May 1, 2013 DPSAC News

May 1, 2013 issue of the DPSAC NEWS

In This Issue

HHS ID Badge/PIV Card Rollout Scorecard

Windows 7 Upgrade Now Available for Lifecycle Work Stations

ALERT:...Enter Only U.S. Social Security Numbers (SSN) into the NED SSN Field

The NED Training Schedule through July 2013

Helping Incoming NIH Summer Students

Helpful Tips

FAQs - Digital Certificates

Past Issues

Contact Us

Division of Personnel Security and Access Control (DPSAC),

Office of Research Services

Personnel Security

Helpdesk: 301-402-9755

e-QIP: 301-402-9735

Appointment Line: 301-496-0051

E-mail: orspersonnelsecurity@

mail.nih.gov

Access Control

Helpdesk: 301-451-4766

E-mail: facilityaccesscontrol@

mail.nih.gov

HHS ID Badge/PIV Card Rollout Scorecard

Here are the most recent NIH badging statistics provided by HHS as of

April 26, 2013.

Sponsored: 38,493 Enrolled: 38,047 Issued: 37,676*

*This figure represents 97.9% of individuals who have been sponsored.

Windows 7 Upgrade Now Available for Lifecycle Work Stations

ICs can now upgrade the software for Lifecycle Work Stations running Windows XP to the new Windows 7 version of the LWS software.

To obtain the new software please contact the Deloitte HHS Identity Helpdesk (HHSIdentityAdmins@deloitte.com) and provide them with: (1) your Institute Name; (2) your LWS Group ID; and (3) your LWS Resource tag.

Instructions for retrieving this information are contained in the LWS Windows 7 Upgrade document provided online at: http://library.constantcontact.com/download/get/file/1104539806591-231/LWS+Windows+7+Upgrade+Instructions.pdf).

Windows 7 32-bit vs. 64-bit platform

LWS operators should be aware that the new Windows 7 LWS software only supports the Windows 7 32-bit platform. Users who need certificate renewal ability on a Windows 7 64-bit platform should instead download and use the latest version of the Access Card Utility (ACU) v1.3.

ALERT: Enter Only U.S. Social Security Numbers (SSN) into the NED SSN Field

Only U.S. Social Security Numbers (SSNs) should be entered into the NED SSN Field. DPSAC reports an instance in which an Administrative Officer entered a foreign national's home country identification number into the NED field reserved exclusively for an individual's U.S. Social Security Number.

Like a valid U.S. Social Security Number, the foreign number also contained 9 digits and was mistakenly accepted as a valid entry in the NED SSN field. However, foreign identification numbers cannot be used for personal identity verification purposes in the U.S. Use of foreign numbers in NED will cause multiple problems with background investigations and badge issuance.

According to DPSAC, there are 66 countries that utilize numbers similar to the U.S. SSN. In an effort to avoid improper use of the NED SSN field, a warning will be included in NED stating that only a U.S. Social Security Number should be entered in this field. DPSAC also plans to include this information in future NED classes.

How you can help
Members of the administrative community are asked to remind foreign national registrants to use and submit only U.S. SSNs.

DPSAC recognizes that many if not most applicants are invited to enter this information themselves through the NED one-time link in the registration e-mail, and this is still encouraged.

Nevertheless, remembering to ask foreign nationals whether or not the number they entered in NED is a United States SSN before approving the registration or sponsoring the ID badge will help to ensure that the PIV process is conducted successfully.

Note: a Social Security Number is not required at time of entry if the registrant does not have one. In these instances, the 'No SSN' box should be checked in NED. Once the registrant obtains the U.S. SSN however, the SSN field should be updated promptly.

The NED Training Schedule through July 2013

The HSPD-12 Program Office is offering NED classes in May and July. Beginner classes are scheduled for the mornings and advanced classes are offered in the afternoons.

Quickly master NED in a hands-on computer lab environment (NED class content is described below). All classes are FREE!

Contact Lanny Newman at newmanl@mail.nih.gov to reserve your space. In your e-mail, provide Lanny with your name and IC and which class(es) you would like to attend.

NED Class Descriptions

The HSPD-12 Program Office offers NED courses to meet the needs of both novice and veteran NED users. Mastering NED has become increasingly important as the NIH has transitioned badge functionality to both logical and physical access. This has resulted in more administrative responsibilities and tasks appearing in your NED inbox. These courses will help you improve your NED skills and manage the anticipated increased workload.

NED Basics for Beginners: 9:00 a.m.-12:00 p.m. This course provides basic NED training including how NED supports the HSPD-12 initiative and the badging process. Topics covered include: an overview of the NED system layout, setting task preferences, registering/activating a new person, finding saved tasks, reviewing modify/update functions, and deactivating a badge. This course is intended for people new or just beginning on the NED system.

NED & the PIV Process - Advanced NED Users: 1:00 p.m. -4:00 p.m. This course provides some advanced topics in NED that go beyond the basic functions of the NED system. Attendees will learn how the PIV Process is applied to issuing ID badges at NIH, and how to work with additional features in NED such as managing AD accounts, renewing a badge, transfers, and zombie tasks. This course is intended for experienced NED users. Attendees are encouraged to bring existing "problem" cases for a live Q&A session.

Helping Incoming NIH Summer Students

Summer Student coordinators can expedite the 'on-boarding' process for incoming NIH Summer Students by collecting the four components of the Personally Identifiable Information (PII) -- Legal Name, Date of Birth (DOB), Social Security Number (SSN), and Place of Birth -- and entering this information into NED.

It is important that Summer Students be identified as such in NED by selecting "Yes" to question 1a ("Is the applicant a Summer Student?") during the NED "Register/Activate process." Note: Summer Student is defined as a person "accepted to the NIH Summer Intern Program."

Reminder: All Summer Student NIH ID badges will carry a September 30, 2013 expiration date.

Guide to Giving Summer Students Appropriate Access to NIH Resources

The NIH badge provides access to unrestricted areas at NIH. Summer Students must remain under escort in restricted areas.

A one-page guide describing the process for providing Summer Students with the appropriate access to perform their duties is posted at:
http://www.ors.od.nih.gov/ser/dpsac/badge/Documents/Access%20for%20Summer%20students%20-%202013.pdf .

Visit this Website Before Attending New Summer Employee Orientation
New Summer Students are urged to visit the New Summer Employee Orientation Information website located at the Office of Human Resources website: http://hr.od.nih.gov/workingatnih/newemployee/summer/default.htm. There they will be prompted to visit each link and follow the directions prescribed in ALL seven topics prior to their first day. A New Employee Orientation calendar is also provided on that site.

Helpful Tips

ICs that want to add LWS operators to the approved roster -- send a written request to Richie Taffet at: taffetr@mail.nih.gov. Your request should include the new operator's name, their IC, their NED number, as well as the operator's e-mail address, building/room and phone number.

Once Mr. Taffet has approved the request, he will forward the name(s) to HHSIdentityAdmins@deloitte.com to complete the approval process, add the name to the LWS operator roster and inform the IC that the individual is now approved to operate the LWS.

Need to make changes to the LWS Operator directories? -- drop an e-mail to Lanny Newman, newmanl@mail.nih.gov, and let him know what needs changing (e.g., adding new operators or LWS locations, removing operators, etc.). Remember, before a new operator can be added to the LWS directory, s/he must first be approved by Richie Taffet (see preceding Helpful Tip).

If an LWS is not available in your IC or your immediate area, and you work in the greater Bethesda or Rockville area -- please call 301-451-4766 or 301-402-9755 to schedule an appointment with the Division of Personnel Security and Access Control located in Building 31, Room B1A26 or in Building 10, South Lobby, Room 1C52. Both locations are on the NIH main campus. If you work outside the Bethesda/Rockville area, contact your local badge issuance office.

Purchasing a Lifecycle Work Station -- updated instructions for purchasing a Lifecycle Work Station (LWS) are now posted on the ID Badge website at: http://www.ors.od.nih.gov/ser/dpsac/resources/Pages/purchasing-lifecycle.aspx.

FAQs

Digital Certificates
From 'Smart Card Login FAQs' posted at: http://www.ors.od.nih.gov/ser/dpsac/Pages/Continued-Implementation-of-HSPD-12.aspx.

Q: What are active digital certificates?

A: The gold chip on your HHS ID Badge stores your digital certificates, including the Authentication Key that allows you to log in. To work, the Authentication Key must be active (as in, not expired).

Q: What do digital certificates allow me to do?

A: Digital certificates allow systems to validate who you are and authenticate you as a user. They will also allow you to send and receive encrypted e-mails and digitally sign e-mails.

Q: When do my digital certificates expire?

A: Digital certificates expire every 1 - 2.5 years depending on your affiliation with NIH. They may expire earlier than the expiration date printed on your HHS ID Badge.

Q: Is there a way to check the expiration date of my digital certificates?

A: You can check the status of your digital certificates by visiting http://testmysmartcard.nih.gov. When you are asked to select a digital certificate, the properties of the certificate will display the expiration date.

Or:

If you are using a Windows computer, you can follow these steps to check the expiration date of your certificates using Internet Explorer:

1. Insert your HHS ID Badge into your smart card reader so that the photo

is facing up and the gold chip enters first.

2. Open a session of Internet Explorer.

3. Under the Tools menu on your browser, select "Options" or "Internet

Options."

4. On the "Content" tab, click the "Certificates" button.

5. On the "Personal" tab, you will be able to view your certificates and the

date they expire.

If you need help, please contact the NIH IT Service Desk at 301-496-4357. They can guide you through the steps to check the status of your digital certificates.

Q: I have multiple digital certificates. Do they have different expiration dates?

A: No. All your digital certificates have the same expiration date. When you renew your certificates, all of them will be renewed.

Q: When I log in to ITAS or other applications through NIH Login (iTrust), I am prompted to "Select a digital certificate" before entering my PIN. Which certificate should I select?

A: Directions for selecting the correct digital certificate for smart card authentication are on pages 3 & 4 (steps 4-6) of the document posted at: https://itrusteauth.nih.gov/CertAuth/UsingSmartCardsWithNIHLogin.pdf.

Q: How do I know when my digital certificates are expiring?

A: The HHS Smart Card Management System (SCMS) will send alerts when your certificates are within 42 days of expiration, and every 7 days thereafter until they expire or until you renew them.

It is important to renew your certificates BEFORE they expire in order to prevent access issues.

Make sure that your e-mail settings enable receipt of these alerts that begin with:

Sender: HHSIdentity [donotreply@hhs.gov].

Subject: ACTION REQUIRED: The certificates on your HHS ID

badge must be renewed.

A biweekly e-newsletter from the Office of Research Resources, Division of Personnel Security and Access Control (ORS/DPSAC) to keep you informed as NIH rolls out "Homeland Security Presidential Directive 12" (HSPD-12) establishing a common identification standard to better safeguard NIH and its workforce.