DPSAC News Header

February 19, 2014 issue of the DPSAC NEWS

In This Issue
NED Training Schedule for March, 2014
HHS Expands Policy on Usage of Unauthorized External Information Systems to Conduct Department Business
NIST Now Requiring Agencies to Review and Release e-QIP Before Issuing Badges
Helpful Tips
FAQs
News Briefs

   

 

Contact Us

 

Division of Personnel Security and Access Control (DPSAC),  

Office of Research Services  

 

Personnel Security 

Helpdesk: 301-402-9755

e-QIP: 301-402-9735

Appointment Line: 301-496-0051

E-mail: orspersonnelsecurity@ 

mail.nih.gov

 

Access Control

Helpdesk: 301-451-4766

E-mail: facilityaccesscontrol@ 

mail.nih.gov

 

       

        HHS logo small Logo Mark NIH Logo Mark    

NED Training Schedule for March, 2014

 

The HSPD-12 Program Office will be offering two NED classes in March, 2014. This training is designed to help beginners and advanced users quickly master NED in a hands-on computer lab environment. All classes are FREE!      

  

 

 

How to Enroll

The NED courses are posted on the CIT Training site where visitors can view availability for any class and receive a confirmation immediately after registering. The catalog of NED classes is posted at http://training.cit.nih.gov/coursecatalog.aspx under "General Seminars."     

 

When you see a course you want to take, just click on the course name (listed in the right column of the table). You'll be taken to the HHS Learning Management System (LMS) where you can register for the course online.

 

To log onto the HHS Learning Management System you can use either your PIV card and PIN or your NIH credentials. If you experience any difficulties accessing the LMS, please contact the CIT Training Program at 301-594-6248 or send an e-mail to: cittraining@mail.nih.gov

 

Also, the HSPD-12 Program Office will continue to post the NED training schedule in DPSAC News and on the DPSAC website at:  

http://www.ors. od.nih.gov/ser/dpsac/Training/Pages/nedweb.aspx.  

 

HHS Expands Policy on Usage of Unauthorized External Information Systems to Conduct Department Business

 

DPSAC News is reprinting the following HHS memo, dated January 30, 2014, regarding the "Usage of Unauthorized External Information Systems to Conduct Department Business," as a reminder of the guidelines set forth concerning the transmission of sensitive information.

" 'Everyone who is assigned an HHS-provided e-mail or online storage account must use those government-provided resources for conducting any and all official HHS business:

In no case should staff conduct official HHS business using personal e-mail or personal online storage accounts if a federally-owned or federally-contracted alternative is assigned to them.'

 

In other words, please do not e-mail any government-related documents to a personal e-mail account or upload documents related to government-business to any type of online data storage system (for example, Dropbox or Google Drive). This includes contractor-supplied e-mail accounts and storage systems. A copy of the memo can be found here.

 

Additionally, it is important to remember the rules regarding Personally Owned Equipment (POE) when connecting to the National Institutes of Health (NIH) virtual private network (VPN) services.     

 

The NIH Policy on the Prohibited Use of Non-Government Furnished (Non-GFE) IT Equipment reads in part:

 

'By the end of 2013, remote desktop connections must be performed over approved NIH Virtual Private Network (VPN) services and can only be made from government furnished equipment (GFE).'


Beginning immediately, the NIH will begin efforts to enforce the removal of Personally Owned Equipment from NIH VPN access. This includes contract-supplied computers.

If you are currently using POE to connect to VPN, please review the policies below and reach out to your supervisor or project lead for further instructions. 

 

Access the VPN Request form here. Read the NIH OCIO policy here. Read the NIH Remote Access Standards here

 

If you need more information, please contact the NIH IT Service Desk:

           301.496.4357 (HELP)

           866.319.4357 toll free

           online via http://ithelpdesk.nih.gov/support "
   

National Institute of Standards and Technology (NIST) Now Requiring Agencies to Review and Release e-QIP Before Issuing Badges

This article is reprinted from the December 5, 2013 DPSAC News

 

Not Entering New Hire Information into NED prior to EOD Likely to Delay Badge Issuance for Days, Weeks or Longer!

 

Until now, DPSAC has been able to issue an HHS ID Badge once DPSAC has received confirmation back from the Office of Personnel Management (OPM) that the fingerprints are 'clean,' and DPSAC has received the completed electronic Questionnaires for Investigations Processing (e-QIP) forms from the new hire.  

 

Due to recent updates to the Federal standards (FIPS 201-2) regulating the implementation of HSPD-12, NIST and OPM are now requiring all agencies to hold off issuing new badges until each individual's e-QIP forms have been submitted by the candidate, reviewed by the respective agency and released to OPM. Note: there are NO exceptions! 

 

For DPSAC to meet this new challenge -- of reviewing each candidate's e-QIP forms and releasing them to OPM -- it's imperative that AOs enter the individual into NED as soon as possible, and prior to EOD. If an individual is not entered into NED prior to EOD, DPSAC will not have access to the information it needs to review the case prior to submitting the questionnaires to OPM.  

 

This delay will have a domino effect, and will likely cause the applicant to wait several weeks to get his or her new HHS ID Badge. DPSAC is urging AOs to put these individuals in NED as early as possible to avoid this major inconvenience to their new staff members.  


Helpful Tips

Do not lend your HHS ID Badge (a.k.a. Smart Card, PIV Card) to anyone! 
-- lending out your PIV Card (HHS ID Badge) is prohibited. The issuance of the HHS ID Badge is based on strict identity proofing and the determination of one's suitability for a specific position classification.

ICs that want to add LWS operators to the approved roster --  send a written request to Richie Taffet at: taffetr@mail.nih.gov. Your request should include the new operator's name, their IC, their NED number, as well as the operator's e-mail address, building/room and phone number. 
 
Once Mr. Taffet has approved the request, he will forward the name(s) to HHSIdentityAdmins@deloitte.com to complete the approval process, add the name to the LWS operator roster and inform the IC that the individual is now approved to operate the LWS.

  

Need to make changes to the LWS operator directories? -- drop an e-mail to Lanny Newman, newmanl@mail.nih.gov, and let him know what needs changing (e.g., adding new operators or LWS locations, removing operators, etc.). Remember, before a new operator can be added to the LWS directory, s/he must first be approved by Richie Taffet (see preceding Helpful Tip).  

  

If an LWS is not available in your IC or your immediate area, and you work in the greater Bethesda or Rockville area -- please call 301-451-4766 or 301-402-9755 to schedule an appointment with the Division of Personnel Security and Access Control located in Building 31, Room B1A26 or in Building 10, South Lobby, Room 1C52.    

 

If you work outside the Bethesda/Rockville area, contact your local badge issuance office. You can find contact information for all badge issuance offices at: http://www.ors.od.nih.gov/ser/dpsac/Pages/contactinfo.aspx.   

 

How to recover your old (expired) digital certificates --  if you want to read signed or encrypted e-mail messages that you sent or received using a now-expired certificate, you first need to recover that certificate from the HHS Identity PIV Portal. For instructions on how to recover your old certificates, visit: http://www.ors.od.nih.gov/ser/dpsac/Documents/How_To_Recover_Certs.pdf.   


FAQs

Q.  I made an appointment to come to Building 31, Room 1B03 on the NIH Bethesda campus for next week to get fingerprinted and photographed for a new employee HHS ID Badge.

 

How do I get onto the campus? Does someone need to authorize me to come in via the visitor center (I have entered as a guest at South Drive before ... but on those occasions my host knew I was coming and met me plus had a temporary badge ready)?  Also, if I park in the garage, how do I get to Building 31 ? 

 

A.  Visitors may enter the NIH campus unaccompanied and must enter through the NIH Gateway Center. You will be asked to submit to a vehicle inspection if you are bringing your vehicle onto campus as well as a personal inspection.

Also, you will be required to show one (1) form of identification (a government-issued photo ID, such as a driver's license, passport, green card, etc.) and to state the purpose of your visit. Visitors under 16 years of age must be accompanied by an adult.

 

When you pass through the Gateway Center you will be issued a visitor's pass for the day. The Advanced Accompanied Visitor Pass is available for those who don't want to go through the normal visitor screening process. Those individuals get checked in advance and have an NIH employee accompanying them upon entry.  

 

The NIH Gateway Center is located adjacent to the Medical Center Metro Station off of Rockville Pike/Wisconsin Avenue (Route 355). It combines visitor parking, non-commercial vehicle inspection and visitor ID processing, all in one location.  

 

The NIH will process all visitors entering the NIH campus in vehicles or as pedestrians.

 

Information about visitor parking, a campus map, and other information helpful to visitors can be found online at: http://www.nih.gov/about/visitorsecurity.htm.    

News Briefs

 

New Video on the HHS ID Badge Issuance Process --  'Getting an HHS ID Badge,' a four-minute video produced by the HSPD-12 Program Office, helps viewers understand the process of getting an HHS ID Badge and outlines the four steps that make up the badge issuance process.

 

This helpful video is now posted on the NIH YouTube channel and can be viewed directly using the link: http://www.youtube.com/watch?v= Xq5v k7irwHs . The video is also posted on the DPSAC website (http://idbadge.nih.gov) under the 'What's New' section of the main page.

 

The NIH administrative community and DPSAC staff will want to add this video to their toolbox to help new staff navigate the HHS ID Badge issuance process.

  

 

E-Mail Scam Requesting Money for Security Clearance Certificates Hits NIH -- the NIH Police recently alerted the NIH security community to a bogus e-mail that appears to be targeting foreign nationals at NIH. The e-mail is made to appear as if it originates from the United States Treasury Department and directs the recipient to contact the Department of Homeland Security and to "send the DHS the sum of $350 Dollars only for the issuing of the Clearance Certificate."  


The e-mail also asks for personally identifiable information and warns that "failure to comply can result in legal action... ."

NIH'ers are advised to be on the lookout for this e-mail and to be wary of any e-mail that asks for money or threatens you with legal action. A PDF of the bogus e-mail can be viewed by clicking on the link:
Scam.

 

A biweekly e-newsletter from the Office of Research Services, Division of Personnel Security and Access Control (ORS/DPSAC) to keep you informed as NIH rolls out "Homeland Security Presidential Directive 12" (HSPD-12) establishing a common identification standard to better safeguard NIH and its workforce.