120 likes | 130 Views
Learn about the progress and upcoming milestones of the HSPD-12 program at NIH, which aims to establish secure standards for government identity credentials and protect sensitive information.
E N D
Information & Updates May, 2012
Background: What is HSPD-12? • HSPD-12was issued in August, 2004 with the goal of establishing uniform and secure standards for government identity credentials to safeguard the Federal community, information, systems, and facilities through identity certification and access management. • Implementation was mandatory for all Federal agencies and required the issuance of NIST approved Personal Identity Verification (PIV) cards. Our HHS ID Badges are these PIV cards at HHS. Agency IT systems, applications, and facilities must be enabled to be capable of using a PIV card as the mechanism for granting user access. • OMB M-11-11 was issued in 2011 by the Office of Management and Budget that provided additional requirements and guidance to help agencies implement HSPD-12. • Its message was clear: Federal Agencies have PIV credentials and now we must use them. Continued Implementation of HSPD-12 at NIH
HSPD-12 at NIH: What is Happening? • NIH has made significant progress with HSPD-12 by issuing HHS ID Badges. We are now focused on leveraging that investment by using the technical capabilities of these badges to certify identity and manage access. • NIH is transitioning away from logging into computers and systems with usernames and passwords to smart card authentication using the HHS ID Badge and PIN. • Smart card authentication is more secure because it is a form of two-factor authentication: something you have, like a your HHS ID Badge, and something you know, like a PIN. Continued Implementation of HSPD-12 at NIH
Upcoming Milestones NIH recently completed the first phase of logical access on February 29, 2012, by enforcing the use of two factor authentication for VPN remote access. We are now preparing to meet the following three HSPD-12 milestones: Continued Implementation of HSPD-12 at NIH
Why is HSPD-12 Important? Cyber threat is one of the most serious economic and national security challenges that we face as a nation. HSPD-12 is more than just ID Badges – it will help protect NIH from outside harm, and result in a more efficient and effective security system. • HSPD-12 supports a more secure digital infrastructure to strengthen NIH’s defenses against data theft and security breaches, and to protect our research, patients, and information. • HHS ID Badges provide an easy and standard way to encrypt sensitive information, making it safer for us to share information with the right people and only the right people. • NIH employees, affiliates, and contractors can work remotely in a secure manner, as an HHS ID Badge and PIN provide a simple and secure way to access the NIH network from any location. • ONECard, ONE PIN. When this initiative is fully implemented, all you will need to access the NIH network is your HHS ID Badge and your PIN that you never have to change. • The security of DHHS’s information systems is a top priority in the area of risk management. Compliance with HSPD-12 is part of improving our security policies and procedures and mitigating this risk. Continued Implementation of HSPD-12 at NIH
What is Happening Now to Prepare? In order to transition to smart card authentication for ITAS and the NIH network, with minimal disturbance to the NIH community and research activities, the HSPD-12 Program Team is currently engaged in the following activities to support ICs: Continued Implementation of HSPD-12 at NIH
How You Can Help You play a crucial role in the success of this initiative! You can help by: Continued Implementation of HSPD-12 at NIH
What is Needed for Smart Card Authentication? All NIH employees, affiliates, and contractors will need to be prepared to log in with their HHS ID Badge (PIV Card) and their PIN before smart card authentication is enforced. The HSPD-12 Program Team is currently preparing materials and resources to ensure all individuals have what they need ahead of time. Specific information about each of these items, as well as additional support material, is available on the following website http://www.ors.od.nih.gov/ser/dpsac/Pages/Continued-Implementation-of-HSPD-12.aspx. Continued Implementation of HSPD-12 at NIH
Additional Background Materials Continued Implementation of HSPD-12 at NIH
OMB Requirements and HHS Goals Continued Implementation of HSPD-12 at NIH
HSPD-12 Program Scope at NIH The continued implementation of HSPD-12 spans four related components. NIH is currently focused on the first component, logical access. Continued Implementation of HSPD-12 at NIH
Network Access (March 29, 2013)IC Staggered Roll-Out Schedule Continued Implementation of HSPD-12 at NIH