Posted On: 06/09/2022
This news release outlines the plans to deprecate support for Identity and Access Management (IAM) Platform technology areas and ultimately the dates by which we will no longer allow those technology areas to access the national infrastructure.
|Gem Series 4 cards (Gemplus)||30 December 2021||30 December 2021|
|BT IA Client||30 June 2021||30 September 2021|
|HSCIC v1 IA Client||30 June 2021||30 September 2021|
|CIS (authentication only)||30 September 2023||30 September 2023|
The NHS Long-Term Plan has two clear areas that support the introduction of NHS Care Identity Service 2 (NHS CIS2) as a priority.
There are long standing challenges for the NHS in managing out of date software and hardware. It creates costs, spreads finite resources thinly and increases our risk and security and threat landscape.
Part of NHS Digital’s role is to ensure that we mitigate risk and reduce security threats across the NHS whilst also driving forward the necessary technology to meet new and emerging standards and policy commitments.
Together with policy commitments that can only be met by NHS CIS2 (formerly NHS Identity), across the NHS, we have an ageing estate of smartcards and IA client infrastructure, some of which is over 10 years old.
At NHS Digital we are looking to introduce change to ensure that all NHS organisations are ready and prepared. Ready for the introduction of the new service as the new mechanism for authentication in the NHS and social care and prepared for the introduction of a new culture where everyone stays up-to-date with our authentication entry point infrastructure.
NHS Digital are announcing dates by which we will no longer provide support and then later access for older product versions of smartcards and IA Clients.
We are also publicising a date by which we will switch off the Care Identity Service for authentication only.
NHS CIS2 is the new standards-based authentication service (Open ID Connect and FIDO2 to start) which will support new authentication technologies such as Windows Hello for Business, Apple Biometrics on iPad via an App as well as smartcards.
It will offer authentication over the internet supporting the move to an Internet First approach to authentication for the first time.
The new service is live and in use with a number of systems and an active programme of work has started to work with NHS systems suppliers to build support for the new service into their roadmaps over the next 2 to 3 years.
We expect to add new features to the service over the coming quarters including User Self Registration and Management, a completely new User Registration process and working collaboratively with the Digital Wallet programme of work to understand how NHS Digital can support the Digital Wallet roadmap.
It’s important to drive this change to support the needs of users on the front line and ensure that suppliers, NHS organisations and NHS Digital development teams recognise that the Care Identity Service will be turned off at the end of September 2023. In order to be able to authenticate in the future then they must integrate with NHS CIS2.
This will also mean ensuring all users have the latest versions of desktop infrastructure to support smartcard use on machines so they can authenticate with future.
For smartcards and IA Client there is no need to do anything at present, other than be aware that some NHS organisations may be required to start preparing for updating legacy IA Clients and replace smartcards.
We have started to contact organisations who are impacted by the Gem Series cards and BT IA Client and HSCIC v1 clients to make them aware and ensure that the work is planned in and tracked through. If you require a breakdown of the Gemplus series 4 smartcards active within your organisation, please contact the IAM platform (email: IAMplatforms@nhs.net) with the subject heading – Smartcard Deprecation.
If you are a supplier or you lead a team that delivers a service that currently supports authentication via the Care Identity Service and want to move to NHS CIS2 then please start your planning now. You can find out more information on our website.
We have a team who will also be driving up adoption of the new service over the next few years to allow us to switch off the Care Identity Service so watch out for further communications and engagement notes and events.