DPSAC News Header

December 12, 2012 issue of the DPSAC NEWS

In This Issue
HHS ID Badge/PIV Card Rollout Scorecard
NED Classes Announced for February & March, 2013
HHS's Automated Certificate Renewal Notice Now Includes a 'Renew-From-Your-Desktop' Optio
ActivClient Software Required for 128k PIV Cardstock to Work with Windows Computers
Know the Rules for Renewing Digital Certificates
How to Correctly Change your Password on Windows 7...and Avoid Disabling Your PIV Card
Certificates Expiring? DO NOT Ignore HHS Certificate Renewal E-Mails
Don't Get Locked Out -- Take Your PIV Card With You
Helpful Tips
FAQs

   

 

Contact Us

 

Division of Personnel Security and Access Control

 

Personnel Security 

Helpdesk: 301-402-9755

e-QIP: 301-402-9735

Appointment Line: 301-496-0051

E-mail: orspersonnelsecurity@ 

mail.nih.gov

 

Access Control

Helpdesk: 301-451-4766

E-mail: facilityaccesscontrol@ 

mail.nih.gov

 DHHS Logo gif   NIH Logo gif    ORS jpg

    

HHS ID Badge/PIV Card Rollout Scorecard

  

Here are the most recent NIH badging statistics provided by HHS as of  

December 7, 2012.  

 

Sponsored: 38,289    Enrolled: 37,953   Issued: 37,616*

 

*This figure represents 98.2% of individuals who have been sponsored.

            
12-10-12 Pie Chart for 12-12-12 DN

            
12-10-12 Excel sheet for 12-12-12 DN

 
Classroom with white border NED Classes Announced for February & March, 2013

The HSPD-12 Program Office will offer four new NED classes (two sessions for beginners, two sessions for advanced NED users) during the first quarter of 2013.  

 

Take advantage of this opportunity to quickly master NED in a hands-on computer lab environment. All classes are FREE!

 

   NED for Beginners

 
   Date: Friday, February 22, 2013 (Note: This is a revised date)
   Time: 9:00 a.m. - 12:00 p.m. (noon)

   Location: 6120 Executive Plaza South, Classroom 8

 

   Date: Tuesday, March 26, 2013

   Time: 9:00 a.m. - 12:00 p.m. (noon)

   Location: Building 12A, Room B51

 

 

   NED for Advanced Users

 

   Date: Friday, February 22, 2013 (Note: This is a revised date)

   Time: 1:00 p.m. - 4:00 p.m.

   Location: 6120 Executive Plaza South, Classroom 8

 

   Date: Tuesday, March 26, 2013

   Time: 1:00 p.m. - 4:00 p.m.

   Location: Building 12A, Room B51

 

 

Contact Lanny Newman at newmanl@mail.nih.gov to reserve your space. In your e-mail, provide Lanny with your name and IC and which class you would like to attend.

 

HHS's Automated Certificate Renewal Notice Now Includes a 'Renew-From-Your-Desktop' Option

 

The digital certificate renewal notification that the Department automatically sends to PIV Card holders 42 days before their 'certs' expire has been revised to give card holders the option of renewing their certificates from their Windows computer.*

 

To renew certificates at a Windows computer, the individual's PIV Card certificates must still be valid (i.e., not expired), the Access Card Utility (ACU) software must be installed and the cardholder must know his/her PIN. This new capability should make the cert renewal process quick and easy.

 

In the revised message, cardholders are instructed to follow a two-step process to: (1) update their PIV Card's certificates; and, (2) update their computer to use their new certificates.  

 

Once the cardholder completes these steps, s/he will be able to (1) log into the NIH network with their PIV Card, and (2) receive encrypted e-mail or digitally sign documents or e-mail respectively.

 

PIV cardholders with expiring (or expired) certificates who don't know their PINs will still need to make an appointment with a Lifecycle Work Station (LWS) operator to renew their certificates. Instructions for locating an LWS are included in the notice.

 

The Center for Information Technology, the ORS Division of Personnel Security and Access Control and the ORS Information Technology Branch collaborated to produce the final notification. HSPD-12 Points of Contact from several ICs also assisted with the revision.

 

The Department plans to begin using the revised e-mail soon.

 

To learn more about the ACU software application and how to use it to renew your digital certificates, visit the NIH Knowledge Base at: http://go.usa.gov/YMrj 

 

To read a sample revised notification, click on the words: 'Sample Notice'   

* Some ICs have deployed a software tool called the Access Card Utility (ACU) that allows individuals using Windows to renew their digital certificates at their computer IF the certificates are within 42 days of expiration and not yet expired. The Department will continue to send reminders every seven (7) days after the initial notification until the card holder renews his/her certificates.  

 

ActivClient Software Required for 128k PIV Cardstock to Work with Windows Computers

 

DPSAC News reported in the November 28 issue ('New HHS ID Badge Card Stock Gets a Boost') that NIH began issuing HHS ID Badges using cardstock with enhanced storage capabilities. The new badges contain 128k computer chips, essentially doubling the storage capacity of the 64k chips currently in the PIV Cards/HHS ID Badges at NIH.

 

When digital certificates on a 64k PIV Card are renewed, the previous certificates are removed from the card while new certificates replace them. In order to open encrypted e-mails that were sent or received previously, the removed certificates will need to be recovered using the HHS Identity PIV Portal. A description of this process is posted on the NIH Knowledge Base at: http://go.usa.gov/g2Nj.
 
For 128k cards, however, key recovery is generally unnecessary since the five (5) prior e-mail encryption keys will be stored in the larger capacity card.

 

Action required for 128K cards to work on Windows computers

Responding to early reports that users of the 128k cards were unable to use their new cards to log on to their Windows computers, CIT determined that it was necessary to install and patch ActivClient.  

 

CIT recently alerted all IC IT departments to the problem and have provided guidance for installing and patching ActivClient on Windows desktops and laptops for both Windows XP and Windows 7.

 

ActivClient and its hotfix are available for download from CIT's Information Systems Distribution Procurement (ISDP) Program at: http://isdp.nih.gov/isdp/version.action?prodid=127.

 

Know the Rules for Renewing Digital Certificates

 

HHS sends out its first certificate expiration notice 42 days before the badge holder's digital certificates expire. Follow-up messages from the Department to the badge holder go out every seven (7) days until the certificates are either renewed or they expire.  

 

The last message goes out one week before the certificates expire. Please be aware that all of the messages are exactly the same.

 

Note: Certificates cannot be renewed by an LWS operator or a Badge Issuance specialist UNLESS the badge holder's certificates will be expiring within the 42-day window.

 

How to Correctly Change your Password on Windows 7...and Avoid Disabling Your PIV Card

 

The NIH IT Service Desk reports that some people using Windows 7 are accidentally changing their PIN when they thought they were changing their Password.  

 

The problem is occurring when they log on with their PIV card and get prompted that their password will expire soon. When attempting to change their password, they DON'T read the box that gives them the option to switch from 'PIN' to 'Password.'  

 

By selecting the wrong box, users can accidentally change their PIN and even worse, change it to the wrong format which will disable the PIV Card.

 

Instructions on Correctly Changing Your Password on Windows 7

The NIH Knowledge Base has posted complete instructions as well as a video on how to change or reset an NIH Active Directory password on a Windows 7 computer at: http://go.usa.gov/gUBh. Method 4 can be used after logging into your workstation with the HHS ID Badge (PIV/Smart Card) and is reserved for PC users only.

 

Certificates Expiring? DO NOT Ignore HHS Certificate Renewal E-Mails

 

DPSAC is urging PIV Card users to heed the certificate renewal notifications they receive from HHS to avoid being locked out of their computer or prevented from using critical software applications due to expired certificates.

 

Don't Get Locked Out -- Take Your PIV Card With You

 

By March 29, 2013, more than 35,000 employees, contractors and affiliates will be using their PIV Cards (HHS ID Badges) instead of their username/password to log in to their Windows computers.

         

Get in the habit of removing your PIV Card from the card reader immediately after you've logged in and place it back in your card holder.  

 

If you need a reminder to take your PIV Card with you at the end of the work day, schedule a recurring 'meeting' in your Outlook calendar that will pop up before you leave for the day.  

Helpful Tips

Keep your passwords current to avoid having your account deactivated --
everyone transitioning away from username & password to HHS ID Badge/PIV Card & PIN login will still need to update their password when they receive an e-mail notice that their password is about to expire. Otherwise, they will be locked out of their computer until they have updated their password, even though they may not be using their password for login.

 

Sign up for the NIH Password Self Service program, iForgotMyPassword, so you can always manage your password and unlock your account at: https://iforgotmypassword.nih.gov/.

 

ICs that want to add LWS operators to the approved roster -- send a written request to Richie Taffet at taffetr@mail.nih.gov. Your request should include the new operator's name, their IC, their NED #, as well as the operator's e-mail address, building/room and phone number.  

 

Once Mr. Taffet has approved the request, he will forward the name(s) to HHSIdentityAdmins@deloitte.com to complete the approval process, add the name to the LWS operator roster, and inform the IC that the individual is now approved to operate the LWS.

 

Need to make changes to the LWS Operator directories? -- drop an e-mail to Lanny Newman, newmanl@mail.nih.gov, and let him know what needs changing (e.g., adding new operators or LWS locations, removing operators, etc.). Remember, before a new operator can be added to the LWS directory, s/he must first be approved by Richie Taffet (see preceding Helpful Tip).  

  

If an LWS is not available in your IC or your immediate area, and you work in the greater Bethesda or Rockville area -- please call 301-451-4766 or 301-402-9755 to schedule an appointment with the Division of Personnel Security and Access Control located in Building 31, Room B1A26 or in Building 10, South Lobby, Room 1C52. Both locations are on the NIH main campus. If you work outside the Bethesda/Rockville area, contact your local badge issuance office.  

 

FAQs


Q. I was surprised to read in the last DPSAC News that individuals can remove their PIV Card from the card reader immediately after logging in and stay logged in as long as they continue to use their computer.

   

Unfortunately, this is not the case for me. If I remove my PIV Card I'm immediately logged off my computer. Are there steps I can take to stay logged in after I've removed my PIV Card from the card reader?

 

A. Yes. Assuming your IC has no objection to your staying logged in after removing your PIV Card from the card reader, the IT Service Desk offers the following solution:  

 

"With Administrative rights, open the ActivClient Agent console. Once the console is opened, click on tools, click on Advanced, and then click on configuration. Once the configuration menu comes up, the first item should be CARD REMOVAL BEHAVIOR. Highlight that, and in the column where it says 'value,' change that to NO ACTION! Click apply and close the console. You will have to reboot for the changes to take.

 

Now, once you are completely logged in, your computer will NOT log you off if you take your PIV Card (HHS ID Badge) out of the card reader.

 

Remember that after a period of inactivity your computer will time out automatically, requiring you to log back in with your PIV Card and PIN."

A biweekly e-newsletter from the Office of Research Resources, Division of Personnel Security and Access Control (ORS/DPSAC) to keep you informed as NIH rolls out "Homeland Security Presidential Directive 12" (HSPD-12) establishing a common identification standard to better safeguard NIH and its workforce.