HHS ID Badge/PIV Card Rollout Scorecard

Here are the most recent NIH badging statistics provided by HHS as of August 31, 2012.  

Sponsored: 38,181    Enrolled: 37,814   Issued: 37,478*

*This figure represents 98.2% of individuals who have been sponsored.

New Code Letters Added to Digital Certificates Will Help Users ID the Appropriate Certificate  

This article is reprinted from the August 22, 2012 issue of DPSAC News 

As of July, 2012, all newly issued and renewed PIV Card/HHS ID Badge certificates now include a code letter at the end of the "Issued to" name to allow users to easily differentiate between types of certificates -- Authentication, Encryption and Signing.  

This new code letter suffix defines the use of each certificate, making it easier to identify and select the correct certificate.  

Note: certificates issued or renewed prior to July 2012 will not show the code letter.  

Below are examples of how the certificates with codes appear:

• John Doe -A - identifies the client authentication certificate
• John Doe -E - identifies the e-mail encryption certificate
• John Doe -S - identifies the digital signature certificate

Individuals requiring additional information should contact the NIH IT Service Desk at 301-496-4357 (local), 866-319-4357 (toll-free), or 301-496-8294 (TTY) or submit an online service request at: http://itservicedesk.nih.gov/support.

DPSAC is notifying Lifecycle Work Station (LWS) Operators that they will be seeing an increase in requests to reset PINs and renew digital certificates. This trend will continue over the coming months as more than 18,000 digital certificates will expire between now and March 2013.  

It is also likely that more users will need to reset their PINs as ICs begin to implement the requirement to log in with a PIV card (HHS ID Badge) on Windows computers. 

ICs are being asked to share LWS resources to help make it easy for all NIH employees, contractors and affiliates to renew their digital certificates and reset their PINs.  

The goal is to help NIH staff avoid any access issues that might result from expired certificates or forgotten PINs.

LWS Operators who would like to refresh their training can access the LWS Training Manual at: http://www.ors.od.nih.gov/ser/dpsac/training/Pages/lifecycle.aspx. The HSPD-12 Program Office has prepared an animated version of this training manual that will soon be posted on this site.

RML Becomes First NIH Campus to Upgrade its Physical Access Systems to Support HSPD-12 Compliance

NIH Team Travels to Montana to Upgrade Physical Access Equipment at Rocky Mountain Laboratories

On August 10th, 2012 a team from DPSAC and the ORS Information Technology Branch (ITB) in Bethesda traveled to Rocky Mountain Laboratories (RML) in Hamilton, Montana to assist the RML Police, guard force and local IT staff with upgrading their Physical Access Control System (PACS) to meet HSPD-12 compliance.

The team replaced card readers at perimeter sites as well as critical infrastructure card readers with new devices that will read the Card Holder Unique Identifier (CHUID) (pronounced 'chew wid') that is stored on the digital chip of the PIV Card/HHS ID Badge. RML is the first NIH campus to upgrade its PACS system to support HSPD-12 Compliance.

• Digital certificates can only be renewed if they are within 42 days of expiration, or if they have already expired.

• Some ICs have elected to deploy the 'Access Card Utility (ACU).' This software allows individuals to renew their digital certificates at their computer IF the certificates are within 42 days of expiration and not yet expired. The user does not have to be connected to the NIH net, either internally or via VPN, to use the ACU. A connection to the Internet is all that is required. 

   To find out if your IC has deployed the ACU, reach out to one

   of your IC's LWS operators:

[http://www.ors.od.nih.gov/ser/dpsac/badge/Pages/lifecycle.aspx] 

   or your IC Point of Contact:

[http://www.ors.od.nih.gov/ser/dpsac/Documents/P-HSPD-12_ImplementationPOC.xlsx].

• If the LWS operator cannot validate a person's identity with their fingerprint, the individual will need to go to a badge Issuance Work Station (IWS). IWS locations can be found at: http://www.ors.od.nih.gov/ser/dpsac/badge/pages/locatingbadge.aspx.

• If an individual's PIV Card/HHS ID Badge is expiring, s/he will need to follow the normal PIV Card/HHS ID Badge renewal process. The LWS operator will not be able to renew the individual's digital certificates. 

If an LWS is not available in your IC or your immediate area, and you work in the greater Bethesda or Rockville area -- please call 301-451-4766 or 301-402-9755 to schedule an appointment with the Division of Personnel Security and Access Control located in Building 31 or in Building 10, South Lobby, Room 1C52. Both locations are on the NIH main campus. If you work outside the Bethesda/Rockville area, contact your local badge issuance office. 

Do not lend your HHS ID Badge/PIV Card to anyone -- lending out your HHS ID Badge/PIV Card is prohibited. The issuance of the HHS ID Badge/PIV Card is based on strict identity proofing and the determination of one's suitability for a specific position classification.  

FAQs

Q. I will soon be awarding a new contract. The contract staff will require Level 1 background investigations in order to complete the work involved.  All of the contractor's staff have existing investigations for a project for which they are already doing work.  My question is, since they have existing investigations, is there a process that must be followed in order to apply those existing investigations to this new contract?  Also, how recently must the investigations have been obtained in order to be applicable to this new contract award?

A. A check of OPM repositories is conducted on each individual prior to requesting a new or updated investigation.   

If the search concludes that the individual has already met the requirements for the work they would be doing at NIH, then no new investigation would be initiated.   

[For example, no new investigation would be required if the work an individual will be performing for NIH has been designated to a non-sensitive (Level-1) position and they have had a previous favorable investigation that either meets or exceeds the requirements for a non-sensitive position].

In response to the second part of your question, if the individual has been subject to a previous favorable investigation that either meets or exceeds the requirements for the work being performed for NIH, and there is clear evidence there has been no break in employment or service for more than 24 months, then it would not be necessary to request a new or updated investigation.

 

Q. I understand that even though I am using my PIV Card/HHS ID Badge and PIN to log in to my computer, I still need to maintain my password. How long will this password requirement last before it is discontinued?

A. According to the Office of the Chief Information Officer, as long as NIH continues to use username/password authentication with Active Directory (AD), the password change policy will apply. AD will not allow you to login to a computer (with or without a PIV card) if your password is expired. This policy is expected to remain in effect for at least 2 more years.  

The Fire Safety Dangers of Having Too Much Stuff in the Workplace and in the Home

The following article was prepared by the Division of the Fire Marshal, ORS. 

The term 'hoarding' is generally described as obtaining and refusing to throw out a large number of items that would appear to have little or no value to others.  

In the home it is described as severe cluttering to the point a space is no longer able to function as a viable living space.  

Items usually hoarded include such things as: newspapers, magazines, personal papers, clothing, furniture, appliances, equipment, boxes and rubbish. Hoarding is different and much more than having simple clutter in your workplace or home.

While the exact underlying causes of hoarding are currently being studied and the relationship between hoarding and fire safety has yet to be fully documented by the National Fire Protection Association, anecdotal reports from the fire service are emerging that clearly reveal a significant fire threat.  

In fact, a 2009 study found that hoarding fires are tougher for the fire service to fight. And, hoarding fires in the home are far deadlier than other types of residential fires.

Specifically, the fire safety dangers to be aware of when having too much stuff in the workplace and in the home include:

• Increased risk of fire due to the accumulation of combustibles such as papers, clothing and rubbish.

• Increased fire severity due to an abnormal amount of fuel that will overtax existing automatic sprinkler systems.

• Blocked escape from fire due to the exits, hallways, windows and doors being obstructed by clutter.

• Extreme risk to fire-emergency response personnel.

• Risk of structural damage due to the weight of the items.

• Risk of injury or death due to being trapped under falling items.

If you have questions on any of these fire safety dangers, please contact the Division of the Fire Marshal, Office of Research Services at 301-496-0487.