS will continue to support username/password login on Blackberry devices.

Q. Are only Federal employees affected?

A. No. All ITAS users who have an HHS ID Badge (e.g., contractors who hold Timekeeper roles in ITAS) will need their HHS ID Badge and PIN to log in.

Q. What happens if a user requires access to ITAS but cannot successfully log in with their HHS ID Badge and PIN?

A. A temporary exemption process is under development to enable access if an individual has a legitimate reason for not being able to access ITAS by smart card login.

                                           _____

Other FAQs 

Q. I have a Summer Student who will be converted to Special Volunteer. In his case, his Summer Student badge will be deactivated automatically because of his Summer Student status (not longer than 6 months). His Special Volunteer appointment will remain active through December 2012. My question is, will he need a new registration?   

A. When his Summer Student badge is deactivated this September, his NED classification should be updated to Special Volunteer (less than 6 months).  This will not require position information and will authorize another legacy badge.   

Q. A Special Volunteer will be converted to Summer Student. Should I update his job position or leave it as it is.   

A. Converting someone to a Summer Student will automatically select the appropriate background check.  Feel free to make the change. Remember, a Summer Student badge expires September 30 of the year in which it was issued.  

Q. I'm hoping you can help. One of our employees recently notified me that he had accidentally deleted an e-mail notifying him that his badge was expiring. Would you please re-send this notification?

A. The notification you reference is generated automatically, so it cannot be resent. Unfortunately, since this individual's badge expires today, it cannot be renewed. There was a renewal task in the system for him, but it was terminated three weeks ago. At this point, in order to procure a new badge for this person, his AO will have to revoke the current badge and request a new one in NED via: Manage Services/Modify in NED.

Q. In terms of logging into ITAS and the looming deadline for Federal employees having to use their smart card (HHS ID Badge), what will be the protocol for employees that don't have their HHS ID Badge yet?

A. Anyone who does not have an HHS ID Badge will be exempt from these requirements until their badge is issued.

Please note: Individuals with disabilities and individuals whose duty station is abroad are exempt from this requirement. No other exceptions will be considered since there will always be someone (an ITAS coordinator or alternate) who will be able to perform these tasks on the person's behalf.