HHS ID Badge/PIV Card Rollout Scorecard

Here are the most recent NIH badging statistics provided by HHS as of  

December 7, 2012.  

Sponsored: 38,289    Enrolled: 37,953   Issued: 37,616*

*This figure represents 98.2% of individuals who have been sponsored.

HHS's Automated Certificate Renewal Notice Now Includes a 'Renew-From-Your-Desktop' Option

The digital certificate renewal notification that the Department automatically sends to PIV Card holders 42 days before their 'certs' expire has been revised to give card holders the option of renewing their certificates from their Windows computer.*

To renew certificates at a Windows computer, the individual's PIV Card certificates must still be valid (i.e., not expired), the Access Card Utility (ACU) software must be installed and the cardholder must know his/her PIN. This new capability should make the cert renewal process quick and easy.

In the revised message, cardholders are instructed to follow a two-step process to: (1) update their PIV Card's certificates; and, (2) update their computer to use their new certificates.  

Once the cardholder completes these steps, s/he will be able to (1) log into the NIH network with their PIV Card, and (2) receive encrypted e-mail or digitally sign documents or e-mail respectively.

PIV cardholders with expiring (or expired) certificates who don't know their PINs will still need to make an appointment with a Lifecycle Work Station (LWS) operator to renew their certificates. Instructions for locating an LWS are included in the notice.

The Center for Information Technology, the ORS Division of Personnel Security and Access Control and the ORS Information Technology Branch collaborated to produce the final notification. HSPD-12 Points of Contact from several ICs also assisted with the revision.

The Department plans to begin using the revised e-mail soon.

To learn more about the ACU software application and how to use it to renew your digital certificates, visit the NIH Knowledge Base at: http://go.usa.gov/YMrj 

To read a sample revised notification, click on the words: 'Sample Notice'   

* Some ICs have deployed a software tool called the Access Card Utility (ACU) that allows individuals using Windows to renew their digital certificates at their computer IF the certificates are within 42 days of expiration and not yet expired. The Department will continue to send reminders every seven (7) days after the initial notification until the card holder renews his/her certificates.  

ActivClient Software Required for 128k PIV Cardstock to Work with Windows Computers

DPSAC News reported in the November 28 issue ('New HHS ID Badge Card Stock Gets a Boost') that NIH began issuing HHS ID Badges using cardstock with enhanced storage capabilities. The new badges contain 128k computer chips, essentially doubling the storage capacity of the 64k chips currently in the PIV Cards/HHS ID Badges at NIH.

When digital certificates on a 64k PIV Card are renewed, the previous certificates are removed from the card while new certificates replace them. In order to open encrypted e-mails that were sent or received previously, the removed certificates will need to be recovered using the HHS Identity PIV Portal. A description of this process is posted on the NIH Knowledge Base at: http://go.usa.gov/g2Nj.
 
For 128k cards, however, key recovery is generally unnecessary since the five (5) prior e-mail encryption keys will be stored in the larger capacity card.

Action required for 128K cards to work on Windows computers

Responding to early reports that users of the 128k cards were unable to use their new cards to log on to their Windows computers, CIT determined that it was necessary to install and patch ActivClient.  

CIT recently alerted all IC IT departments to the problem and have provided guidance for installing and patching ActivClient on Windows desktops and laptops for both Windows XP and Windows 7.

ActivClient and its hotfix are available for download from CIT's Information Systems Distribution Procurement (ISDP) Program at: http://isdp.nih.gov/isdp/version.action?prodid=127.

Know the Rules for Renewing Digital Certificates

HHS sends out its first certificate expiration notice 42 days before the badge holder's digital certificates expire. Follow-up messages from the Department to the badge holder go out every seven (7) days until the certificates are either renewed or they expire.  

The last message goes out one week before the certificates expire. Please be aware that all of the messages are exactly the same.

Note: Certificates cannot be renewed by an LWS operator or a Badge Issuance specialist UNLESS the badge holder's certificates will be expiring within the 42-day window.

How to Correctly Change your Password on Windows 7...and Avoid Disabling Your PIV Card

The NIH IT Service Desk reports that some people using Windows 7 are accidentally changing their PIN when they thought they were changing their Password.  

The problem is occurring when they log on with their PIV card and get prompted that their password will expire soon. When attempting to change their password, they DON'T read the box that gives them the option to switch from 'PIN' to 'Password.'  

By selecting the wrong box, users can accidentally change their PIN and even worse, change it to the wrong format which will disable the PIV Card.

Instructions on Correctly Changing Your Password on Windows 7

The NIH Knowledge Base has posted complete instructions as well as a video on how to change or reset an NIH Active Directory password on a Windows 7 computer at: http://go.usa.gov/gUBh. Method 4 can be used after logging into your workstation with the HHS ID Badge (PIV/Smart Card) and is reserved for PC users only.

Certificates Expiring? DO NOT Ignore HHS Certificate Renewal E-Mails

DPSAC is urging PIV Card users to heed the certificate renewal notifications they receive from HHS to avoid being locked out of their computer or prevented from using critical software applications due to expired certificates.

Don't Get Locked Out -- Take Your PIV Card With You

By March 29, 2013, more than 35,000 employees, contractors and affiliates will be using their PIV Cards (HHS ID Badges) instead of their username/password to log in to their Windows computers.

Get in the habit of removing your PIV Card from the card reader immediately after you've logged in and place it back in your card holder.  

If you need a reminder to take your PIV Card with you at the end of the work day, schedule a recurring 'meeting' in your Outlook calendar that will pop up before you leave for the day.  

If an LWS is not available in your IC or your immediate area, and you work in the greater Bethesda or Rockville area -- please call 301-451-4766 or 301-402-9755 to schedule an appointment with the Division of Personnel Security and Access Control located in Building 31, Room B1A26 or in Building 10, South Lobby, Room 1C52. Both locations are on the NIH main campus. If you work outside the Bethesda/Rockville area, contact your local badge issuance office.  

FAQs

Q. I was surprised to read in the last DPSAC News that individuals can remove their PIV Card from the card reader immediately after logging in and stay logged in as long as they continue to use their computer.

Unfortunately, this is not the case for me. If I remove my PIV Card I'm immediately logged off my computer. Are there steps I can take to stay logged in after I've removed my PIV Card from the card reader?

A. Yes. Assuming your IC has no objection to your staying logged in after removing your PIV Card from the card reader, the IT Service Desk offers the following solution:  

"With Administrative rights, open the ActivClient Agent console. Once the console is opened, click on tools, click on Advanced, and then click on configuration. Once the configuration menu comes up, the first item should be CARD REMOVAL BEHAVIOR. Highlight that, and in the column where it says 'value,' change that to NO ACTION! Click apply and close the console. You will have to reboot for the changes to take.

Now, once you are completely logged in, your computer will NOT log you off if you take your PIV Card (HHS ID Badge) out of the card reader.

Remember that after a period of inactivity your computer will time out automatically, requiring you to log back in with your PIV Card and PIN."