DPSAC News Header

April 3, 2013 issue of the DPSAC NEWS

In This Issue
HHS ID Badge/PIV Card Rollout Scorecard
NIH Information Security & Privacy Awareness Annual Refresher Training to be Launched Together in April 2013
NIH to Complete Transition to PIV Card + PIN Login by March 2013
The NED Training Schedule through July, 2013
The NED Training Schedule through July, 2013
Keep your Password Current to Avoid Account Deactivation
Helpful Tips
FAQs

   

 

Contact Us

 

Division of Personnel Security and Access Control (DPSAC),  

Office of Research Services  

 

Personnel Security 

Helpdesk: 301-402-9755

e-QIP: 301-402-9735

Appointment Line: 301-496-0051

E-mail: orspersonnelsecurity@ 

mail.nih.gov

 

Access Control

Helpdesk: 301-451-4766

E-mail: facilityaccesscontrol@ 

mail.nih.gov

 

       

        HHS logo small Logo Mark NIH Logo Mark    

3-29-13 Pie Chart for 4-3-13 DN

HHS ID Badge/PIV Card Rollout Scorecard

  

Here are the most recent NIH badging statistics provided by HHS as of  

March 29, 2013.  

 

Sponsored: 38,379    Enrolled: 38,008   Issued: 37,641*

 

*This figure represents 98.1% of individuals who have been sponsored.

 

  
3-29-13 Excel table for 4-3-13 DN
 
NIH Information Security & Privacy Awareness Annual Refresher Training to be Launched Together in April 2013!

This April, the Office of the Senior Official for Privacy, OMA and the Information Security and Awareness Office, OCIO plan to launch their respective annual Privacy and Security refresher courses at the same time to help reinforce lessons on how to properly secure NIH information resources and protect the privacy of individuals to whom data pertains.  

 

Both courses are mandatory and required for completion by all NIH staff on an annual basis. Although the security and privacy requirements are distinctly different, the course content is related. Additionally, the courses are located on the same dashboard.


Completion of the annual NIH Information Security and Privacy Awareness Refresher courses will provide individuals with valuable information about their responsibilities to secure NIH resources and protect all forms of personal information, whether it belongs to them, or to a member of the public, grant applicant, research study participant or an NIH Clinical Center patient.  

 

Everyone completing these courses will also learn what they can do in the event of a computer security incident or breach of data to mitigate the risk of harm to the agency and individuals whose information has been compromised.

 

It is everyone's responsibility to use NIH systems in a secure manner and to protect the privacy of the individuals whose information we collect, as well as to comply with all applicable laws, regulations and policy.

 

Notifications to go out soon

Soon, NIH staff will be notified by their IC Information Systems Security Officer (ISSO) and/or Privacy or Training Coordinator to take the respective training within a specified timeframe.

   

Individuals will be instructed to visit the NIH Information Security and Privacy Awareness Training Website to complete these courses, either separately or in one sitting.     


Those individuals who are identified by their ICs as having significant IT security responsibilities will be asked by their ISSO to take or certify that they have taken the appropriate role-based security training.

 

Anyone with questions concerning the mandatory online training requirement for either privacy or security awareness training may contact:

 

Karen Plá, CIPP-G

Office of the Senior Official for Privacy

Division of Management Support

Office of Management Assessment

Phone:  301-402-6201

Email:  plak@mail.nih.gov 

 

Cheryl Ann Seaman, M.P.H.

Information Security and Awareness Office

Office of the Chief Information Officer

Phone:  301-402-4461

Email:  cheryl.seaman@nih.gov    

 

Note to AOs and ATs:

both Privacy Awareness training and Security Awareness training will be required prior to creation of an Active Directory (AD) account.  

 

Individuals who you sponsor to receive an AD account will be notified automatically through NED Web that they will need to take both modules.

The IT Service Desk personnel have been informed how to handle calls from staff who call to inquire as to why their AD accounts have not been created or have been disabled for failure to complete training.  

  

NIH Completes the Transition to PIV Card + PIN Login    

    

March 29, 2013 marked the successful completion of a year-long,  NIH-wide initiative to transition NIH employees, contractors and affiliates to a new login system requiring their PIV Card and PIN to access their windows computers and the NIH network. The use of a username and password will still be required for certain applications.*

 

Beginning in the Spring of 2012, the Office of the Chief Information Officer (OCIO) began coordinating this 3-stage transition with the help of designated Points of Contact from each IC, and with the Division of Personnel Security and Access Control (DPSAC), the HSPD-12 Program Office and NIH leadership.

 

For the first two stages of the process, 22 Institutes and Centers were divided equally into two groups. Both groups met their respective deadlines of August 31 and December 29, 2012. The final group of seven ICs and the OD completed the changeover from Username/ Password to PIV Card/PIN login by the March 29, 2013 deadline. 

 

Approximately 33,300 employees, contractors and affiliates are now using the more secure PIV Card/PIN login system to access the NIH Network from their Windows computers.   

 

* Important: everyone will need to keep their passwords up to date since some applications will still require a username and password for login. Also, some individuals who qualify for an exemption will still be able to use their username/password to log in to the NIH network from their Windows computer.

 

Take Your PIV Card With You

 

One of the challenges facing badge holders new to PIV Card & PIN login will be remembering to take their card out of the card reader and placing it in their card holder before leaving their office.    

 

DPSAC is recommending that individuals get in the habit of removing their PIV Card from the card reader immediately after logging in and placing it back in their card holder.  

 

Note: removing your PIV Card from your card reader will not log you off your computer! However, after a period of inactivity, whether your PIV card is inserted in your card reader or in your card holder, your computer will log you off and you'll have to log back in with your PIV Card and PIN.

    

Need a memory jogger? In your Outlook calendar, schedule a recurring 'meeting' toward the end of your workday that reminds you to take your PIV card with you.   

 
Classroom light green border The NED Training Schedule through July 2013
   
The HSPD-12 Program Office is offering NED classes in May and July. Beginner classes are scheduled for the mornings and advanced classes are offered in the afternoons.  

Quickly master NED in a hands-on computer lab environment. All classes are FREE!

NED classes May and July

 

Contact Lanny Newman at newmanl@mail.nih.gov to reserve your space. In your e-mail, provide Lanny with your name and IC and which class(es) you would like to attend.   

 

Keep your Password Current to Avoid Account Deactivation 

Everyone transitioning away from username & password to HHS ID Badge/PIV Card & PIN login will still need to update their password when they receive an e-mail notice that their password is about to expire. Otherwise, they will be locked out of their computer until they have updated their password, even though they may not be using their password for login.

Sign up for the NIH Password Self Service program, iForgotMyPassword, so you can always manage your password and unlock your account at: 
https://iforgotmypassword.nih.gov/.

Helpful Tips

Guide Spells Out Process for Ensuring Summer Student Access to NIH -- "Summer Student Badge Policy for Access to Facilities and Information Systems" is a one-page guide that outlines the process for ensuring that Summer Students have the access needed to perform their duties.

Visit http://www.ors.od.nih.gov/ser/dpsac/badge/Pages/students.aspx  to view this guide as well as information about Summer Student policies, processing Summer Students at remote locations, foreign Summer Students, and FDA Summer Students.
     
ICs that want to add LWS operators to the approved roster -- send a written request to Richie Taffet at:
taffetr@mail.nih.gov. Your request should include the new operator's name, their IC, their NED number, as well as the operator's e-mail address, building/room and phone number.  


Once Mr. Taffet has approved the request, he will forward the name(s) to HHSIdentityAdmins@deloitte.com to complete the approval process, add the name to the LWS operator roster and inform the IC that the individual is now approved to operate the LWS.


Need to make changes to the LWS Operator directories? -- drop an e-mail to Lanny Newman, newmanl@mail.nih.gov, and let him know what needs changing (e.g., adding new operators or LWS locations, removing operators, etc.). Remember, before a new operator can be added to the LWS directory, s/he must first be approved by Richie Taffet (see preceding Helpful Tip).  

  

If an LWS is not available in your IC or your immediate area, and you work in the greater Bethesda or Rockville area -- please call 301-451-4766 or 301-402-9755 to schedule an appointment with the Division of Personnel Security and Access Control located in Building 31, Room B1A26 or in Building 10, South Lobby, Room 1C52. Both locations are on the NIH main campus. If you work outside the Bethesda/Rockville area, contact your local badge issuance office.   

 

Renew your PIV Card's digital certificates before they expire -- the Department will notify you by e-mail 42 days before your certificates expire reminding you that you must renew your certificates. In the notification you will be advised to contact a Lifecycle Work Station operator in your IC. You will need up-to-date certificates in order to log in to your Windows computer and/or to use certain computer applications. Note: 'cert' renewals cannot be performed prior to the 42-day window.   

 

Purchasing a Lifecycle Work Station -- updated instructions for purchasing a Lifecycle Work Station (LWS) are now posted on the ID Badge website at: http://www.ors.od.nih.gov/ser/dpsac/resources/Pages/purchasing-lifecycle.aspx  
 

Important: ICs purchasing a new LWS should make sure that the following HHS BPA Contract information is specifically listed on the order form:

 

Contract Name:  HSPD-12 System Integration Services (SIS) Contract

Contract No. / Order No.: HHSN316201200018W / HHSN27600001  

Contractor Name: Deloitte Consulting LLP (DUNS #019121586)

 

ICs using a Government Purchase Card for the purchase of LWSs are advised that the credit card will not be billed until the equipment is delivered. Delivery of LWS equipment may take up to 10 weeks.

 

FAQs

  

Q. Our Institute is in the process of reviewing an employee "situation" and making a determination on appropriate action. OHR Employee Relations would like to suspend campus access for this person at this time.  

 

Rather than deactivating the employee's NED record (which will make later restoration difficult if necessary), is the correct action to 'Revoke' the badge in NED? Will this suspend campus access?

 

A. When you "revoke" the individual's badge in NED, that person will not be able to use their badge to access any perimeter gates or restricted building entrances; however, they will still be able to enter the campus through the Gateway or Visitor center.  

 

If you also want to restrict the individual's access through the Gateway or Visitor's Centers, you will need to contact the NIH Police (301-496- 2387) and request that that person be added to the "Do Not Admit List."  

 

Remember, "revoking" the PIV Card (HHS ID Badge) in NED also suspends the person's logical access.  

 

To reinstate the person's badge privileges (physical and logical access), request a new ID badge in NED, and then s/he will need to return to DPSAC to undergo the complete enrollment and issuance process again. 

 

 

Q. An employee in my Institute wants to know if they need to keep their NIH-Red Alert Special ID badge any longer.  These were issued following 911 to allow staff access to the NIH campus in the event of a Red Alert and lockdown.  I thought these badges were no longer needed after PIV Cards were issued. Is that correct?  Can I tell her to throw it out?

 

A. You are correct that these badges are no longer used at NIH; however, the badges are federal property and should be returned to a DPSAC Badge Issuance Center: Building 31, Room B1A26; or Building 10, Room 1C52 (South Lobby). Those working outside the Bethesda/ Rockville area should contact their local badge issuance office.    
 

 

Q: What if my badge is lost or stolen?

 

A: Please contact your AO who must submit a new badge request, via the NIH Enterprise Directory (NED), to the Division of Personnel Security and Access Control (DPSAC), which oversees badge issuance. You should also inform Access Control (301-451-4766) directly as soon as possible as well as complete a police report with the NIH Police.   


Q: What happens if I leave my badge at home?

 

A: If you leave your badge at home, you will need to go through the NIH Gateway Center (or its equivalent on other NIH campuses) to gain access to NIH facilities. You will also need to call the NIH IT Service Desk at 301-496-4357 to be granted temporary access to the NIH network.


A biweekly e-newsletter from the Office of Research Resources, Division of Personnel Security and Access Control (ORS/DPSAC) to keep you informed as NIH rolls out "Homeland Security Presidential Directive 12" (HSPD-12) establishing a common identification standard to better safeguard NIH and its workforce.