|
An Alternate Logon Token (ALT) Card is a smart card used by NIH system administrators (Secondary (AA) Account holders) for privileged access to NIH computers and information systems. ALT Cards are also used by individuals who have PIV cards from other Operating Divisions (OpDivs) but who need logical access to NIH IT resources; it does not open gates or doors. An ALT Card contains one digital certificate, the authentication certificate, which is linked to the card holder's Secondary (AA) Account. See the illustration below to compare features between the ALT Card and PIV card.
Purpose | PIV | ALT | Name and photograph | Yes | No | Opens gates and doors | Yes | No | Certificates used for | Authentication Encryption Digital Signatures | Authentication | AD account authentication | Authentication | Privileged User |
|
Due to the implementation of the NIH Privileged Access Management (PAM) Service, a service to centrally secure, manage and monitor privileged accounts at NIH, Secondary (AA) Accounts will no longer be sponsored for a new Alternate Logon Token (ALT) Card. All Secondary (AA) Accounts must be set up for password auto-rotation unless there is a valid justification needed for exemption. If your account has been exempted from password auto-rotation, you must request an ALT card. The process to request an Alternate Logon Token (ALT) Card has changed.
Please see the following KB article for the latest guidance on how to request an ALT card: ALT Card: Frequently Asked Questions.
|
Account/ALT Approver The Account/ALT Approver (often the ISSO) approves the request for a Secondary account and ALT card.
CIT IAM (ServiceNow Assignment Group: CIT_OITSM_IAMS_ALTCARD) Handles ALT card sponsorship and approval.
DPSAC Email: FacilityAccessControl@mail.nih.gov Coordinates all ALT activities with the IC's ALT Coordinator.
ALT Coordinator One (1) Coordinator will be named per IC. The ALT Coordinator must be a federal employee. This individual is responsible for carrying out tasks outlined in this document:
- Naming ALT Distributors and coordinating their activities
- Receiving and securely storing ALT cardstock and the ALT-tracker spreadsheet
- Handing out cardstock to ALT Distributors
- Ensuring ALT Distributors maintain ALT-tracker spreadsheet with up-to-date information
- Requesting additional cardstock from DPSAC
- Responding to DPSAC ALT cardstock audit and reporting requests
ALT Coordinator Backup One (1) ALT Coordinator Backup may be named per IC and must be a federal employee. This individual performs all ALT Coordinator duties, in their absence.
ALT Distributor The IC's ALT Coordinator may also be an ALT Distributor. All other ALT Distributors report to the IC's ALT Coordinator for oversight regarding distribution and tracking of ALT cardstock. This individual is responsible for:
- Receiving and securely storing ALT cardstock received from ALT Coordinator.
- Maintaining the ALT-tracker spreadsheet with up-to-date information.
- Distributing a blank ALT card to a person who needs one.
- Collecting cardstock from individuals who no longer need their ALT card.
- Replacing lost or damaged ALT cards.
- Recycling ALT cards for re-use.
ALT Holders Individuals who have been issued an ALT card for use with a Secondary account.
ALT Applicant Individuals who have been issued an ALT card for use with a Secondary account.
ALT Holders Individuals who have been issued an ALT card for use with a Secondary account.
ALT Applicant Individual who requests a Secondary account and ALT card.
|
NIH IT Service Desk Contact Information
|
|
|