Reminder: Unauthorized Use of Credentials is Prohibited
Notice Number:
NOT-OD-25-139

Key Dates

Release Date:

July 30, 2025

Related Announcements

None

Issued by

NATIONAL INSTITUTES OF HEALTH (NIH)

Purpose

This notice serves as a reminder of longstanding security requirements for users of NIH’s Electronic Research Administration (eRA) systems. As part of NIH’s security posture, system access and credential use logs are regularly audited to assess compliance and risk.

NIH has recently identified instances of credential sharing within eRA accounts with signing official (SO) permissions. Because SO roles contain the institutional authority to legally bind a recipient in grants administration matters, it is never acceptable for any individual other than the named user to access these accounts.

The NIH Passphrase Policy for eRA Applications specifically prohibits users from sharing passphrases, and requires each user to have a separate and unique passphrase. eRA users may not allow other unauthorized users to access resources under their credentials.

NIH takes the security of its systems seriously and will continue to monitor eRA access to identify security concerns; NIH reserves the right to deny systems access to users disregarding security requirements.

Inquiries

Please direct all inquiries to:

Office of Policy for Extramural Research Administration 
Division of Grants Compliance and Oversight
[email protected]  

Weekly TOC for this Announcement
NIH Funding Opportunities and Notices
NIH Office of Extramural Research Logo
Department of Health and Human Services (HHS) - Home Page
Department of Health
and Human Services (HHS)
USA.gov - Government Made Easy
NIH... Turning Discovery Into Health®