HHS ID Badge Rollout Scorecard

Here are the most recent NIH badging statistics provided by HHS as of June 22, 2012.  

Sponsored: 40,034    Enrolled: 38,886   Issued: 38,383*

*This figure represents 95.9% of individuals who have been sponsored.

Exemptions to Mandatory HHS ID Badge & PIN Login to ITAS

Some ITAS users will be granted an exemption to the ITAS smart card login requirement. Exemptions fall into five categories:

1. Users who will not be issued an HHS ID Badge (PIV card) such as OCONUS and Summer students.
2. Users who are unable to use an HHS ID Badge (PIV card) such as individuals who may be physically unable to operate a card reader and PIN pad.
3. Users who are temporarily unable to use an HHS ID Badge (PIV card) such as individuals who are waiting for their HHS ID Badge to be issued, or have a lost, broken or stolen HHS ID Badge.
4. Users who do not have access to a government-furnished computer running Windows, such as Apple computer users.
5. Users who are unable to resolve issues with their HHS ID Badge (PIV card) in the timeframe available for the temporary access such as individuals who have issues while on extended travel.

To request an exemption based on one of the criteria above, individuals should contact the NIH IT Service Desk at 301-496-4357 or submit a ticket online at: http://itservicedesk.nih.gov/support.     

e-QIP 3.0 Enhancements: Golden Questions

Effective June 24, 2012, e-QIP users are no longer required to answer 'Golden Questions' to access the e-QIP system. In place of the Golden Questions, e-QIP users will now enter a username and password.  

All users who have not completed the e-QIP process prior to June 24, 2012 will be required to register an account with the e-QIP system. During the initial registration process, users will be required to enter their Social Security Number and answer three Golden Questions to confirm their identity.*

Users will then be prompted to create a user name and password. Users will also have the ability to create "Challenge Questions" that will be prompted if the user forgets his/her password.  

* The Golden Questions created in e-QIP v. 3.0 are used only during the initial registration process. Previously, the applicant would have been required to answer these questions every time s/he logged into the system. With version 3.0, once the user has registered, login will require only a username and password.

Signed e-QIP Signature Pages Now Required Before an HHS ID Badge Will be Issued

Now any new NIH employee, contractor or affiliate who needs a background investigation (i.e., who does not have a completed investigation on file) will need to complete e-QIP and submit the e-QIP signature pages to DPSAC prior to their HHS ID Badge being issued.

If the NED status field reads "Waiting for DPSAC to Review Fingerprints," the individual must complete their e-QIP forms and turn in their signature pages to DPSAC before the badge will be authorized for issuance.

Once an AO (or applicant) becomes aware of this status, s/he should contact: the DPSAC Helpdesk (ORSPersonnelSecurity@mail.nih.gov or 301-402-9755) as this message indicates that the e-QIP forms have not been received.  

Do not contact the NIH Service Desk. Only DPSAC will know whether the e-QIP forms have been completed and turned in.

Please contact the DPSAC Helpdesk at 301-402-9755 if you have questions about the status of an applicant's badge.

The HSPD-12 Program Office continues to offer free NED training for beginners and experienced NED users. Take this opportunity to quickly master NED in a hands-on computer lab environment. 

NED for Beginners     

NED for Advanced Users     

Contact Lanny Newman at newmanl@mail.nih.gov to reserve a space. In your e-mail, provide Lanny with your name and IC and which course you would like to attend.  

Two-factor authentication defined -- two independent items of authentication are used to prove that the individual logging into the NIH network is an authorized user of the system.

The two items used are: (1) something the user has [e.g., the smart card (HHS ID Badge)]; and (2) something the user knows [e.g., the PIN associated with the smart card (HHS ID Badge)].

FAQs  

Q.  If I'm using my HHS ID Badge to log in to my computer, can I remove my badge from the card reader once I've completed logging in?  

A.  Yes. Once you are finished logging in, you may remove your HHS ID Badge. You do not need to leave it in the reader at all times. You should be aware, however, that the computer will lock you out after 10 minutes of inactivity. If this occurs, you must reinsert the card and log in again.  

DPSAC encourages everyone logging in with their HHS ID Badge to remove their badge from the card reader and put it back in the card holder once they have successfully logged in. This not only improves security at the desktop, but also helps ensure that when you leave for the day, you will have your HHS ID Badge to get you back on campus the following day.

Eventually, all employees, contractors and affiliates will be required to log in using their HHS ID Badge (PIV Card) and PIN. Once that occurs, login with username and password will not be possible.

MORE FAQs

More FAQs are can be found in the 'Smart Card Login FAQs' guide posted at:http://www.ors.od.nih.gov/ser/dpsac/Pages/Continued-Implementation-of-HSPD-12.aspx

• Overall Smart Card Login  
• Digital Certificates 
• Technical and Computer Issue 
• Logging into ITAS with Smart Card (HHS ID Badge) and PIN 

Overall Smart Card Login

Q: How do I log in to my computer with my HHS ID Badge (PIV card)?

A: To log in with your HHS ID Badge (PIV card), insert your HHS ID Badge into your smart card reader at the login screen to your desktop, and enter your six - eight digit Personal Identification Number (PIN) when prompted to do so.  

For step-by-step instructions on how to log in with a smart card, reference the "How to Log in" guides at: http://www.ors.od.nih.gov/ser/dpsac/Pages/Continued-Implementation-of-HSPD-12.aspx. 

Q: What will I need to log in with an HHS ID Badge (PIV card)?

A: To log in, you must have:

• Your HHS ID Badge
• A smart card reader connected to your computer
• Your PIN for your HHS ID Badge
• Active (not expired) digital certificates

You might also need: 

• Software that allows your computer to read and use the digital certificates on your HHS ID Badge

For more information about each of these items, reference the "Quick Reference Guide" at: http://www.ors.od.nih.gov/ser/dpsac/Pages/Continued-Implementation-of-HSPD-12.aspx.

Q: What happens to my username and password?

A: At this time, you must maintain your username and password. Do not let your password expire!  

While NIH is transitioning to smart card login, your username and password are still needed to access many NIH systems. Also, at this time, if you let your password expire you will not be able to log in with your HHS ID Badge and PIN.

Digital Certificates

Q: What are active digital certificates?

A: The gold chip on your HHS ID Badge stores your digital certificates, including the Authentication Key that allows you to log in. To work, the Authentication Key must be active (as in, not expired).

Q: What do digital certificates allow me to do?

A: Digital certificates allow systems to validate who you are and authenticate you as a user. They will also allow you to send and receive encrypted e-mails and digitally sign e-mails.

Q: When do my digital certificates expire?

A: Digital certificates expire every 1 - 2.5 years depending on your affiliation with NIH. They may expire earlier than the expiration date printed on your HHS ID Badge.

Q: Is there a way to check the expiration date of my digital certificates?

A: You can check the status of your digital certificates by visiting http://testmysmartcard.nih.gov. When you are asked to select a digital certificate, the properties of the certificate will display the expiration date.

If you need help, please contact the NIH IT Service Desk at 301-496-4357. They can guide you through the steps to check the status of your digital certificates.

Q: I have multiple digital certificates. Do they have different expiration dates?

A: No. All your digital certificates have the same expiration date. When you renew your certificates, all of them will be renewed.

Q: When I log in to ITAS or other applications through NIH Login, I am prompted to "Select a digital certificate" before entering my PIN. Which certificate should I select?

A: Steps on how to select the correct digital certificate for smart card authentication are located on pages 3 and 4 (steps 4-6) of the following document: https://itrusteauth.nih.gov/CertAuth/UsingSmartCardsWithNIHLogin.pdf.

Technical and Computer Issues

Q: Does my computer need to be reconfigured by IT?

A: Your computer does not need to be reconfigured, but you may need to install the smart card reader or the software (e.g., ActivIdentity® ActivClient™) that allows your computer to read and use the digital certificates on your HHS ID Badge. You do not need to be without your computer. Please contact the NIH IT Service Desk at 301-496-4357 for help with these installations.

Q: If I get locked out of my computer and cannot log in, where do I go for help?

A: Please contact the NIH IT Service Desk at 301-496-4357.

Q: What if my HHS ID badge is lost or stolen?

A: Please contact your AO who must submit a new badge request, via the NIH Enterprise Directory (NED), to the Division of Personnel Security and Access Control (DPSAC), which oversees badge issuance.

Q: What happens if I leave my HHS ID Badge at home or I accidentally leave my badge in my card reader overnight?

A: If you leave your HHS ID Badge at home or forget to take your HHS ID Badge with you when you leave for the day, you will need to go through the NIH Gateway Visitors' Center to enter the NIH campus. You will need to call the NIH IT Service Desk at 301-496-4357 to be granted access to the NIH network.

Q: While I wait for a new HHS ID Badge, how will I log in to my computer?

A: Please call the NIH IT Service Desk at 301-496-4357 to be granted access to the NIH Network.

Q: What if my HHS ID Badge breaks or stops working?

A: You will need to take your broken HHS ID Badge to a Badge Issuance Station.  

• On-campus DPSAC support: http://www.ors.od.nih.gov/ser/dpsac/about/Pages/hours.aspx;   

• Remote location support: http://www.ors.od.nih.gov/ser/dpsac/resources/Pages/satellite.aspx 

Smart Card (HHS ID Badge)/PIN Login to ITAS   

Q. Will Mac users be required to use smart card login for ITAS?

A. While NIH is not requiring smart card login from Macs on the June 18 date, some ICs are choosing to include their Macs in the June deploy- ment. We expect that all Mac users will have to meet this HHS requirement in the near future. 

Q. Are only Federal employees affected?

A. No. All ITAS users who have an HHS ID Badge (e.g., contractors who hold Timekeeper roles in ITAS) will need their HHS ID Badge and PIN to log in.

Enjoy Fireworks the Safe Way - at a Public Display

The following fire safety awareness article was prepared by the Division of the Fire Marshal, Office of Research Services (ORS)

The American tradition of parades, cookouts and fireworks helps us celebrate our nation's birthday on the Fourth of July. However, a joyful holiday can turn into a painful memory when children or adults are injured while using fireworks.

Although some fireworks are relatively safe with proper and careful use, others are illegal and present substantial risks that can result in damage to property and, more importantly, cause ear and eye injuries, amputations, severe burns and death. In fact, according to the National Institute on Deafness and Other Communication Disorders (NIDCD), firecrackers experienced at close range can damage hearing permanently in an instant.

The Division of Fire Marshal (DFM), ORS, urges everyone to put safety first when celebrating this Fourth of July. When using fireworks, things can go wrong very fast. Children, especially, can be injured quickly. Kids typically not only like to watch, but they also want to touch, feel and light the fireworks.

Rather than incurring any risks, the DFM urges you to celebrate and enjoy the holiday without lighting your own fireworks. Instead, attend one of the many public fireworks displays provided throughout the area. At these displays, certified and licensed pyrotechnicians are trained and experienced in the safe use of fireworks and will provide a safe, yet exciting show.

The following tips should help make a public fireworks display safer and more enjoyable:

• Stay far away from where the fireworks are exploding and wear earplugs if the noises are uncomfortably loud.

• Obey all monitors and ushers and respect the safety barriers established that allow the trained pyrotechnicians room to safely do their job. Resist any temptation to get close to the actual firing site. In fact, the best view of fireworks is from a quarter mile or more away.

• If unexploded fireworks fall to the ground, do not touch them and keep others away. If you happen to find any pieces which may not have exploded, immediately contact the local fire or police department.

• Pets, like their human companions, have very sensitive ears and the "booms" and "bangs" associated with fireworks displays can be quite uncomfortable - particularly to dogs. In fact, these loud noises can damage their ears too. Leave pets at home if you attend a fireworks show.

• Leave the lighting of all fireworks to certified operators. Even sparklers and other novelty items that are legal in certain jurisdictions can be dangerous. Enjoy the "Fourth" safely and attend a public display - it will provide the right kind of excitement!

If you have questions concerning fireworks safety, please contact the Division of the Fire Marshal, ORS at 301-496-0487. For hearing concerns, contact the NIDCD Office of Health Communication and Public Liaison at 301-496-7243.