Contact Us
Division of Personnel Security and Access Control
Personnel Security
Helpdesk: 301-402-9755
e-QIP: 301-402-9735
Appointment Line: 301-496-0051
E-mail: orspersonnesecurity@
mail.nih.gov
Access Control
Helpdesk: 301-451-4766
E-mail: facilityaccesscontrol@
mail.nih.gov
|
|
|
HHS ID Badge/PIV Card Rollout Scorecard
Here are the most recent NIH badging statistics provided by HHS as of August 31, 2012.
Sponsored: 38,181 Enrolled: 37,814 Issued: 37,478*
*This figure represents 98.2% of individuals who have been sponsored.
Congratulations to DPSAC for achieving a new percentage high of badges issued compared to population sponsored (98.2%).
|
New Code Letters Added to Digital Certificates Will Help Users ID the Appropriate Certificate
This article is reprinted from the August 22, 2012 issue of DPSAC News
As of July, 2012, all newly issued and renewed PIV Card/HHS ID Badge certificates now include a code letter at the end of the "Issued to" name to allow users to easily differentiate between types of certificates -- Authentication, Encryption and Signing.
This new code letter suffix defines the use of each certificate, making it easier to identify and select the correct certificate.
Note: certificates issued or renewed prior to July 2012 will not show the code letter.
Below are examples of how the certificates with codes appear:
- John Doe -A - identifies the client authentication certificate
- John Doe -E - identifies the e-mail encryption certificate
- John Doe -S - identifies the digital signature certificate
Individuals requiring additional information should contact the NIH IT Service Desk at 301-496-4357 (local), 866-319-4357 (toll-free), or 301-496-8294 (TTY) or submit an online service request at: http://itservicedesk.nih.gov/support.
|
Keeping Digital Certificates Current & Knowing Your PIN Becoming Critical for Accessing NIH Resources
18,000 Digital Certificates Scheduled to Expire Over the Next Six Months
DPSAC is notifying Lifecycle Work Station (LWS) Operators that they will be seeing an increase in requests to reset PINs and renew digital certificates. This trend will continue over the coming months as more than 18,000 digital certificates will expire between now and March 2013. It is also likely that more users will need to reset their PINs as ICs begin to implement the requirement to log in with a PIV card (HHS ID Badge) on Windows computers. ICs are being asked to share LWS resources to help make it easy for all NIH employees, contractors and affiliates to renew their digital certificates and reset their PINs. The goal is to help NIH staff avoid any access issues that might result from expired certificates or forgotten PINs. |
LWS Operator Training
LWS Operators who would like to refresh their training can access the LWS Training Manual at: http://www.ors.od.nih.gov/ser/dpsac/training/Pages/lifecycle.aspx. The HSPD-12 Program Office has prepared an animated version of this training manual that will soon be posted on this site. |
RML Becomes First NIH Campus to Upgrade its Physical Access Systems to Support HSPD-12 Compliance
NIH Team Travels to Montana to Upgrade Physical Access Equipment at Rocky Mountain Laboratories
On August 10th, 2012 a team from DPSAC and the ORS Information Technology Branch (ITB) in Bethesda traveled to Rocky Mountain Laboratories (RML) in Hamilton, Montana to assist the RML Police, guard force and local IT staff with upgrading their Physical Access Control System (PACS) to meet HSPD-12 compliance.
The team replaced card readers at perimeter sites as well as critical infrastructure card readers with new devices that will read the Card Holder Unique Identifier (CHUID) (pronounced 'chew wid') that is stored on the digital chip of the PIV Card/HHS ID Badge. RML is the first NIH campus to upgrade its PACS system to support HSPD-12 Compliance.
|
PIV Card/HHS ID Badge Tips and Reminders
- Digital certificates can only be renewed if they are within 42 days of expiration, or if they have already expired.
- Some ICs have elected to deploy the 'Access Card Utility (ACU).' This software allows individuals to renew their digital certificates at their computer IF the certificates are within 42 days of expiration and not yet expired. The user does not have to be connected to the NIH net, either internally or via VPN, to use the ACU. A connection to the Internet is all that is required.
To find out if your IC has deployed the ACU, reach out to one
of your IC's LWS operators:
[http://www.ors.od.nih.gov/ser/dpsac/badge/Pages/lifecycle.aspx]
or your IC Point of Contact:
[http://www.ors.od.nih.gov/ser/dpsac/Documents/P-HSPD-12_ImplementationPOC.xlsx].
- If an individual's PIV Card/HHS ID Badge is expiring, s/he will need to follow the normal PIV Card/HHS ID Badge renewal process. The LWS operator will not be able to renew the individual's digital certificates.
|
Helpful Tips
ICs that want to add LWS operators to the approved roster -- send a written request to Richie Taffet at taffetr@mail.nih.gov. Your request should include the new operator's name, their IC, their NED #, as well as their e-mail address, building/room and phone number.
Once Mr. Taffet has approved the request, he will forward the name(s) to HHSIdentityAdmins@deloitte.com to complete the approval process, add the name to the LWS operator roster, and inform the IC that the individual is now approved to operate the IC's LWS.
Keep a supply of card reader cleaners on hand at each work location -- recommends the Office of the Chief Information Officer. Sooner or later everyone's smart card reader will need to be cleaned. One sign of a dirty card reader could be a message on your computer stating that it cannot recognize your card type. Keeping card reader cleaners on hand can save time and hopefully resolve this issue quickly.
If you need assistance, contact the NIH IT service desk at 301-496-HELP or submit an online service request at: http://itservicedesk.nih.gov/support.
LWS operators can now renew digital certificates that are expired beyond one year -- before this change, individuals with PIV Cards/HHS ID Badges containing digital certificates expired longer than a year needed to visit a badge issuance station to renew their certs. LWS operators were not able to renew certs for these individuals.
Six weeks (forty-two days) before an individual's certificates expire, the HHS automatically sends that person a certificate renewal notification. The sender appears as HHSIdentity@hhs.gov.
Individuals cannot renew their certificates before the first message is sent.
Keep your passwords up to date to avoid having your account deactivated -- everyone transitioning away from username & password to HHS ID Badge/PIV Card & PIN login will still need to update their password when they receive an e-mail notice that their password is about to expire. Otherwise, they will be locked out of their computer until they have updated their password, even though they may not be using their password for login.
Sign up for the NIH Password Self Service program, iForgotMyPassWord, so you can always manage your password and unlock your account at: https://iforgotmypassword.nih.gov/
If an LWS is not available in your IC or your immediate area, and you work in the greater Bethesda or Rockville area -- please call 301-451-4766 or 301-402-9755 to schedule an appointment with the Division of Personnel Security and Access Control located in Building 31 or in Building 10, South Lobby, Room 1C52. Both locations are on the NIH main campus. If you work outside the Bethesda/Rockville area, contact your local badge issuance office.
Do not lend your HHS ID Badge/PIV Card to anyone -- lending out your HHS ID Badge/PIV Card is prohibited. The issuance of the HHS ID Badge/PIV Card is based on strict identity proofing and the determination of one's suitability for a specific position classification.
|
FAQs Q. I will soon be awarding a new contract. The contract staff will require Level 1 background investigations in order to complete the work involved. All of the contractor's staff have existing investigations for a project for which they are already doing work. My question is, since they have existing investigations, is there a process that must be followed in order to apply those existing investigations to this new contract? Also, how recently must the investigations have been obtained in order to be applicable to this new contract award?
A. A check of OPM repositories is conducted on each individual prior to requesting a new or updated investigation. If the search concludes that the individual has already met the requirements for the work they would be doing at NIH, then no new investigation would be initiated. [For example, no new investigation would be required if the work an individual will be performing for NIH has been designated to a non-sensitive (Level-1) position and they have had a previous favorable investigation that either meets or exceeds the requirements for a non-sensitive position]. In response to the second part of your question, if the individual has been subject to a previous favorable investigation that either meets or exceeds the requirements for the work being performed for NIH, and there is clear evidence there has been no break in employment or service for more than 24 months, then it would not be necessary to request a new or updated investigation.
Q. I understand that even though I am using my PIV Card/HHS ID Badge and PIN to log in to my computer, I still need to maintain my password. How long will this password requirement last before it is discontinued? A. According to the Office of the Chief Information Officer, as long as NIH continues to use username/password authentication with Active Directory (AD), the password change policy will apply. AD will not allow you to login to a computer (with or without a PIV card) if your password is expired. This policy is expected to remain in effect for at least 2 more years. |
Safety Corner
The Fire Safety Dangers of Having Too Much Stuff in the Workplace and in the Home
The following article was prepared by the Division of the Fire Marshal, ORS.
The term 'hoarding' is generally described as obtaining and refusing to throw out a large number of items that would appear to have little or no value to others.
In the home it is described as severe cluttering to the point a space is no longer able to function as a viable living space.
Items usually hoarded include such things as: newspapers, magazines, personal papers, clothing, furniture, appliances, equipment, boxes and rubbish. Hoarding is different and much more than having simple clutter in your workplace or home.
While the exact underlying causes of hoarding are currently being studied and the relationship between hoarding and fire safety has yet to be fully documented by the National Fire Protection Association, anecdotal reports from the fire service are emerging that clearly reveal a significant fire threat.
In fact, a 2009 study found that hoarding fires are tougher for the fire service to fight. And, hoarding fires in the home are far deadlier than other types of residential fires.
Specifically, the fire safety dangers to be aware of when having too much stuff in the workplace and in the home include:
- Increased risk of fire due to the accumulation of combustibles such as papers, clothing and rubbish.
- Increased fire severity due to an abnormal amount of fuel that will overtax existing automatic sprinkler systems.
- Blocked escape from fire due to the exits, hallways, windows and doors being obstructed by clutter.
- Extreme risk to fire-emergency response personnel.
- Risk of structural damage due to the weight of the items.
- Risk of injury or death due to being trapped under falling items.
If you have questions on any of these fire safety dangers, please contact the Division of the Fire Marshal, Office of Research Services at 301-496-0487.
|
A biweekly e-newsletter from the Office of Research Resources, Division of Personnel Security and Access Control (ORS/DPSAC) to keep you informed as NIH rolls out "Homeland Security Presidential Directive 12" (HSPD-12) establishing a common identification standard to better safeguard NIH and its workforce.
|
|
|
|