A Roadmap to Be NIH Ready
To enable its mission, the National Institutes of Health (NIH) is expanding its NIH Login Service gateway to facilitate secure access to NIH IT resources by biomedical researchers, faculty, and scientists around the globe. Resources protected by the NIH Login Service include controlled-access research data and grants administration systems.
InCommon participants whose users access NIH resources via federated access need to update their identity providers meet three requirements:
- Release Basic User Information about the people accessing NIH resources so that we can provision and manage efficient and secure access.
- Perform Multi-factor Authentication (MFA) to minimize risk to NIH IT resources.
- Provide Identity Assurance that each person who logs in is who they say they are so that NIH can provide appropriate authorization to access NIH data.
What does this mean?
NIH is asking InCommon (and international R&E federation) Participants to update their federated single sign-on service to support three research and education federated access standards.
NIH's Requirement | InCommon Participant's To Do |
|---|---|
Release Basic User Information | Release the user information defined in the REFEDS Research and Scholarship (R&S) entity category when a user signs into NIH resources. |
Perform Multi-factor Authentication (MFA) | Perform MFA for a user when requested by the NIH Login Service; support MFA request and response signaling using the REFEDS MFA Profile. |
Provide Identity Assurance | Perform appropriate identity proofing and credential binding for users accessing federated resources; at sign-in time, communicate each user's identity proofing level using the REFEDS Assurance Framework. |
Implementing the REFEDS Assurance Framework
To help InCommon Identity Providers meet NIH’s identity assurance requirement, the Assured Access Working Group—chartered by the Community Trust and Assurance Board—published the Recommendations for REFEDS Assurance Framework 2.0 Implementation. The guide lays out what RAF2 requires, how to assess your identity proofing practices, and how to signal the correct assurance values in your federated transactions.
Read the guide: https://doi.org/10.26869/TI.180.1
Consulting Assistance
Partners participating in the InCommon Catalyst Program→ are skilled and ready to help you design and implement solutions to meet these NIH requirements. If you need help, these Catalysts are great resources:
Resources
- REFEDS MFA Profile →
- REFEDS Research and Scholarship (R&S) →
- R&S Explained in Plain English
- REFEDS Assurance Framework →
- Recommendations for REFEDS Assurance Framework 2.0 Implementation for InCommon Identity Providers
- Assured Access Working Group wiki
- REFEDS Assurance Working Group wiki →
- eRA Security Compliance Check Tool →
- Cirrus Helps Institutions Meet NIH Requirements with the Bridge Federation Adapter→
- Educause Review: Cloud-First Approach for NIH and Academic Research Access →
Highlights of select NIH Services
Controlled Access Data Repositories (CADRs)
Access Requirements
CADRs Requirements | InCommon Participant's To Do |
|---|---|
Release Basic User Information | Release the user information defined in the REFEDS Research & Scholarship (R&S) entity category. |
Multi-factor Authentication | Accept multi-factor authentication requests and signal outcome using the REFEDS MFA Profile. |
Share Identity Assurance Information | Signal user identity assurance information using the REFEDS Assurance Framework. Only the IAP/high level of assurance is permitted access to CADRs. |
About CADRs
Controlled Access Data Repositories house sensitive human subjects data spanning the various NIH programs. Researchers are granted access to these individually by Data Access Committees associated with each repository or group of repositories. Following is a list of CADRs:
CADR Name | Sponsoring IC |
|---|---|
NLM: The database of Genotypes and Phenotypes (dbGaP) | NCBI/NLM |
NLM: Restricted Portion of Sequence Read Archive (SRA) | NCBI/NLM |
NHGRI Genomic Data Science Analysis, Visualization, and Informatics Lab-space | NHGRI |
NHLBI RECOVER/ Bio Data Catalyst | NHLBI |
NCI Genomic Data Commons | NCI |
INvestigation of Co-occurring conditions across the Lifespan to Understand Down syndromE (INCLUDE) Data Hub | OD (NICHD, NHLBI, NIA) |
Cancer Data Service (CDS) - Cancer Research Data Commons - Trusted Partner | NCI |
GDC: Kids First Data | NICHD/NCI |
Accelerating Medicines Partnership® Parkinson's Disease (AMP® PD) | NINDS |
NIMH Data Archive (NDA) | NIMH |
NDA: National Institute on Alcohol Abuse and Alcoholism Data Archive (NIAAADA) | NIAAA |
NIH Brain Development Cohorts Data Sharing Platform (NBDC) | NIDA |
The Neuroscience Multi-omic Data Archive Brain/NeMo | NIMH |
PsychENCODE Knowledge Portal | NIMH |
NIMH Repository and Genomics Resources (NRGR) | NIMH |
Parkinson’s Disease Biomarkers Program - Data Management Resource (PDBP DMR) | NINDS |
PEGS: Personalized Environment and Genes Study | NIEHS |
The National Institute of Aging Genetics of Alzheimer's Disease Data Storage Site (NIAGADS) | NIA |
NIDCR: FaceBase | NIDCR |
NCATS: National COVID Cohort Collaborative (N3C) | NCATS |
NIDDK Central Repository (NIDDK-CR R4R) | NIDDK |
NEI BRICs | NEI BRICS |
The Cancer Imaging Archive (TCIA) | NCI |
NIDA Center for Genetic Studies | NIDA |
Federal Interagency Traumatic Brain Injury Research (FITBIR) Informatics System | NINDS |
TB Portals | NIAID |
NIA Data LINKAGE Program | NIA |
Clinical Trial Data Commons (CTDC) | NCI |
NCI Cancer Data Access Systems (DAS) | NCI |
NIAID AccessClinical Data | NIAID |
National Clinical Trials Network (NCTN)/NCI Community Oncology Research Program (NCORP) Data Archive | NCI |
SEER Specialized Databases | NCI |
SEER-CAHPS Linked Data Resource | NCI |
SEER - MHOS Data Resource | NCI |
Archived Clinical Research Datasets | NINDS |
COVID RADx Data Hub | OD/ COVID RADx Data Hub |
The Immunology Database and Analysis Portal (ImmPort; Private) | NIAID |
NIAAA Controlled Data | NIAAA |
NCI HINTS | NCI |
NCCR Data Platform | NCI |
mapME/CFS CCR | NINDS |
All of Us (Applicable to Prohibited List/Countries of Concern) | OD |
Aging Research Biobank | NIA |
BioLINCC | NHLBI |
Data and Specimen Hub - DASH | NICHD |
Electronic Research Administration Portal (eRA)
Website: https://era.nih.gov
Access Requirements
eRA Requirements | InCommon Participant's To Do |
|---|---|
Release Basic User Information | Release the user information defined in the REFEDS Research & Scholarship (R&S) entity category. |
Multi-factor Authentication | Accept multi-factor authentication requests and signal outcome using the REFEDS MFA Profile. |
eRA requires all of its users to sign in with MFA. eRA accepts qualified federated credentials. To qualify, the IdP needs to authenticate the user using MFA and signal the outcome using REFEDS MFA Profile. In addition, eRA requires the IdP to release user attributes defined in the REFEDS R&S category.
About eRA
eRA is NIH’s research administration portal. Principal Investigators and grant administrators from universities and research organizations use eRA to apply for and manage NIH-funded grants. eRA has about 40,000 users and over 204,000 grants in its database. Over 130,000 of the grants are issued to InCommon participants.
Impact
If your institution receives NIH funding, your research administrators and principal investigators likely have access to eRA.
Users who cannot sign in using a qualified credential from their home institution will be directed by eRA to create and use a login.gov credential to sign into eRA.
IdP Operator: sign into the eRA Security Compliance Check Tool→ to determine if your IdP meets eRA requirements.
National Center for Biotechnology Information (NCBI; PubMed)
Access Requirements
NCBI/PubMed Requirements | InCommon Participant's To Do |
|---|---|
Release Basic User Information | Release the user information defined in the REFEDS Research & Scholarship (R&S) entity category. |
The National Center for Biotechnology Information (NCBI) operates PubMed, MyNCBI, SciENcv, MyBibliography, and a number of NCBI-managed data services. It is transitioning to use only federated credentials for user access ( https://ncbiinsights.ncbi.nlm.nih.gov/2021/01/05/important-changes-ncbi-accounts-2021/).
NCBI requires a federated IdP to release attributes defined in R&S. It does not require MFA or identity assurance information.
About NCBI and PubMed
The National Center for Biotechnology Information (NCBI) is a division of the National Library of Medicine (NLM) at the National Institutes of Health (NIH). As a national resource for molecular biology information, NCBI's mission is to develop new information technologies to aid in the understanding of fundamental molecular and genetic processes that control health and disease.
PubMed is one of the world’s largest online biomedical research databases. It has millions of users around the world. It is likely that all universities have some students or faculty accessing PubMed today.