DPSAC News Header

June 27, 2012 issue of the DPSAC NEWS

In This Issue
HHS ID Badge Rollout Scorecard
Just Five More Days Before Mandatory HHS ID Badge & PIN Login to ITAS
Exemptions to Mandatory HHS ID Badge & PIN Login to ITAS
No Signed e-QIP Signature Pages Means No HHS ID Badge!
NED Training Schedule for July and September
Helpful Tips
News Briefs



Contact Us


Division of Personnel Security and Access Control


Personnel Security 

Helpdesk: 301-402-9755

e-QIP: 301-402-9735

Appointment Line: 301-496-0051

E-mail: orspersonnesecurity@ 



Access Control

Helpdesk: 301-451-4766

E-mail: facilityaccesscontrol@ 


 DHHS Logo gif   NIH Logo gif    ORS jpg


HHS ID Badge Rollout Scorecard


Here are the most recent NIH badging statistics provided by HHS as of June 22, 2012.  


Sponsored: 40,034    Enrolled: 38,886   Issued: 38,383*


*This figure represents 95.9% of individuals who have been sponsored.



NIH Ready to Launch New ITAS Login Process Requiring PIN and HHS ID Badge

The Integrated Time and Attendance System (ITAS) transition to smart card login will go live on the evening of July 2, 2012. Starting on July 3, ITAS users will need to log in with their PIV card (aka HHS ID Badge or smart card) and Personal Identification Number (PIN) instead of their username and password.     


Try Logging in BEFORE ITAS Friday! 
To avoid any surprises after July 2, try logging in now with your PIV card. In the event issues arise, you will have an opportunity to resolve them before you need to conduct business in ITAS.

If you cannot access ITAS, you will not be able to enter leave requests, sign in or out for credit hours or overtime, verify your time card before it is sent for payroll, and approve leave or time cards.


If you have any issues logging in, please contact the NIH IT Service Desk at 301-496-4357 or submit a ticket via: http://itservicedesk.nih.gov/support

Exemptions to Mandatory HHS ID Badge & PIN Login to ITAS


Some ITAS users will be granted an exemption to the ITAS smart card login requirement. Exemptions fall into five categories:

  1. Users who will not be issued an HHS ID Badge (PIV card) such as OCONUS and Summer students.
  2. Users who are unable to use an HHS ID Badge (PIV card) such as individuals who may be physically unable to operate a card reader and PIN pad.
  3. Users who are temporarily unable to use an HHS ID Badge (PIV card) such as individuals who are waiting for their HHS ID Badge to be issued, or have a lost, broken or stolen HHS ID Badge.
  4. Users who do not have access to a government-furnished computer running Windows, such as Apple computer users.
  5. Users who are unable to resolve issues with their HHS ID Badge (PIV card) in the timeframe available for the temporary access such as individuals who have issues while on extended travel.

To request an exemption based on one of the criteria above, individuals should contact the NIH IT Service Desk at 301-496-4357 or submit a ticket online at: http://itservicedesk.nih.gov/support.     


e-QIP 3.0 Enhancements: Golden Questions


Effective June 24, 2012, e-QIP users are no longer required to answer 'Golden Questions' to access the e-QIP system. In place of the Golden Questions, e-QIP users will now enter a username and password.  


All users who have not completed the e-QIP process prior to June 24, 2012 will be required to register an account with the e-QIP system. During the initial registration process, users will be required to enter their Social Security Number and answer three Golden Questions to confirm their identity.*


Users will then be prompted to create a user name and password. Users will also have the ability to create "Challenge Questions" that will be prompted if the user forgets his/her password.  


* The Golden Questions created in e-QIP v. 3.0 are used only during the initial registration process. Previously, the applicant would have been required to answer these questions every time s/he logged into the system. With version 3.0, once the user has registered, login will require only a username and password.


Signed e-QIP Signature Pages Now Required Before an HHS ID Badge Will be Issued


Now any new NIH employee, contractor or affiliate who needs a background investigation (i.e., who does not have a completed investigation on file) will need to complete e-QIP and submit the e-QIP signature pages to DPSAC prior to their HHS ID Badge being issued.


If the NED status field reads "Waiting for DPSAC to Review Fingerprints," the individual must complete their e-QIP forms and turn in their signature pages to DPSAC before the badge will be authorized for issuance.


Once an AO (or applicant) becomes aware of this status, s/he should contact: the DPSAC Helpdesk ([email protected] or 301-402-9755) as this message indicates that the e-QIP forms have not been received.  


Do not contact the NIH Service Desk. Only DPSAC will know whether the e-QIP forms have been completed and turned in.


Please contact the DPSAC Helpdesk at 301-402-9755 if you have questions about the status of an applicant's badge.


NED Training Schedule for July and September   

Computer classroomThe HSPD-12 Program Office continues to offer free NED training for beginners and experienced NED users. Take this opportunity to quickly master NED in a hands-on computer lab environment. 



NED for Beginners     


    Date:      Wednesday, July 25, 2012
    Time:      9:00 a.m. - 12:00 p.m.
    Location: 6120 Executive Blvd, Room 8 

    Date:      Friday, September 14, 2012
    Time:      9:00 a.m. - 12:00 p.m.
    Location: Building 12A, Room B51

NED for Advanced Users     


    Date:      Wednesday, July 25, 2012

    Time:      1:00 p.m. - 4:00 p.m.
    Location: 6120 Executive Blvd, Room 8

    Date:      Friday, September 14, 2012
    Time:      1:00 p.m. - 4:00 p.m.
    Location: Building 12A, Room B51


Contact Lanny Newman at [email protected] to reserve a space. In your e-mail, provide Lanny with your name and IC and which course you would like to attend.  


Helpful Tips 


Tools to help you implement HSPD-12 -- visit http://www.ors. od.nih.gov/ser/dpsac/Pages/Continued-Implementation-of-HSPD-12.aspx to find tools and easy-to-use guides on two-factor authentication using your HHS ID Badge and PIN. Materials will be added to the site as they become available.


ICs are responsible for ensuring their staff have card readers -- individuals should contact the NIH IT Service Desk to request a card reader. The Service Desk will create a ticket and route it back to the IC. Should an IC want the ticket to be routed back to a specific point of contact, they can indicate so on their instructions.


Your PIN - set it but don't forget it -- The Personal Identification Number (PIN) you selected when you were issued your PIV card is good for life - unless you forget it! Unlike your password, your PIN does not expire. Your PIN can be reset with assistance from a Lifecycle Workstation (LWS) Operator. You can conveniently reset your PIN "on site" rather than making a trip to a badge issuance station. Find an LWS near you by visiting: http://www.ors.od.nih.gov/ser/dpsac/badge/Pages/lifecycle.aspx.  


ICs that want to add LWS operators to the approved roster -- send a written request to Richie Taffet at [email protected]. Once he has approved the request, he will forward the name to [email protected] to complete the approval process, add the name to the LWS operator roster, and inform the IC that the individual is now approved to operate the IC's LWS.


Keep your passwords up to date!  -- Everyone transitioning away from username/password to HHS ID Badge smart card/PIN login will still need to update their password when they receive an e-mail notice that their password is about to expire. Otherwise, they will be locked out of their computer until they have updated their password, even though they may not be using their password for login.

authenticTwo-factor authentication defined -- two independent items of authentication are used to prove that the individual logging into the NIH network is an authorized user of the system.


The two items used are: (1) something the user has [e.g., the smart card (HHS ID Badge)]; and (2) something the user knows [e.g., the PIN associated with the smart card (HHS ID Badge)].



           Question Mark in Blue



Q.  If I'm using my HHS ID Badge to log in to my computer, can I remove my badge from the card reader once I've completed logging in?  


A.  Yes. Once you are finished logging in, you may remove your HHS ID Badge. You do not need to leave it in the reader at all times. You should be aware, however, that the computer will lock you out after 10 minutes of inactivity. If this occurs, you must reinsert the card and log in again.  


DPSAC encourages everyone logging in with their HHS ID Badge to remove their badge from the card reader and put it back in the card holder once they have successfully logged in. This not only improves security at the desktop, but also helps ensure that when you leave for the day, you will have your HHS ID Badge to get you back on campus the following day.


Eventually, all employees, contractors and affiliates will be required to log in using their HHS ID Badge (PIV Card) and PIN. Once that occurs, login with username and password will not be possible.



Q. What happens if the fingerprints provided at a Lifecyle Work Station come back as "not a biometric match?"

A.  If the LWS fingerprint match fails, the LWS operator should direct the badge holder to the DPSAC Issuance Work Station (Badging Office) for proper identity proofing.

Below are additional Questions and Answers regarding the use of your HHS ID Badge for logging into your computer, the NIH network and special applications such as ITAS.



More FAQs are can be found in the 'Smart Card Login FAQs' guide posted at:http://www.ors.od.nih.gov/ser/dpsac/Pages/Continued-Implementation-of-HSPD-12.aspx



smartOverall Smart Card Login

Q: How do I log in to my computer with my HHS ID Badge (PIV card)?


A: To log in with your HHS ID Badge (PIV card), insert your HHS ID Badge into your smart card reader at the login screen to your desktop, and enter your six - eight digit Personal Identification Number (PIN) when prompted to do so.  


For step-by-step instructions on how to log in with a smart card, reference the "How to Log in" guides at: http://www.ors.od.nih.gov/ser/dpsac/Pages/Continued-Implementation-of-HSPD-12.aspx. 



Q: What will I need to log in with an HHS ID Badge (PIV card)?


A: To log in, you must have:

  • Your HHS ID Badge
  • A smart card reader connected to your computer
  • Your PIN for your HHS ID Badge
  • Active (not expired) digital certificates

You might also need: 

  • Software that allows your computer to read and use the digital certificates on your HHS ID Badge

For more information about each of these items, reference the "Quick Reference Guide" at: http://www.ors.od.nih.gov/ser/dpsac/Pages/Continued-Implementation-of-HSPD-12.aspx.



Q: What happens to my username and password?


A: At this time, you must maintain your username and password. Do not let your password expire!  


While NIH is transitioning to smart card login, your username and password are still needed to access many NIH systems. Also, at this time, if you let your password expire you will not be able to log in with your HHS ID Badge and PIN.


certsDigital Certificates

Q: What are active digital certificates?


A: The gold chip on your HHS ID Badge stores your digital certificates, including the Authentication Key that allows you to log in. To work, the Authentication Key must be active (as in, not expired).



Q: What do digital certificates allow me to do?


A: Digital certificates allow systems to validate who you are and authenticate you as a user. They will also allow you to send and receive encrypted e-mails and digitally sign e-mails.



Q: When do my digital certificates expire?


A: Digital certificates expire every 1 - 2.5 years depending on your affiliation with NIH. They may expire earlier than the expiration date printed on your HHS ID Badge.



Q: Is there a way to check the expiration date of my digital certificates?


A: You can check the status of your digital certificates by visiting http://testmysmartcard.nih.gov. When you are asked to select a digital certificate, the properties of the certificate will display the expiration date.


If you need help, please contact the NIH IT Service Desk at 301-496-4357. They can guide you through the steps to check the status of your digital certificates.



Q: I have multiple digital certificates. Do they have different expiration dates?


A: No. All your digital certificates have the same expiration date. When you renew your certificates, all of them will be renewed.



Q: When I log in to ITAS or other applications through NIH Login, I am prompted to "Select a digital certificate" before entering my PIN. Which certificate should I select?


A: Steps on how to select the correct digital certificate for smart card authentication are located on pages 3 and 4 (steps 4-6) of the following document: https://itrusteauth.nih.gov/CertAuth/UsingSmartCardsWithNIHLogin.pdf.



techTechnical and Computer Issues

Q: Does my computer need to be reconfigured by IT?


A: Your computer does not need to be reconfigured, but you may need to install the smart card reader or the software (e.g., ActivIdentity´┐Ż ActivClient™) that allows your computer to read and use the digital certificates on your HHS ID Badge. You do not need to be without your computer. Please contact the NIH IT Service Desk at 301-496-4357 for help with these installations.



Q: If I get locked out of my computer and cannot log in, where do I go for help?


A: Please contact the NIH IT Service Desk at 301-496-4357.

HHS ID Badge Issues 

Q: What if my HHS ID badge is lost or stolen?


A: Please contact your AO who must submit a new badge request, via the NIH Enterprise Directory (NED), to the Division of Personnel Security and Access Control (DPSAC), which oversees badge issuance.



Q: What happens if I leave my HHS ID Badge at home or I accidentally leave my badge in my card reader overnight?


A: If you leave your HHS ID Badge at home or forget to take your HHS ID Badge with you when you leave for the day, you will need to go through the NIH Gateway Visitors' Center to enter the NIH campus. You will need to call the NIH IT Service Desk at 301-496-4357 to be granted access to the NIH network.



Q: While I wait for a new HHS ID Badge, how will I log in to my computer?


A: Please call the NIH IT Service Desk at 301-496-4357 to be granted access to the NIH Network.



Q: What if my HHS ID Badge breaks or stops working?


A: You will need to take your broken HHS ID Badge to a Badge Issuance Station.  


itasSmart Card (HHS ID Badge)/PIN Login to ITAS   

Q. Will Mac users be required to use smart card login for ITAS?


A. While NIH is not requiring smart card login from Macs on the June 18 date, some ICs are choosing to include their Macs in the June deploy- ment. We expect that all Mac users will have to meet this HHS requirement in the near future. 



Q. Are only Federal employees affected?


A. No. All ITAS users who have an HHS ID Badge (e.g., contractors who hold Timekeeper roles in ITAS) will need their HHS ID Badge and PIN to log in.


Safety Corner


Enjoy Fireworks the Safe Way - at a Public Display

The following fire safety awareness article was prepared by the Division of the Fire Marshal, Office of Research Services (ORS)


The American tradition of parades, cookouts and fireworks helps us celebrate our nation's birthday on the Fourth of July. However, a joyful holiday can turn into a painful memory when children or adults are injured while using fireworks.


Although some fireworks are relatively safe with proper and careful use, others are illegal and present substantial risks that can result in damage to property and, more importantly, cause ear and eye injuries, amputations, severe burns and death. In fact, according to the National Institute on Deafness and Other Communication Disorders (NIDCD), firecrackers experienced at close range can damage hearing permanently in an instant.


The Division of Fire Marshal (DFM), ORS, urges everyone to put safety first when celebrating this Fourth of July. When using fireworks, things can go wrong very fast. Children, especially, can be injured quickly. Kids typically not only like to watch, but they also want to touch, feel and light the fireworks.


Rather than incurring any risks, the DFM urges you to celebrate and enjoy the holiday without lighting your own fireworks. Instead, attend one of the many public fireworks displays provided throughout the area. At these displays, certified and licensed pyrotechnicians are trained and experienced in the safe use of fireworks and will provide a safe, yet exciting show.


The following tips should help make a public fireworks display safer and more enjoyable:


  • Stay far away from where the fireworks are exploding and wear earplugs if the noises are uncomfortably loud.
  • Obey all monitors and ushers and respect the safety barriers established that allow the trained pyrotechnicians room to safely do their job. Resist any temptation to get close to the actual firing site. In fact, the best view of fireworks is from a quarter mile or more away.
  • If unexploded fireworks fall to the ground, do not touch them and keep others away. If you happen to find any pieces which may not have exploded, immediately contact the local fire or police department.
  • Pets, like their human companions, have very sensitive ears and the "booms" and "bangs" associated with fireworks displays can be quite uncomfortable - particularly to dogs. In fact, these loud noises can damage their ears too. Leave pets at home if you attend a fireworks show.
  • Leave the lighting of all fireworks to certified operators. Even sparklers and other novelty items that are legal in certain jurisdictions can be dangerous. Enjoy the "Fourth" safely and attend a public display - it will provide the right kind of excitement!


If you have questions concerning fireworks safety, please contact the Division of the Fire Marshal, ORS at 301-496-0487. For hearing concerns, contact the NIDCD Office of Health Communication and Public Liaison at 301-496-7243.


A biweekly e-newsletter from the Office of Research Resources, Division of Personnel Security and Access Control (ORS/DPSAC) to keep you informed as NIH rolls out "Homeland Security Presidential Directive 12" (HSPD-12) establishing a common identification standard to better safeguard NIH and its workforce.