CTEP Branches and Offices
NCI CTEP IAM User Access Update
To ensure the security and safety of National Cancer Institute (NCI) systems, subjects, research staff, and all associated sensitive information, NCI has now incorporated Identity Verification/ Proofing (IP) and Multi-Factor Authentication (MFA) into systems access. Identity verification and MFA is required for all U.S. federal systems to meet NIST SP 800-63-3 Digital Identity Guidelines. This next generation of technology and techniques is required to protect user credentials accessing systems with confidential information in accordance with the Federal Information Security Management Act (FISMA). NCI must restrict NCI applications to users that have completed the identity verification and MFA process by January 1, 2024.
To comply with Federal regulations, NCI has partnered with ID.me, a next-generation identity platform which meets the highest federal standards for online identity proofing and authentication. ID.me provides the strongest identity verification system available to prevent system breaches and user identity theft. ID.me’s primary goal is to ensure sufficient evidence of a user’s identity in order to meet NIST SP 800-63-3 Digital Identity Guidelines. Users will be required to enroll in ID.me with a one-time submission of unique identifiers and photo/ video proof for identity verification and authentication. This digital security process ensures your data is safe, encrypted, & protected and has been leveraged by federal government services, state agencies, and private companies nationwide. Please visit ID.me Government for more information on Federal and State partnerships.
Background
Identity Proofing (IP) is the process of verifying a user’s digital identity using official, secure documentation, such as a driver’s license or passport. The goal of identity proofing is to ensure that a user's claimed identity matches their actual identity. Digital Authentication is the process of verifying a user or device’s identity to enable access to a secure digital service (website, application, etc.). There are multiple ways to verify a user’s electronic digital identity. Single-Factor Authentication is the use of a single authenticator, traditionally a password, to verify user identity. Multi-Factor Authentication (MFA) is a digital authentication method that requires a user to provide two or more authentication factors to gain access to a protected system. Also known as Two Factor Authentication (2FA), this method ensures that user accounts and system data remain secure even when a user’s password becomes compromised.
Affected Systems
Updated authentication requirements apply to all systems utilizing CTEP-IAM, including:
- NCI systems such as, CTEP ESYS, CTSU ESYS, THERADEX, CIRB and NCORP SYS applications
- Any other systems, including LPO websites, that use CTEP-IAM for federated authentication purposes
Affected Users
The new authentication requirements apply to all new and currently registered system users (all those with a CTEP-IAM account), including NCI, LPO, contractors, site staff, and international users.
International Users
International users or CTEP users living outside of the U.S. are expected to complete their identity verification and MFA setup with ID.me. While this is a requirement to access U.S. government IT applications according to NIST SP 800-63-3 Digital Identity Guidelines, these guidelines are in place to protect user information and proprietary system data, irrespective of country residence. Many international governments have collaborated with NIST and even fully incorporated the NIST framework to safeguard user access and digital data. Public Safety Canada endorses the NIST Framework, developed by the United States’ Department of Homeland Security with the National Institute for Standards and Technology (NIST), and acknowledges the relevance and applicability of the NIST Framework in the Canadian context and cyber security. Users under GDPR compliance or those without possession of one of the unique identifiers accepted by ID.me (U.S. SSN / ITIN, or international passport), will be allowed to utilize CTEP-IAM accounts and temporarily bypass the ID.me requirement. This provision will be in place until January 1, 2024, after which, users will need to register with ID.me for continued access to NCI systems. For detailed steps on creating an ID.me account as an international user, click here.
NIH Account Holders
NIH accounts already meet the IP/MFA requirement to access federal systems. Users with NIH accounts are not required to complete the ID.me account process and can continue using their CTEP-IAM or NIH credentials/ PIV cards (where available) to log in to NCI systems.
Timeline for Users
July 8, 2022: The ID.me IP/MFA process has now been introduced for all system users. Existing CTEP-IAM account credentials will allow access for one year, or until users have authenticated using ID.me. Users requesting new CTEP-IAM accounts will be required to complete the ID. me IP/ MFA process before having access to NCI systems. NIH account holders are not required to complete the ID me process
January 1, 2024: Migration to ID.me IP/MFA is expected to be completed. After this date, users who have not enrolled in ID.me and linked their account to CTEP-IAM will be unable to access NCI systems.
After July 8, 2022, all NCI application users must complete the ID.me authentication and link their ID.me credentials to their CTEP-IAM accounts. This process must be completed directly through the CTEP- IAM application site. Once an ID.me IP/MFA account has been linked, only ID.me credentials (username and password plus the selected MFA option) will allow a user to access NCI systems. CTEP-IAM credentials will no longer allow access.
To enroll in ID.me, users will need to provide a unique identifier (such as a social security number (SSN), individual tax identity number (ITIN), and/or passport number), photo identification, and picture verification (via a selfie submission or video call). Users will only need to verify their identity with ID.me once.
Webinars:
Live webinars on the CTEP-IAM & ID.me implementation will be hosted to provide users with helpful & hands-on information. Specialized CTEP-IAM Identity Proofing (IP) and MFA information sessions will be hosted for Canadian Users. Webinars are expected to resume June 2023. Please check back for scheduled dates and registration links for each session.
Completing the ID.me IP/MFA Process
| Existing Users (those with CTEP-IAM accounts): | New Users (those applying for CTEP-IAM accounts for the first time): | |
|---|---|---|
| What you will need to have: |
|
|
| What you will need to do: |
|
|
| Where you can find detailed instructions: | Existing User SOP | New User SOP |
| Where you can find a training video: | ID.me Existing User Training Video ID.me Existing User Training Video Transcript |
ID.me New User Training Video ID.me New User Training Video Transcript |
Special Notices for International Research Staff
Memo to International Researchers
Memo to Canadian Researchers
Help/Additional Resources
Additional communication will be provided through various methods to include email broadcasts, newsletters, and training videos. Be sure to return to this page for updates on the NCI and ID.me integration and help resources.
Individuals registered as registration coordinators in RCR/ECM will now receive a monthly report indicating which investigators on their site list have or have not onboarded to ID.me.
For frequently asked questions, click here
For more information on the NCI and ID.me integration, please visit NCI & ID.me.
For more information on ID.me’s privacy policies please visit ID.me Privacy Policy
For questions about the NCI and ID.me authentication process, please contact the CTEP Help Desk at ctephelpdesk@nih.gov.
For questions about your ID.me account or the ID.me verification process, go to ID.me Help Center.