DPSAC News
A bi-weekly newsletter from the Division of Personnel Security and Access Control
Providing timely information to help keep NIH safe and secure.

April 24, 2019 Issue of DPSAC News
 In this issue:
  • NIH Implements Important Security Enhancements for NIH Network Accounts
  • Summer Interns Arriving at NIH Soon
  • FAQs - Security Enhancements at NIH; Changes to the Summer Internship Program
  • Helpful Tips
NIH Implements Important Security Enhancements for
NIH Network Accounts
On Wednesday April 17, 2019, the NIH Center for Information Technology (CIT) implemented important security enhancements for NIH network accounts that affect NIH staff (employees, contractors, fellows, volunteers, etc.). The implementation of enhanced security controls ensures NIH has the necessary tools and procedures in place to protect NIH data as well as ensure NIH is compliant with Homeland Security Presidential Directive 12 (HSPD-12).
 
What are the changes?
On April 17, 2019, Active Directory (AD) network accounts for new personnel who have yet to be issued a Personal Identity Verification (PIV) badge (also known as HSPD-12 badge) or Restricted Local Access (RLA) badge, will be disabled until the individual completes the required fingerprinting and background investigation requirements, and has been found eligible for a PIV/RLA badge by the ORS Division of Personnel Security and Access Control (DPSAC). 

Prior to being granted access to an AD account or to any NIH IT systems, all new personnel must first be issued a PIV/RLA badge. This change is required to enforce existing NIH policy and mitigate the risk of data breaches and negative impacts to personnel and intellectual property that could result from a cybersecurity breach.
 
How will these changes impact DPSAC?
As a result of this change, DPSAC has experienced a large surge in badge requests and processes related to PIV credentialing. Prior to this change, approximately 1,500 individuals at NIH had been granted access to network accounts who also did not possess a PIV/RLA badge.

As Administrative Officers work to sponsor badges quickly to prevent work-stoppages, DPSAC is faced with processing the hundreds of enrollments and background checks that result. DPSAC is currently facing a substantial backlog as a result, and is mobilizing all available resources to expedite processing.

Average DPSAC processing times have increased from approximately four (4) weeks to six (6) weeks, and will be highly contingent upon the applicant’s timely completion of all required actions. To avoid additional delays in processing, DPSAC urges administrators to sponsor badge requests at least six (6) weeks prior to start date/Entry on Duty.
 
How does this impact the AO community?
To help new NIH staff obtain access to IT networks in a timely manner, it is very important to enter them into NED before they arrive at NIH. Please begin the sponsorship process for new staff at least six weeks prior to the start date. This will help ensure that these individuals have time to complete the necessary steps (fingerprints, photograph, e-QIP, etc.) so they can be eligible for a PIV/RLA badge and should be able to access NIH resources on their start date.
 
Please know that moving forward, people who need IT network access will require an ID badge. This means that you should request both an ID badge and an NIH network account when completing a Register/Activate task in NED. NIH CIT has advised that administrators should no longer select ‘NIH network account' only, as this will not request a PIV/RLA badge. 
 
How does this impact NIH staff?
NIH staff who work remotely and don’t access NIH facilities (such as the Bethesda campus, RML, NIEHS, etc.) now need ID badges to access IT networks. These individuals will most likely have to visit an NIH badging location to obtain a badge.

Remote badging services at other HHS locations are extremely limited and typically reserved for those with extenuating circumstances. These remote facilities do not have the capacity to process all NIH remote staff. For more information on remote processing, click here .

Please be advised that DPSAC cannot issue ID badges to foreign nationals located internationally. We can only process individuals currently residing in the U.S. in order to complete their required fingerprinting and background investigation. These individuals will need to work with their IC's IT department on alternatives for access to IT networks.  

Students Arriving Soon for NIH's
2019 Summer Internship Program

It’s that time of year again when NIH welcomes summer interns participating in the 2019 NIH Summer Student program.
 
This competitive program gives approximately 1,200 select students the opportunity to work side by side with some of the most talented researchers, administrative staff and health professionals in an environment devoted exclusively to biomedical research.
 
Incoming students will be issued NIH Restricted Local Access (RLA) ID badges for physical and logical access.
 
The RLA badge requires the normal two appointments. During the first appointment (15 minutes), students will be identity proofed, fingerprinted and photographed. At the second appointment (15 minutes), student will be issued their RLA Badge.
 
Issuance is subject to DPSAC's successful review of the students' fingerprint results. Any issues identified through the fingerprint results (i.e., issues that might impact the suitability of the Summer student to do the proposed work at NIH), will be determined by Personnel Security in DPSAC prior to issuance of an RLA Badge.
 
Helpful tip:   DPSAC encourages all Institutes and Centers (ICs) to advise their incoming students to make their enrollment and badging appointments  as soon as possible  to avoid any delays in the ID badging process.
 
Get fingerprinted early 
Processing badges for approximately 1,200 individuals over a six- to eight-week period can place a significant impact on the DPSAC staff. To avoid badging delays, DPSAC requests the ICs to have their summer students fingerprinted before their first day of work at any of  NIH's Enrollment locations .
 
 Summer students who are fingerprinted by DPSAC at least one week prior to their first day and receive  favorable results may be issued a badge on their first day at NIH.



Q. Is it true that new NIH personnel must complete their background investigations before they can have their network account activated?

A. Yes. Prior to being granted access to any NIH IT systems, all new personnel must have a PIV/RLA badge. This means that each applicant will be required to have a favorable fingerprint check and their background investigation forms and e-QIP submission will need to be complete prior to being issued a PIV badge or RLA badge.


Q. I understand there will be significant changes to the NIH Summer Internship Program (SIP) for the summer 2019. Can you please summarize these changes?

A. Beginning in 2019, summer interns must be 17 by June 15 of the internship year. Individuals who are in high school must meet two additional criteria: they must be either juniors or seniors, and, if they will not be 18 by June 15 of the internship year, they must, at the time of application, reside within 40 miles of the NIH campus at which they hope to intern.
 
High school summer interns will be selected by an IC selection committee, rather than by individual principal investigators (PIs). Each IC will appoint a High School Summer Coordinator and devise a process for making summer intern selections. With limited exceptions, summer interns will not be appointed to ICs in which a parent or guardian works.​
Do NOT lend your ID badge to anyone! Lending your ID badge is prohibited. To do so is a criminal offense! The issuance of ID badges is based on strict identity proofing and the determination of one's suitability for a specific position classification.

Return Your Badge When Leaving NIH
If you plan to leave the employ of NIH, whether you’re an employee, contractor or affiliate, you will need to turn in your HHS ID Badge (or RLA Badge) to your Administrative Officer so that s/he can deactivate your badge in NED. The AO will turn over the deactivated badge to the badging office.


ALT cards -- should be returned to the  IC ALT card coordinator - NOT to DPSAC.
 Administrative Officers (AOs) who wish to obtain sponsor authority must complete the sponsor training. To access the training module, click on: Sponsor .

Upon completion, the AO should sign and e-mail a copy of the certificate found at the end of the training module to Alex Salah at: salaha@ors.od.nih.gov . Upon receipt of the certificate, Mr. Salah will authorize the AO as a Sponsor. 

Note: ONLY individuals with an Administrative Officer role in NED are eligible to be HHS ID Badge/PIV Card Sponsors.  
A biweekly e-newsletter from the National Institutes of Health, Office of Research Services, Division of Personnel Security and Access Control (ORS/DPSAC) to keep its readers informed of personnel security and access control policies and practices designed to safeguard the NIH and its workforce. DPSAC is responsible for verifying personal identity, validating suitability, reviewing background checks, authorizing facility access and issuing ID badges for NIH personnel. 

Department of Health and Human Services
National Institutes of Health
Office of Management
Office of Research Services
Division of Personnel Security and Access Control
Keep up with the latest NIH updates