Division of Personnel Security and Access Control (DPSAC),
Office of Research Services
Appointment Line: 301-496-0051
Here are the most recent NIH badging statistics from HHS as of
September 13, 2013:
Sponsored: 38,400 Enrolled: 38,012 Issued: 37,603*
*This figure represents 97.9% of individuals who have been sponsored.
FY 2014 OPM Pricing Schedule for Background Investigations
The Office of Personnel Management (OPM) recently published the FY 2014 pricing schedule for Background Investigations in OPM Circular Federal Investigations Notice - No. 13-07 - Investigations Reimbursable Billing Rates for Fiscal Year (FY) 2014.
Costs for the seven most commonly ordered investigations at the NIH are listed in the table below:
Level of Investigation Required Standard Rate
Fingerprint Check only $21.50
NACI (Level 1) $122.00
CNACI (Level 1+) $122.00 + $5 for each State
(Child Care NACI) Criminal History
+ any charges by the
MBI (Level 5B) - Moderate Risk $855.00
BI (Level 6) - High Risk $3,045.00
ANACI (Level 2) - Secret $272.00
SSBI - (Levels 3 and 4)- Top Secret $3,959.00
HHS Completes Update to the HHS Smart Card Management System (SCMS)
NIH Badging Services Back Online
Enrollment and Badge Issuance services, including certificate renewals and PIN resets, resumed on Tuesday, September 17 following a four-day interruption of service for the Department to update its Smart Card Management System (SCMS). These updates were necessary for the Department to transition to a new Certificate Authority (CA), Entrust.
With the upgrade complete and the SCMS back online, NIH will issue all future digital certificates from an Entrust Certificate Authority.
How the transition will affect NIH computer users
Windows users should not notice any change to their service nor are they required to take any action. Mac users, however, may be required to update the Mac 'keychain' so they can validate any Entrust certificates they receive (e.g., digital signatures).
Help with this process can be found on the OCIO website at https://ocio.nih.gov/Smartcard/Pages/PKI_chain.aspx#fix and on the IT Service Management portal at https://myitsm.nih.gov/navpage.do.
As noted on the portal site, "In order for HHS-issued certificates to be considered valid by Mac OS X, the HHS FPKI certificate chain must be installed and marked as trusted on that computer. If this has not been done, user certificates will display 'This certificate was signed by an unknown authority when inspected.'"
To install the HHS FPKI certificate chain, administrative rights are required. Contact the NIH IT Service Desk for further assistance.
NIH IT Service Desk
NED Training Schedule Announced for October, 2013 through March, 2014
The HSPD-12 Program Office is pleased to announce its NED training schedule for October, 2013 through March, 2014. The Program Office is offering four "NED for Beginners" and four "NED for Advanced Users" classes which have been designed to help you quickly master NED in a hands-on computer lab environment. All classes are FREE!
How to Enroll
The NED courses are posted on the CIT Training site where visitors can view availability for any class and receive a confirmation immediately after registering. The catalog of NED classes is posted at http://training.cit.nih.gov/coursecatalog.aspx under "General Seminars."
When you see a course you want to take, just click on the course name (listed in the right column of the table). You'll be taken to the HHS Learning Management System (LMS) where you can register for the course online.
To log onto the HHS Learning Management System you can use either your PIV card and PIN or your NIH credentials. If you experience any difficulties accessing the LMS, please contact the CIT Training Program at 301-594-6248 or send an e-mail to: firstname.lastname@example.org.
Also, the HSPD-12 Program Office will continue to post the NED training schedule in DPSAC News and on the DPSAC website at: http://www.ors.od.nih.gov/ser/dpsac/Training/Pages/nedweb.aspx.
Important! Software Upgrade Required for ALL NIH Lifecycle Work Stations (LWS)
The HSPD-12 Program Office requests that all Institutes, Centers and Offices review their Lifecycle Work Stations (LWS) to ensure they are all running the most recent software version (version 2.5.1). If your LWS software is not the most current version, you must update it as soon as possible.*
For assistance with updating your LWS software, contact the HHS Identity Help Desk at: HHSIdentityAdmins@deloitte.com.
Note: LWS operators will not be able to renew certificates for anyone with a newer type of PIV Card (128k cards) if their LWS is using an outdated version of the software.
* Once you launch the LWS software, you will find the version number in either the top right or top left corner of the screen, depending on which version is being used. To view a sample screen shot, open the LWS training guide on the DPSAC web page at:
New Access Card Utility (ACU) Software Now Available
The Access Card Utility (ACU) software provides an easy alternative for individuals to renew their certificates from a local Windows computer.
The newest version of the ACU - version 1.4.2 - is now available on the ISDP website at: http://isdp.nih.gov/isdp/version.action?prodid=198.
Note: installation of v.1.4.2 requires system administrator privileges.
Those Institutes, Centers and Offices that have deployed the ACU (or plan to do so) are encouraged to upgrade their ACU software to this latest version, along with ActivClient (v18.104.22.168) and the latest hotfix, also available on the ISDP website at http://isdp.nih.gov/isdp/version.action?prodid=127, to support the coming round of certificate renewals.
Renewing Digital Certificates - "Step Two"
Updating Your Computer to Use Your New Certificates
Once you renew your digital certificates (see DPSAC News, September 4, 2013), or replace your HHS ID Badge (PIV Card), you will need to update your computer to use the new certificates. Instructions for this process can be found on the OCIO website at: https://ocio.nih.gov/Smartcard/Pages/NewCertificates.aspx .
Please contact the NIH IT Service Desk:
Reminder: The HHS Subscriber Agreement is the Ongoing Responsibility of All HHS ID Badge Holders
During the HHS ID Badge issuance process, employees, contractors and affiliates sign an agreement acknowledging certain responsibilities that they must abide by in order to use these government credentials.
DPSAC News is publishing the HHS Subscriber Agreement here to remind everyone that being issued an HHS ID Badge is a privilege that carries certain obligations and responsibilities that are in place to help ensure the safety and security of all NIH staff and facilities.
HEALTH AND HUMAN SERVICES (HHS) SUBSCRIBER AGREEMENT
You have been authorized to receive one or more digital credentials (PKI certificates) associated with private and public key pairs. If you are receiving a PIV card, these PKI certificates are contained on your PIV card. At a minimum, these key pairs enable you to electronically identify yourself for systems access. Additional key pairs may enable you to digitally sign documents and messages and perform encryption/ decryption functions.
Acknowledgement of Responsibilities:
I acknowledge receiving my PIV card and/or digital certificates and will comply with the following obligations:
- I will accurately represent myself in all communications with the HHS issuing authorities, to include sponsor, authorizing official, enrollment officials and issuance officials;
- I will comply with the instructions described to me today for selecting a Personal Identification Number (PIN) or other required method for controlling access to my private keys and will not disclose same to anyone, leave it where it might be observed, nor write it on the token itself;
- I will protect the contents of my PIV card at all times, by treating my PIV card as valuable personal property and keeping my PIN from disclosure as described above;
- I understand that if I receive key management (encryption/decryption) key pairs on my token, copies of the private keys have been provided to the key recovery database in case they need to be recovered; however, if I make additional copies of my certificates and private keys, I am responsible for protecting these copies and will store and protect them according to approved HHS policies and procedures;
- I will immediately notify the appropriate authority upon suspicion of loss or compromise (e.g. suspected or known unauthorized use, misplacement, etc.) of my PIV card and/or disclosure of my PIN;
- I will promptly advise the appropriate Registration Authority (RA) if any changes in my registration information and will respond to notices from the RA concerning my digital certificates; and
- Upon the termination of my relationship with the U.S. Government or upon demand by the appropriate authority, I will surrender the PIV card.
Governing Law: Public Key Certificates shall be governed by the laws of the United States of America.
Upon pressing or clicking on the "I Agree" button, you will be asked to present the Personal Identification Number (PIN) that you selected just prior to the appearance of this acknowledgement form. You are digitally signing this acknowledgement statement, which is legally binding, in lieu of a written signature.
Q. The Department, via HHSIdentityAdmins@deloitte.com, recently notified me in an e-mail that the digital certificates on my PIV Card (HHS ID Badge) are about to expire and need to be renewed. When I tried clicking the link in the e-mail to access the self-service Access Card Utility (ACU) I was presented with a 'Desktop Card Utility' screen but it was static. I couldn't take any action.
I'd like to update my certs from my desktop using the ACU. Can you help me?
A. Yes. You are correct that if your IC has loaded the Access Card Utility (older versions may be called "Desktop Card Utility" or "DCU") onto your computer, you should normally be able to use it to update your digital certificates.*
Unfortunately, the utility currently appearing on your computer is not functioning. Typically you would see a 'Continue' 'radio button' toward the bottom of the screen (Figure 1) that, when clicked, would take you through the certificate renewal process.
To have a working version of the ACU installed on your computer, contact the NIH IT Service Desk (http://itsolutionscenter.cit.nih.gov/selfservice/microsites/microsite.do). Check first with your IC to make sure it is OK to install and run the ACU on your desktop.
Note: Currently, you are able to renew your certificates only within the 42-day window prior to your certs expiring. However, as reported elsewhere in this issue of DPSAC News, the Department recently changed certificate authorities (from Verizon to Entrust) which will require everyone to renew their certificates before the end of 2014.
After the ACU is installed on your computer, go back to the link in the HHSIdentity e-mail (http://go.usa.gov/YU8C). That will take you to instructions for renewing your 'certs' using the ACU.
Of course, you can also arrange an appointment with a Lifecycle Work Station (LWS) operator to renew your certificates. To locate an LWS, click on:
*To check whether you have the Access Card Utility loaded onto your computer, click the Start icon located on the bottom left of your monitor and then click All Programs. The Access Card Utility (or Desktop Card Utility for some) should appear above in the left navigation panel.
Q. I'm an AO and I have a question regarding the Forced Renewals that appear in my Inbox. Am I supposed to verify the information and approve it to start the process?
A. Yes. Nothing will happen until you run the task. Forced renewals are described most recently in the FAQs section of the September 14, 2013 DPSAC News.
Do not lend your HHS ID Badge (a.k.a. Smart Card, PIV Card) to anyone! -- Lending out your PIV Card (HHS ID Badge) is prohibited. The issuance of the new HHS ID Badge is based on strict identity proofing and the determination of one's suitability for a specific position classification.
Section on 'Renewing an Existing HHS ID Badge' added to the ID Badge website -- The HSPD-12 Program Office has added 'Renewing an Existing HHS ID Badge' to its website to assist the many employees, contractors and affiliates whose badges are nearing the end of their lifecycle and will require renewal in the near future. See:
ICs that want to add LWS operators to the approved roster -- send a written request to Richie Taffet at: email@example.com. Your request should include the new operator's name, their IC, their NED number, as well as the operator's e-mail address, building/room and phone number.
Once Mr. Taffet has approved the request, he will forward the name(s) to HHSIdentityAdmins@deloitte.com to complete the approval process, add the name to the LWS operator roster and inform the IC that the individual is now approved to operate the LWS.
Need to make changes to the LWS operator directories? -- drop an e-mail to Lanny Newman, firstname.lastname@example.org, and let him know what needs changing (e.g., adding new operators or LWS locations, removing operators, etc.). Remember, before a new operator can be added to the LWS directory, s/he must first be approved by Richie Taffet (see preceding Helpful Tip).
If an LWS is not available in your IC or your immediate area, and you work in the greater Bethesda or Rockville area -- please call 301-451-4766 or 301-402-9755 to schedule an appointment with the Division of Personnel Security and Access Control located in Building 31, Room B1A26 or in Building 10, South Lobby, Room 1C52.
If you work outside the Bethesda/Rockville area, contact your local badge issuance office.
A biweekly e-newsletter from the Office of Research Services, Division of Personnel Security and Access Control (ORS/DPSAC) to keep you informed as NIH rolls out "Homeland Security Presidential Directive 12" (HSPD-12) establishing a common identification standard to better safeguard NIH and its workforce.