Skip to Content
Cancer Therapy Evaluation Program (CTEP)
Contact NExT
Show menu
Search this site
Last Updated: 06/28/22

NCI CTEP IAM User Access Update

To ensure the security and safety of NCI systems, subjects, research staff, and all associated sensitive information, NCI will incorporate Identity Proofing (IP) and Multi-Factor Authentication (MFA) in accordance with National Institute of Standards and Technology (NIST) 800-63-3, Digital Identity Guidelines. The enforcement of these guidelines is regulated by Congress and required for compliance with the Federal Information Security Management Act (FISMA).

NCI’s IP and MFA processes will be managed by ID.me, a Virginia-based company leveraged by federal agencies, states, and private companies in providing a secure digital identity network. ID.me meets all requirements for secure data storage.

ID.me Privacy Policy
ID.me Privacy Bill of Rights

Visit ID.me Government for more information on Federal and State partnerships.

Background

Digital Authentication is the process of verifying a user or device’s identity to enable access to a secure digital service (website, application, etc.). There are multiple ways to verify a user’s electronic digital identity, or unique digital representation. Single-Factor Authentication is the use of a single authenticator, traditionally a password, to verify user identity. Multi-Factor Authentication is a digital authentication method that requires a user to provide two or more authentication factors to gain access to a protected system. Also known as Two Factor Authentication (2FA), this method ensures that user accounts and system data remain secure even when a user password becomes compromised.

Identity Proofing is the process of verifying a user’s digital identity using official, secure documentation, such as a driver’s license or passport.

Affected Systems

Updated authentication requirements apply to all systems utilizing CTEP-IAM and/or NIH credentials, including:

  • NCI, CTEP, and CTSU systems
  • Any other systems, including LPO websites, that use CTEP-IAM for access

Affected Users

The new authentication requirements apply to all new and current registered system users (all those with a CTEP-IAM account), including NCI, LPO, contractor, and site staff.

Timeline for Users

July 8, 2022: The ID.me IP/MFA process will be introduced for all system users. Existing CTEP-IAM credentials will allow access for one year, or until users have authenticated using ID.me.

July 1, 2023: Migration to ID.me IP/MFA is expected to be completed. After this date, users who have not enrolled in ID.me and linked their account to CTEP-IAM will be unable to access NCI systems.

Completing the ID.me IP/MFA Process

After July 8, 2022, existing users will be prompted to complete the ID.me authentication process after logging in using their existing CTEP-IAM credentials.

New users (those applying for CTEP-IAM credentials for the first time) will follow the ID.me authentication workflow from the start. After their CTEP-IAM account application has been reviewed and accepted, new users will receive a secure prompt via email to complete the ID.me process.

Users must have an active CTEP-IAM account before starting the ID.me IP/MFA workflow.

Flowchart illustrating the ID.me IP/MFA workflow

When CTEP-IAM registration is complete, the ID.me IP/MFA process for both new and existing users consists of the following steps:

  1. Sign in or create a new ID.me account with a secure email address. Users do not need to create a new account if they have already authenticated with ID.me through another institution; however, they will still need to link this account to CTEP-IAM via the prompt and through the following steps.
✔ MFA
  1. Select and set up an MFA option. Available options include:
    • Phone Call to Landline with One-Time Passcode (OTP)
    • ID.me Mobile Application Push Notification
    • ID.me Mobile Application Time-Based One-Time Passcode (TOTP)
✔ IP
  1. Choose an identification method and submit for verification. Approved verification documentation includes:
    • Driver’s License or State ID
    • Passport or Passport Card
  1. Submit a personal photograph using a secure mobile device to confirm the identification method.
  2. Confirm user information and consent to the sharing of data by ID.me with CTEP-IAM to link account.

Once an ID.me IP/MFA account has been linked, only ID.me credentials (username and password plus the selected MFA option) will allow a user to access NCI systems. CTEP-IAM credentials will no longer allow access.

Help/Additional Resources

For general information regarding the NCI and ID.me integration, contact the CTEP Help Desk at ctephelpdesk@nih.gov.

For more information about the ID.me/NCI authentication process, go to the NCI & ID.me Help Page or contact ID.me Support for general account assistance.

Additional communication will be provided through various methods to include email broadcasts, newsletters, and training videos. Be sure to return to this page for updates on the NCI and ID.me integration and help resources.