Skip to main content

News

Moving from CIS1 Identity Agent to CIS2 Smartcard Connect

NHS CIS1 Identity Agent will no longer be supported from February 2027 and all organisations will need to use NHS CIS2 Smartcard Connect from that date.
Date:

As of November 2024, there are no planned or anticipated additional functionality or fixes to any of the NHS CIS1 Identity Agent versions currently supported. 

The following NHS Identity Agent versions (including all previous versions) are deprecated, meaning they will no longer be supported and are expected to be retired from February 2027:

  • v2.4.6.0
  • v2.4.5.0

NHS CIS2 Smartcard Connect is available now and should be used by all organisations that no longer have a dependency on CIS1 Authentication. IT teams should ensure that users who prefer to use an NHS-issued smartcard have NHS CIS2 Smartcard Connect and NHS Credential Management installed.

NHS CIS2 Smartcard Connect is not required for users who rely on non-smartcard authenticators. 

Benefits of NHS CIS2 Smartcard Connect
  • Internet-first: like all NHS CIS2 Authentication products, there's no need to install or use HSCN
  • High availability and service levels: uses the platinum SLA-supported NHS CIS2 Authentication service
  • More secure-hashing: supports future changes for more modern hashing algorithms used in prescription signing
  • Compatible with all NHS smartcards: supports existing smartcards in all care settings with an internet connection

Key Changes for Users

NHS CIS2 Authentication strengthens security practices in local organisations by requiring applications to ensure authenticated sessions are terminated. 

These security standards introduce changes to the ways in which users authenticate using NHS CIS2 Smartcard Connect. 

Users of NHS CIS2 Smartcard Connect may notice that: 

  • inserting the smartcard no longer prompts the entry of the smartcard passcode - users will need to access an application or resource in order to be prompted to use the smartcard

  • removing the smartcard no longer terminates an authenticated session - applications using NHS CIS2 Authentication will introduce changes to ensure that users are logged out after periods of inactivity

  • users may be asked to authenticate more than once throughout a working day - in line with OIDC standards, we are introducing changes to ensure that patient data remains protected, which may mean that users authenticate more frequently

Support

We will be releasing further guidance based on feedback. For more information about NHS CIS2 Authentication or NHS CIS2 Smartcard Connect, please email [email protected]

Share this page

Latest news

NHS Digital article
19 June 2025 Outages for TLS 1.0 and 1.1

IT teams need to update to the latest version of Identity Agent. Failure to update could result in authentication issues and service disruption.
NHS Digital article
11 June 2025 REMINDER: changes to NHSE Path to Live environments

The TRAIN and DEV environments will both be decommissioned on 31 July 2025.
NHS Digital article
21 May 2025 Action required by IT teams to support ongoing use of Care Identity Service

Important dates for IT teams as we update infrastructure and authentication.
NHS Digital article
6 March 2025 System-generated position assignments expiry reminder

These positions were due to expire 31 December 2024 and should all have been removed from users in your organisation.
NHS Digital article
26 February 2025 Position assignment expiry issue resolved

Full access to all Care Identity services has now been restored.

Last edited: 24 June 2025 11:17 am