Overview

Overview

This site contains information pertaining to the NIH Enterprise Directory (NED).

	What is NED?
	Project History
	Purpose of NED
	Who is in NED?
	How Was NED Initially Populated and How is Data Maintained?
	Impact on NIH Business Processes
	Privacy and Security Issues
	User Community Involvement and Awareness

Search NED

Contact the NED project team: ned-ops@list.nih.gov

Last Updated: 11/19/2014

What is NED?

The NIH Enterprise Directory (NED) is a centrally coordinated electronic directory containing information about people working at NIH or using NIH facilities or resources. NED contains contact and location information such as telephone numbers, email address, postal and delivery address, organizational affiliation, and classification (employee, contractor, fellow, guest researcher, etc.). NED also contains personal identifying information such as the HHS ID number that uniquely identifies HHS staff. NED is the best source of information about NIH staff because it includes all types of workers, represents data values consistently, is connected to NIH business processes for registration/de-registration, and is readily accessible. As a result, numerous NIH and HHS systems and applications utilize NED data in support of myriad business activities.

Project History

As a result of the NIH Director’s Retreat of September 1996, the NIH Director commissioned an Information Technology Central Committee (ITCC) to make recommendations for improving information technology management at NIH. Among its seven major recommendations, the ITCC’s report of November, 1996 included the following:

"Develop a strategy for a secure, centrally coordinated NIH electronic directory that logically coordinates directories for e-mail, personnel, parking, etc., and fully implements de-registration activities."

The NIH Director gave the acting NIH CIO the task of implementing these recommendations, who in turn commissioned the NIH Architectural Management Group (AMG), to undertake this work. The AMG’s Report on Interoperability at the NIH issued in May, 1997, made the following recommendations relating to the security and directory strategies:

	Establishment of the NIH centrally supported electronic directory is a critical priority.
	Development and implementation of the directory is a prerequisite to the emplacement of network security at the NIH.
	The directory must be recognized by all ICs as the authoritative source for directory information.
	Unique personal identifiers (not the SSN) must be defined. This will allow integration with systems based on relational databases.
	Declare directory presence a prerequisite for NIH services.

To further develop implementation requirements for NIH security and directory services,the NIH acting CIO approved the formation of a small technical subcommittee, the AMG TSC, which began meeting in August, 1997. This subcommittee developed the concept and design of an NIH electronic directory service and also of an NIH Unique Identifier, or NIH ID, as the common key that would be used to reliably associate with an individual all the related information stored in the electronic directory and various other NIH systems and databases. TSC completed its work in November, 1998 and the Final Architecture Review - Recommendations for an NIH Enterprise Directory Servicewas issued. Work on the directory commenced in late 1998 during which time the project was known as the NIH Electronic Directory, or NED. While the NED acronym remained the same, the directory was subsequently renamed the "NIH Enterprise Directory" to more accurately reflect the enterprise-wide scope of the project.

Purpose of NED

NED provides a central repository of information about people who use NIH services and resources and makes this information available to people and automated applications. NED is also involved in the provisioning of NIH services including ID badges, computer accounts, parking hangers, and NIH Library privileges. NED:

	Provides a single, authoritative source of contact information to people and automated applications for reliable answers to the following questions: - Who works at NIH? - What organization do they work for? - Where do they work? - How can they be contacted? - What services and facilities are they authorized to use?
	Streamlines the registration process for new workers by reducing paperwork and the redundant entry of information into multiple systems.
	Obtains a persistent unique identifier (HHS ID number) to uniquely represent NIH staff and facilitate the sharing of data between NIH and HHS systems and applications.
	Facilitates de-registration by making it easy to reliably identify resources and services associated with an individual (e.g., ID badges, library privileges, computer accounts).
	Enables the re-engineering of outdated, inefficient business practices.
	Enables improved network and application security.
	Is easier to maintain than multiple ad-hoc directories and databases.

Who is in NED?

At a high level, NED classifies NIH staff according to the following classifications: NIH FTE (employee), contractor, fellow, guest researcher, volunteer, and tenant.

Classification	Description
NIH FTE (Employee)	All NIH full time equivalent (FTE) employees. Includes General Schedule (GS), Commissioned Corps, Senior Executive Service (SES), Senior Biomedical Research Service (SBRS),Wage Grade (WG), Special Expert, and Title 42 employees including clinical and research fellows.
FELLOW	All individuals who receive monthly stipends from NIH. Includes Intramural Research Training Award (IRTA) Fellows and Visiting Fellows.
CONTRACTOR	Non-NIH employees who are paid by NIH for services rendered via a procurement vehicle. Includes Professional Service Contractors.
GUEST RESEARCHER	Non-NIH individuals (scientists, engineers, and students) who are permitted to engage in scientific studies and investigations using NIH facilities. Under this program, these individuals further their own research by using equipment and resources that are otherwise unavailable to them. They provide no direct services to NIH.
VOLUNTEER	All non-paid individuals who work for NIH primarily on NIH programs. Includes Special Volunteers.
TENANT	Employees of non-NIH organizations that lease and utilize NIH space. Includes on-site employees of the DHHS Office of the General Counsel (OGC) and the FDA Center for Biologics Evaluation and Research (CBER), Center for Drug Evaluation and Research (CDER), and Shared Services (SS).

How Was NED Initially Populated and How is Data Maintained?

NED was initially populated in November 1999 by joining and importing records from the following NIH databases and systems:

	Human Resources Database (HRDB)
	Fellowship Payment System (FPS)
	Telecommunications Database
	J.E. Fogarty International Center Database (JEFIC)
	Parking and ID Badge Database (PAID)
	E-mail Directory and Forwarding Service (PH)
	Integrated Time and Attendance System (ITAS)

Following the initial population, NED contained approximately 28,000 records for employees, fellows, contractors, guest researchers, volunteers, and tenants. An incremental data population and refresh was performed in May 2000. Since the initial data population, IC administrative staff (e.g., Administrative Officers, Admin. Techs.) have used a web based application to register new people in NED, update records, and deactivate records when people separate from NIH. In addition, NED provides a self-service update capability whereby record owners can update some of their own NED information. NED also obtains data from various external authoritative sources.

Impact on NIH Business Processes

NED has impacted a number of NIH business processes by eliminating formerly paper-based processes for the authorization of ID badges, NIH Library services, and listings in the NIH Telephone and Services Directory. NIH Administrative staff now request these services in NED along with NIH Active Directory (AD) accounts, Exchange mailboxes, VPN remote access, and parking hangers. Numerous NIH computer systems and business groups rely on NED data in support of myriad business activities. The following is a partial list of NED data customers:

	ServiceNow (NIH IT Service Desk incident tracking system)
	Integrated Time & Attendance System (ITAS)
	NIH Business System (NBS)
	Active Directory (AD) and Global Address List (GAL)
	Background Investigation Tracking System (BITS)
	HHS Identity Management System (IDMS) / Smart Card Management System (SCMS)
	Andover/Continuum (ID Badge/Physical Access Control System)
	NIH Library Patrons Database
	Commuter and Parking System (CAPS)
	NIH Telephone Operators Database
	HHS Learning Management System (LMS)
	Radiation Safety Comprehensive Database
	Security Awareness Training System (SATS)
	nVision/Data Warehouse
	NIH Annual Census
	SendWordNow (emergency communications alert system)

Privacy and Security Issues

NED contains non-sensitive, public information as well as sensitive information used to bind person identities to HHS ID numbers. The collection of sensitive information under the NED System of Record Notice (SORN) under the authority of the Privacy Act of 1974 (5 U.S.C. 301 and 302, 44 U.S.C. 3101 and 3102 and Executive Order 9397.)

A number of steps have been taken to ensure the security of NED data. First, access to private information is limited to authorized system users who are restricted to working with records for people in their own IC. Access to records can be further restricted based on the record's organizational affiliation and the authority granted to the user. NIH Login is used to authenticate all users to NED. Second, NED uses SSL (Secure Sockets Layer) technology to create an encrypted channel for data traveling between client workstations and the NED web server. All NED system hardware is housed in a secure data center located on the NIH main campus.Third, a comprehensive NED Security Plan has been developed in accordance with the provisions outlined in the Privacy Act, HHS Privacy Act Regulations, and the requirements of the DHHS Automated Information Systems Security Program Handbook. Finally, NED maintains detailed system logs making it possible to know precisely what information was changed, when, and by whom.

As with any system containing private data, care must be taken by authorized system users in safeguarding and protecting this information. To help achieve this objective, the Executive Officer of each IC has designated one or more NED IC Coordinators (NICs) who are responsible, among other things, for ensuring that only personnel with a legitimate need to access NED are authorized to do so. NICs are also responsible for reporting any privacy or security-related issues to IC management and the NED project team. Privacy and security issues are also covered during NED end user training sessions.

User Community Involvement and Awareness

The NIH Directory Steering Committee (DSC), consisting of AOs and other system stakeholders was formed in early 1999 to work with the NED project team in developing system requirements and specifications. The DSC played a major role in defining the functionality of NEDWeb, the web-based content management application used by administrative stafffor maintaining NED data. Following the development of an initial prototype, NED was piloted by NINR,NIAAA, NCRR, CIT, and NHLBI during the spring of 2000 in order to obtain additional feedback and further refine requirements. Prior to general deployment, a number of presentations were made to stakeholders including NIH Executive Officers, Intramural and Extramural AOs, NIH Office Technology Coordinators, and the AMG Technical Subcommittee. Members of the NED project team continue to meet with stakeholders to discuss and evaluate change requests, interfaces to other systems, and how to best leverage NED's capabilities. In addition, ICs have appointed NED IC Coordinators (NICs) to channel end user feedback to the NED project team. The NED project team may be contacted at ned-ops@list.nih.gov.