HSPD-12 Related Definitions and Glossary

 Print iconClick here for Printable Version
click on the letter to go to the alphabet listing.


Access control
: The process of granting or denying requests to access physical facilities or areas, or to logical systems (e.g., computer networks or software applications).

ActivClient MiddlewareSmart card software that enables computer applications to talk to the computer chip on the smart card (PIV Card/HHS IID Badge).

ANACI:Access NACI: An initial investigation for federal employees who will need access to classified national security information at the Confidential or Secret level.

AnyConnect: Cisco AnyConnect is an application that enables your remote (i.e., outside of NIH) computer to establish a virtual private network (VPN) connection to the NIH network (NIHnet) so that it behaves just like a computer that is inside of NIH.

Affiliate: Individuals requiring a Personal Identity Verification (PIV) card to gain access to NIH and who are not employees or contractors (e.g., special volunteers, tenants, guest researchers, fellows)

Applicant: The person to whom a Personal Identification Verification (PIV) Card needs to be issued. Until an offer of employment is made, a person is not considered an applicant.

Approval Authority: The person who manages the entire Identity Management System (IDMS). This person is responsible for designating people who will perform the duties of the Employer/Sponsor. The person with approval authority ensures that no single individual/role has the capability to issue a card without the participation of another individual, and that there are at least two different individuals participating in the process at all times.

ATO:Authority to Operate - Authorization from a superior to proceed.

Authentication: The process of establishing a person's identity and determining whether people are who they say they are.

Authorization: The process of giving people access to specific areas or systems based on their authentication.
Back to the Top

BI: Background Investigation - The search of a person's records covering specific areas of an individual's background, usually over a set period of time.

Biometric: A measurable physical characteristic used to recognize the identity of a person. Examples include fingerprints and facial images. A biometric system uses biometric data for authentication purposes.

BSL:Biosafety Levels - Define proper lab techniques, equipment, and design.

BITS:Background Information Tracking System - NIH/DPSAC repository for inventoried data.
Back to the Top

CAN: Common Account Number - Unique identifier to each IC.

CHUID:Cardholder Unique Identifier - Contains agency data, cardholder data, and card expiration date.

CIT:Center for Information Technology - Provides support for NIH software development.

CNACI:Child Care NACI - Required investigation for positions involving child care.

CJIS:Criminal Justice Information Services - FBI’s criminal data repository.
Back to the Top

Digital Signature - or Digital Signature Scheme, is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature provides the recipient with a guarantee that the message was created by a known sender and the contents of the message have not been modified or otherwise tampered with.

Digital Certificate - an attachment to an electronic message used for security purposes. The most common use of a digital certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.

An individual wishing to send an encrypted message applies for a digital certificate from a Certificate Authority (CA). The CA issues an encrypted digital certificate containing the applicant's public key and a variety of other identification information. The CA makes its own public key readily available.

The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate. With this information, the recipient can send an encrypted reply. 

DIS:Division of International Services - Provides immigration-related services for NIH.
DP:Division of Police - Protects NIH from criminal activity and acts of terrorism.
DPSAC:Division of Personnel Security and Access Control - Provides personal identity verification services, access control, and issues ID badges for the NIH community.
Back to the Top

e-QIP: Electronic Questionnaires for Investigations Processing -  Using a secure Internet connection, e-QIP gives applicants the ability to electronically enter, update, and transmit their personal investigative data to their employing agency for review and approval.

Emergency Response Official: Federal Emergency Response Officials are personnel directly involved with an agency’s organized actions taken by trained individuals to control immediate dangers to life and health in an effort to preserve life safety, conserve property and stabilize incidents. These immediate dangers occur in the acute phase, or first 24 hours, of crises or emergencies. Officials focus on controlling the immediate dangers as a priority that takes precedence over recovery and mitigation. Once the emergency situation has been stabilized and the immediate dangers do not persist, activities move to a “consequence management” phase. Personnel involved with consequence management are not necessarily considered Federal Emergency Response Officials.” NIH Employees with this designation have a red stripe on the bottom of their individual PIV badge.

EOD: Entry on Duty: First day of employment with NIH.
Back to the Top

Federal Bureau of Investigation (FBI) Fingerprint Check:
A fingerprint check of the FBI fingerprint files. This check is the minimum requirement for provisional card issuance.

FIPS 201-1: Federal Information Processing Standards - Federal publication developed to establish standards for identity credentials.
Back to the Top

HSPD-12: Homeland Security Presidential Directive 12: Directive for a common identification standard for all FTEs and contractors.
Back to the Top

IDMS: Identity Management System - Systems or applications that manage the identity verification and validation process.

Identity-proofing: The process of providing sufficient personal identifying information (e.g., driver's license, proof of current address, etc.) to a registration authority, or the process of verifying a person's information that he or she is that person.

Issuer: The person or entity that activates and issues a Personal Identification Verification (PIV) Card to an applicant following the positive completion of all identity proofing, background checks, and related approvals. The Issuing Authority is responsible for verifying a biometric fingerprint match between the applicant and the identity system when the card is being issued.

ITAS: Integrated Time and Attendance System -  a timekeeping system that allows users to update and approve their timecards online.
Back to the Top

JPAS: Joint Personnel Adjudication System - Department of Defense (DOD) repository for background investigations data.

                                                                                                                                                    Back to the Top


Keychain Access - a Mac OS X application that allows the user to access the Apple Keychain to store all sensitive information in one secure place making it easy for applications to access. Keychain Access allows the individual to verify that the PIV Card (HHS ID Badge) is read and that the necessary certificates are found and are valid. It is located in the Utilities folder under the Applications folder.


Back to the Top

LBI: Limited Background Investigation: Minimum investigation required for a Public Trust level 5c background investigation.

LACS: Logical Access Control System - Protection mechanisms that limit users' access to information, and restrict their access on the system to only what is appropriate for them.
Back to the Top

MBI: Minimum Background Investigation - Includes a NACIC and face-to-face interview with a personal investigator.

Middleware: See ActivClient Middleware

Mission Critical Facility: A building or group of buildings in one geographical area, so vital to the United States and/or HHS that the incapacity or destruction would have a debilitating impact on security, national economic security, national public health or safety, HHS mission accomplishment during crisis circumstances, or any of these combined.
Back to the Top

NAC:National Agency Check - Standard NACs involve the basic and minimum investigation required of all federal employees and contractors. They consist of searches of the OPM Security/Suitability Investigations Index (SII), Defense Clearance and Investigation Index (DCII), FBI Name Check, and FBI National Criminal History Fingerprint Check

NACI:National Agency Check with Inquiries - In addition to NAC requirements, NACIs include written inquiries and searches of records covering specific areas of a person's background during the past five years (inquiries sent to current and past employers, schools attended, references, and local law enforcement authorities).

NACIC:National Agency Check with Inquiries & Credit Check - NACICs require the same items as NACIs, with an additional requirement for credit checks for persons in Public Trust Positions.

NACLC: NAC with Local Agency Check and Credit - Initial investigation for contractors, consultants, and experts at the Confidential and Secret national security levels.

NCIC: National Crime Information Center - FBI’s index of criminal justice data.

NED: NIH Enterprise Directory - Web based NIH community data repository.
Back to the Top

OMB: Office of Management and Budget

OPM: Office of Personnel Management - Ensures the Federal Government has an effective civilian workforce.
Back to the Top

PACS: Physical Access Control System - Protection mechanisms that limit users' access to physical facilities or areas to only what is appropriate for them.

PII: Personally Identifiable Information - Unique personal information.

PIN: Personal Identification Number - a number that is set by you and known only to you that serves as a key to your smart card. Individuals issues a PIV Card (HHS ID Badge) are asked to create a six – eight digit PIN. This is the PIN you will use along with your HHS ID Badge to log in.  Smart card login (using your PIV Card and PIN) is more secure than Username/Password login because it is “two-factor authentication” - something you have, like your HHS ID Badge, and something you know, like your PIN.

PIPS: Personnel Investigations Processing System - OPM’s background investigation repository.

PIV: Personal Identity Verification -The process that federal employees and contractors who routinely gain access to federal facilities and information systems must go through. Applicants must prove their identity, be fingerprinted and have a background investigation before receiving a federal ID badge called a PIV Card.

PIV Authentication Certification Authority: The person with Certification Authority that signs and issues the PIV Authentication Certificate of the applicant.

PIV Card Issuer: The individual or entity that issues an identity credential to an applicant following the positive completion of all identity proofing, background checks, and related approvals. This role is normally associated with Badge or Credential Issuance. In most Operating Divisions (OPDIVS) or Staff Divisions (STAFFDIVS), it is a function of either Personnel or Physical Security.

PIV Card: A government-issued credit card-sized identification that contains a microchip, which can be machine-read through direct contact or very short distances. The holder's facial image will be printed on the card along with other identifying information and security features. The microchip will store a user's access (Public Key Infrastructure (PKI)) certificate, the card holder's unique identifier (CHUID), and fingerprint biometric. This information can be used to authenticate the user for physical access to federally controlled facilities and logical access to federally controlled information systems.

PIV Card Categories [2]:
Category #1: Federal Employee: Federal employees as defined in title 5 U.S.C § 2105; individuals employed by, detailed to, or assigned to NIH; members of the PHS Commissioned Corps, Armed Forces, DOD and DOS civilian employees; paid students; or any individual occupying a Full Time Equivalent (FTE) position or Part Time Equivalent (PTE) position

Category #2: Federal Contractor & Organizational Affiliate: Federal contractors include individuals performing work under contract to NIH, who require regular and prolonged access to NIH-controlled facilities and/or NIH-controlled information systems – for whom the NIH has determined to issue an HHS PIV-II ID Card.

Organizational affiliates include any individual who does not meet the criteria for federal employee or federal contractor but who does require regular and prolonged physical and/or logical access to NIH facilities and/or information systems and would be issued an HHS credential in accordance with NIH determination.

PIV Digital Signatory: The entity that signs the PIV biometric and cardholder unique identifier of the applicant.

Public Trust Position: Positions in which the incumbent's actions or inactions could diminish public confidence in the integrity, efficiency, or effectiveness of assigned government activities, whether or not actual damage occurs. Also applies to positions in which the incumbents are being entrusted with control over information which the Department has legal or contractual obligations not to divulge.
Back to the Top

Registrar: The Personal Identity Verification (PIV) Registrar acts on behalf of the Department or agency to enroll an Applicant into the PIV system, ensure completion of a background check, and approve the issuance of the PIV Card.

Remote Issuer: The Personal Identity Verification (PIV) Remote Issuer is not located at or near a PIV Card Issuing Facility (PCIF). The Remote Issuer serves as a proxy to the Issuer by delivering personalized PIV Cards to authorized Applicants who are also remote to a PCIF.
Back to the Top
SAC: Special Agreement Check - Criminal history check.

SCMS: Smart Card Management Systemsends alerts when your digital certificates are within 42 days of expiration, and every 7 days thereafter until they expire or until you renew them. You must renew your certificates BEFORE they expire in order to prevent access issues. Enable your e-mail settings to receive these alerts:


·       Sender: HHSIdentity [].
·       Subject: ACTION REQUIRED: The certificates on your HHS ID badge must be renewed.


SF: Standard Form

SmartCard Middleware - see ActivClient Middleware

SmartCard Reader - hardware that provides the physical connection between your HHS smart card ID badge and applications on your computer.

SOP: Standard Operating Procedure

SP: Special Publication

SSBI: Single Scope Background Investigation - Required background investigation for individuals seeking Top Secret security clearances.

SSBI-PR: SSBI Periodic Reinvestigation - Required investigation every five years after an initial SSBI.

Sponsor: The Personal Identity Verification (PIV) Sponsor acts on behalf of the Department or agency to request an Applicant be issued a PIV Card (HHS ID Badge). 
Back to the Top

Threat: Any circumstance, event, or person that can potentially harm or adversely affect the organization and its inherent systems, processes, and people. Events can involve IT systems; circumstances can involve employees sharing sensitive information with outside agencies that do not have approved access.
Back to the Top


VPN or Virtual Private Network: a secure method of accessing NIH computing resources remotely.

Vulnerability: Defined as any weaknesses in the organizational environment that can be exploited. Vulnerabilities exist when there is a flaw or weakness in the existing system. It is possible to close the “vulnerability gap” by creating certain “fixes.”  Examples of these “fixes” are HSPD-12 and its supporting processes.

Back to the Top