Fact-checked by Grok 2 weeks ago

Common Access Card

The Common Access Card (CAC) is a credit card-sized smart card issued by the United States Department of Defense (DoD) as the standard identification credential for active duty uniformed service personnel, Selected Reserve members, DoD civilian employees, eligible contractors, and certain foreign nationals affiliated with the DoD.^[1] It serves as the primary means for physical access to DoD facilities and controlled spaces, as well as logical access to DoD computer networks and information systems, including the Non-Secure Internet Protocol Router Network (NIPRNet).^[2] The CAC incorporates advanced security features to fulfill Homeland Security Presidential Directive 12 (HSPD-12) requirements for strong authentication, digital signatures, and non-repudiation in DoD operations.^[2] Development of the CAC began in the late 1990s to standardize identification across the DoD, with the Office of the Secretary of Defense establishing policy on January 16, 2001, and issuance starting in spring 2001 to replace disparate legacy ID cards.^[3] By 2006, the DoD updated the CAC to comply with HSPD-12 standards, introducing enhanced interoperability with federal systems and phasing in new cards over time.^[3] Eligibility for a CAC is verified through the Defense Enrollment Eligibility Reporting System (DEERS) and processed via the Real-Time Automated Personnel Identification System (RAPIDS) at over 1,500 issuance sites worldwide, with cards typically valid for up to five years depending on the holder's status.^[1] Technically, the CAC embeds a 144-kilobyte smart chip containing Public Key Infrastructure (PKI) X.509 certificates—originally four but reduced to three by 2020—including a DoD PIV-Authentication certificate for user authentication, along with personal data such as name, DoD ID number, rank or grade, and a digital photograph.^[3]^[2]^[4] Access is secured by a personal identification number (PIN) of 6-8 digits, enabling functions like smart card logon, email encryption, and secure web transactions, while color-coding (e.g., green for contractors, blue for non-U.S. citizens) aids visual identification by security personnel.^[1]^[3] As of the early 2010s, the DoD had issued over 17 million CACs, reflecting its central role in enhancing cybersecurity and operational efficiency across military and civilian DoD components.^[3]

Introduction and History

Overview and Purpose

The Common Access Card (CAC) is a standardized smart card issued by the U.S. Department of Defense (DoD) to active duty uniformed service personnel, Selected Reserve members, DoD civilian employees, eligible contractor personnel, and certain foreign nationals affiliated with the DoD, serving as their primary identification credential.^[1] Approximately 3.5 million such cards are actively in circulation among DoD-affiliated personnel, including military, civilians, and contractors.^[5] The CAC's core purposes encompass personal identification, facilitating physical access to DoD facilities and controlled spaces, and enabling logical access to secure networks and information systems.^[1] For military personnel, it also complies with Geneva Convention requirements by providing a standardized identity document in cases of capture as prisoners of war, replacing the use of Social Security numbers with a DoD ID number. To bolster security, the CAC operates on a two-factor authentication model that combines possession of the physical card with knowledge of a user-entered personal identification number (PIN).^[6] The program supports issuance at over 1,500 facilities with more than 2,250 workstations across multiple countries worldwide.^[7] It aligns with Federal Information Processing Standards (FIPS) 201 and ensures interoperability with Personal Identity Verification (PIV) credentials used in federal systems.^[1]

Development and Evolution

The development of the Common Access Card (CAC) originated in the mid-1990s amid broader DoD efforts to enhance information assurance and IT security, following the Clinger-Cohen Act of 1996 which improved federal IT management.^[8]^[9] In 1999, Congress directed the Secretary of Defense to implement smart card technology across the DoD to boost security, efficiency, and interoperability, leading to the establishment of the CAC program office.^[10] An initial pilot emerged from earlier Army tests in 1996, but the formal program advanced with the issuance of the first CACs in 2001, featuring 500 data elements and 32K memory for basic identification and access functions.^[11] The CAC achieved full rollout between 2004 and 2006, replacing legacy paper-based and simpler ID cards used by DoD personnel, with over 10 million cards issued by mid-2006 to enable standardized physical and logical access.^[11] Central to this evolution was the integration of Public Key Infrastructure (PKI), which embedded digital certificates on the card's chip to support authentication, encryption, and digital signatures, aligning with DoD PKI policy established in 1999 and expanded under Homeland Security Presidential Directive 12 (HSPD-12) for federal credentialing.^[12]^[13]^[14] This PKI foundation transformed the CAC from a basic identifier into a multifunctional security token, facilitating secure email, network logins, and electronic approvals across DoD systems.^[15] Subsequent upgrades focused on strengthening cryptographic protections and addressing emerging vulnerabilities. In 2008, the DoD transitioned CAC encryption from 1,024-bit to 2,048-bit RSA keys, enhancing resistance to computational attacks as part of broader PKI modernization, with the External Certification Authority (ECA) Root CA becoming operational that year.^[16] To mitigate RFID skimming risks from the card's contactless chip, the DoD distributed shielding sleeves starting in 2010 through the Real-Time Automated Personnel Identification System (RAPIDS) sites, providing electromagnetic protection for newly issued CACs.^[17] By 2018, the magnetic stripe was discontinued from new CACs to eliminate a legacy vulnerability prone to cloning, improving overall tamper resistance without affecting core functionalities.^[18] Post-2020 developments emphasized alignment with federal standards and fraud prevention. The CAC's design incorporates features compliant with the REAL ID Act of 2005, serving as an approved alternative credential for accessing federal facilities and bases, particularly as enforcement began on May 7, 2025.^[1]^[19] In parallel, the introduction of the Next Generation Uniformed Services Identification (USID) card in 2020—began with phased implementation continuing into 2025—extended CAC-like enhancements to non-CAC populations, using durable plastic cardstock and advanced anti-counterfeiting elements such as holograms and microprinting to deter forgery.^[7] Throughout its evolution, the CAC has prioritized fraud resistance through layered security like firewalled chip applications and biometric-compatible PKI, while incorporating accessibility improvements, such as 2015 additions of encircled letters (W for white, G for green, B for blue) alongside color bands to aid color-blind security personnel in visual verification.^[4]^[20] Current CAC issuance occurs via the RAPIDS system at DoD sites worldwide.^[1]

Eligibility and Issuance

Qualification Criteria

The Common Access Card (CAC) is available to individuals requiring physical or logical access to Department of Defense (DoD) facilities, networks, or systems. Eligible populations encompass active duty members of the uniformed services, including the Army, Navy, Air Force, Marine Corps, Space Force, and Coast Guard; Selected Reserve and Individual Ready Reserve personnel; National Guard members on active duty for more than 30 days; full-time paid National Guard personnel; DoD civilian employees (both appropriated and non-appropriated fund); select U.S. Coast Guard (USCG) personnel under DoD affiliation; and DoD contractors, including those with security clearances or recurring access needs for at least six months.^[1]^[21]^[22] CAC variants are issued based on the recipient's status and affiliation. Primary holders, such as active duty military, reservists, and DoD civilians, receive sponsor cards that enable full access privileges. Dependent family members qualify for dependent cards when sponsored for benefits or limited access. Uniformed services members are eligible for Geneva Conventions Identification Cards to facilitate protections under international law during conflicts. Non-DoD affiliates, such as certain foreign nationals or civilians accompanying U.S. forces, may receive Geneva Conventions Identification Cards for Civilians Accompanying the Armed Forces.^[1]^[21]^[22] Qualification requires sponsorship by a DoD government official or military supervisor, documented via DD Form 1172-2 for entry into the Defense Enrollment Eligibility Reporting System (DEERS). Applicants must provide verification of U.S. citizenship (or authorized non-citizen status for select affiliates) through two valid forms of identification, one bearing a photo. A mandatory background investigation, including an FBI fingerprint check and National Agency Check with Inquiries (NACI) or equivalent, ensures suitability for access; this process can take up to 18 months but allows interim issuance post-fingerprint approval. Non-U.S. nationals require additional vetting, such as security assurances or international agreements. As of the July 2025 DoD Instruction supplement, eligibility criteria remain unchanged from prior policies.^[23]^[24]^[21]^[25] Periodic revalidation confirms ongoing eligibility, with CAC expiration aligned to the holder's status—up to 3 years from issuance for U.S. citizen civilians and military personnel, or the end of a contract/deployment for others, whichever is shorter (notwithstanding PKI certificate renewals every three years). Contractors must re-verify access needs every six months through the Trusted Associate Sponsorship System (TASS).^[22]^[21]^[24]^[26] Ineligible individuals include non-DoD personnel lacking specific contracts or affiliations requiring access. CACs are revoked and must be surrendered upon separation from service, termination of employment or contract, loss of sponsorship, or failure of background checks, with certificates digitally invalidated to prevent further use. Issuance occurs through the Real-Time Automated Personnel Identification System (RAPIDS) network at authorized sites.^[23]^[21]^[22]

Issuance Procedures

The issuance of the Common Access Card (CAC) is managed through the Real-Time Automated Personnel Identification System (RAPIDS), which operates at over 1,400 sites worldwide to facilitate standardized processing for eligible Department of Defense (DoD) personnel.^[1] This system integrates with the Defense Enrollment Eligibility Reporting System (DEERS) to verify sponsorship and eligibility prior to card production. Individuals must schedule an appointment via the RAPIDS ID Card Office Online or visit a site during operating hours, often requiring advance booking to manage demand.^[27]^[22] The core issuance process begins with sponsor verification, where a DoD-approved sponsor confirms the applicant's need for access using documentation such as DD Form 1172-2. At the RAPIDS site, applicants present two original forms of identification, one bearing a photo (e.g., passport or driver's license), to authenticate identity. Biometric data is then captured, including a digital photograph and two fingerprint scans, which are bound to the card's integrated circuit for security. Applicants select and confirm a 6- to 8-digit Personal Identification Number (PIN) during this step, which is essential for later activation of the card's cryptographic functions. The card is printed and activated on-site at the RAPIDS workstation, completing the process in approximately 15-30 minutes if all prerequisites are met.^[23]^[22]^[28] Renewal follows a similar procedure and can be initiated up to 90 days before expiration, with DEERS automatically notifying eligible individuals based on their status updates. For expirations, the process is largely automated, requiring only biometric reverification and a new PIN if needed, without full re-enrollment unless affiliation changes occur. Replacement for lost, stolen, or damaged cards involves manual intervention: applicants submit an affidavit or report from their security office or sponsor, scanned into DEERS, followed by identity proof and biometrics at a RAPIDS site; no fees apply, but delays can occur if documentation is incomplete. Remote renewal options exist via online sponsorship for dependents but are limited for CACs, often necessitating travel to a RAPIDS location.^[29]^[22]^[30] Post-issuance, CAC expiration is tied to the holder's status and role; for example, active duty uniformed service members and DoD civilians receive cards valid for up to 3 years from issuance, while contractors are limited to the contract duration or 3 years, whichever is shorter. Upon separation, retirement, or loss of eligibility, the card must be returned to a RAPIDS site or mailed to the designated DoD facility, triggering immediate deactivation in DEERS and revocation of associated Public Key Infrastructure (PKI) certificates. In remote or deployment areas, where fixed RAPIDS sites may be inaccessible, mobile RAPIDS units provide on-site support for issuance and renewal, ensuring continuity for personnel in austere environments.^[29]^[22]^[23]

Physical Design

Card Layout and Materials

The Common Access Card (CAC) adheres to the standard CR-80 dimensions of 3.375 inches by 2.125 inches, equivalent to a credit card size.^[1]^[31] The CAC complies with ISO/IEC 7810 for physical dimensions and NIST FIPS 201-3 for personal identity verification (PIV) requirements, including durability and security features.^[32] It is constructed from PVC or polycarbonate materials, providing a balance of flexibility and strength suitable for daily handling.^[33] The front side of the CAC displays key identification elements, including a color photograph of the holder, the individual's full name, rank or grade (for military personnel), branch of service, DoD Identification (ID) number known as the Electronic Data Interchange Personal Identifier (EDIPI), expiration date, and a signature line.^[34] Optional features on the front may include blood type and an organ donor indicator.^[35] The back of the CAC includes a machine-readable zone for automated processing, contact information such as the holder's affiliation, and a ghosted secondary photograph for verification.^[3] In 2018, the DoD removed the magnetic stripe from the back of all new CACs to mitigate risks of identity theft while preserving other functionalities.^[36]^[37] CAC variants are tailored to different eligibility categories while maintaining the core physical structure. Non-U.S. citizen cards feature a blue bar across the name for quick visual identification, while contractor cards include a green bar.^[35] Specialized variants, such as One Base Visitor cards, support temporary access needs at specific installations.^[38] The CAC is engineered for durability, resisting bending and everyday wear through its plastic composition, though prolonged exposure can lead to surface degradation.^[33] Holographic overlays integrated into the card's design provide anti-tampering protection by revealing alterations under light.^[39] Visual color coding on variants, such as the blue and green bars, enables rapid status identification by security personnel.^[40]

Visual Identification Elements

The Common Access Card (CAC) features a high-resolution color photograph of the cardholder on the front, positioned in the upper left corner, serving as the primary visual identifier for human verification. This passport-style image, captured at a minimum of 300 dots per inch with a plain background, enables security personnel to match the bearer's face to the card during access checks.^[32] A secondary ghost image, a faint reproduction of the primary photo, is printed on the back to deter forgery by complicating alteration attempts without detection.^[40] While biometric data such as fingerprint templates are stored digitally on the card's chip for electronic authentication, no fingerprints are printed on the surface to maintain privacy and focus on visual cues.^[32] Color coding on the CAC distinguishes eligibility categories through a horizontal bar or stripe across the cardholder's name on the front. U.S. military personnel and Department of Defense (DoD) civilians receive cards without a colored bar (typically white or clear), while U.S. citizen contractors are indicated by a green bar, and non-U.S. citizens by a blue bar.^[22] Since July 2013, CACs have included encircled letters under the expiration date—"W" for military and civilian employees, "G" for contractors, and "B" for non-citizens—to assist security officers with color vision impairments in quick identification.^[41] Printed textual data on the CAC provides essential human-readable information for verification. The front displays the cardholder's full name in capital letters, the 10-digit DoD Identification Number (EDIPI) as a unique personal identifier, and the expiration date in a prominent format (e.g., MMM YYYY).^[42] A branch or DoD seal appears to affirm affiliation, and for applicable personnel such as civilians accompanying the uniformed services in contingency operations, a reference to Article 4 of the Geneva Conventions is included to denote protected status.^[22] These elements are printed in durable, non-fading ink to withstand daily handling. Security printing techniques embedded in the CAC's design enhance authenticity checks through visual and aided inspection. Microtext—tiny, intricate lettering readable only under magnification—and guilloche patterns, fine-line geometric designs, are incorporated to reveal tampering if the card is altered.^[32] UV-reactive inks, visible under ultraviolet light, produce fluorescent elements like hidden images or text, providing a quick verification method for trained inspectors without specialized equipment.^[32] These visual elements facilitate rapid human verification at entry points, such as military gates or for privileges like base exchange access, where guards compare the photo, name, EDIPI, and color coding to presented identification. Integration with barcodes allows supplemental machine reading, but the printed features remain crucial for initial manual scrutiny.^[1]

Technical Components

Integrated Circuit Chip

The integrated circuit chip (ICC) embedded in the Common Access Card (CAC) is a contact-based smart card component that serves as the core of its digital security features. Compliant with the ISO/IEC 7816 standard for integrated circuit cards, the chip provides a standardized interface for data exchange with card readers.^[43] Current CACs utilize a chip with 144 kilobytes (KB) of storage capacity, an upgrade from legacy versions that offered 64 KB or 72 KB, enabling enhanced data handling for modern requirements.^[4]^[44] This capacity houses Public Key Infrastructure (PKI) certificates essential for secure DoD operations, including authentication, digital signatures, and encryption.^[13] The chip stores four primary PKI certificates: one for authentication (the Personal Identity Verification or PIV authentication certificate), one for digital signatures, one for encryption, and the card authentication key (CAK) for physical access control, supporting interoperability with federal standards through PIV data objects.^[2]^[45] Access to these certificates and other stored data is protected by an encrypted PIN, ensuring that private keys remain secure on the chip and require user verification for operations.^[4] In addition to certificates, the chip accommodates selected organizational data, such as affiliation and department details, along with biometrics in the form of two index fingerprint minutiae templates and a digital facial image, while excluding sensitive information like passwords or Social Security numbers (replaced by the DoD ID Number since 2011).^[4]^[43] Email-related attributes, including those for secure messaging, are also maintained without storing full high-resolution photos to optimize space.^[43] Operationally, the chip interfaces via a contact pad that connects to compatible readers, facilitating data transmission for applications like network access and document signing. During CAC issuance, the chip undergoes personalization, where certificates, biometrics, and other data are loaded and configured to the holder's profile. Middleware software, such as ActivClient, is required on host systems to manage certificate access and enable integration with over 28 DoD PKI-enabled applications, though the exact count varies by implementation. This setup supports the chip's role in two-factor authentication when combined with a PIN. Historically, early 2000s CAC chips had lower storage and processing speeds, but upgrades around 2009 to 144 KB models improved capacity for biometrics and PIV compliance, aligning with evolving federal mandates.^[43]^[44]

Barcodes

The Common Access Card (CAC) incorporates printed barcodes to enable optical scanning for identification and data retrieval in environments lacking advanced chip-reading capabilities. These barcodes provide a passive, non-electronic method for accessing basic cardholder information, serving as a compatible backup to the integrated circuit chip for certain access control functions. The primary barcode type is the PDF417 two-dimensional symbology, printed on the front of sponsor CACs and the back of dependent cards. Additionally, a Code 39 one-dimensional barcode appears on the back of cards to support legacy scanning systems.^[46] These barcodes encode essential demographic and identification data, including the Electronic Data Interchange Personal Identifier (EDIPI), full name, expiration date, rank (for sponsors), branch of service, and a compressed hash of the cardholder's photograph. The PDF417 format supports up to 1,100 bytes of data, allowing for compact storage of this information without including sensitive elements like personal identification numbers (PINs). The Code 39 barcode typically contains only the EDIPI for quick legacy reads. The sponsor's PDF417 barcode facilitates linking to associated dependent records during issuance or verification processes.^[47]^[48] In practice, the barcodes are scanned using standard imager-based readers for rapid data entry in low-technology settings, such as manual access points or administrative systems like the Real-Time Automated Personnel Identification System (RAPIDS). Although primary reliance has shifted to the CAC's chip for secure authentication, the barcodes remain for backward compatibility with older infrastructure.^[46] The PDF417 implementation adheres to ANSI X3.182 guidelines for barcode print quality, ensuring reliable readability under varied conditions. Its built-in Reed-Solomon error correction (up to 50% redundancy in high-security modes) resists tampering or degradation from wear, enhancing data integrity without exposing cryptographic keys.^[49]

RFID Technology

The Common Access Card (CAC) incorporates a contactless radio-frequency identification (RFID) interface operating at 13.56 MHz, compliant with ISO/IEC 14443 Parts 1 through 4, to enable proximity-based interactions for physical access control.^[50] This feature was introduced in the next-generation CAC starting in 2010, allowing for faster authentication in certain scenarios without requiring a personal identification number (PIN), thereby streamlining entry at doors and gates.^[51] The implementation supports a proximity read range of up to approximately 4 inches (10 cm), facilitating quick scans while maintaining compatibility with DoD-approved readers.^[52] The contactless functionality relies on an embedded antenna integrated into the card's structure, extending the capabilities of the primary integrated circuit chip to support dual-interface operations.^[53] This antenna enables passive communication, where the card is powered by the reader's electromagnetic field and transmits a limited data subset from the chip, such as the Electronic Data Interchange Personal Identifier (EDIPI) within the Cardholder Unique Identifier (CHUID) container.^[50] The CHUID, which includes the EDIPI, FASC-N, GUID, and expiration date, is transmitted in the clear for basic physical access verification, complementing the contact-based chip for hybrid use in more secure environments.^[52] Security measures for the RFID interface include the use of shielding sleeves to prevent unauthorized skimming of the broadcast data, as the contactless mode can expose the CHUID to nearby readers without additional encryption.^[54] Selective activation is achieved through commands like SELECT for the PIV End-Point applet, ensuring the card does not constantly broadcast and reducing exposure risks.^[50] In applications, the RFID feature integrates with CAC-compatible readers at DoD facilities for physical entry, verifying identity via the EDIPI subset to grant access to controlled areas.^[53] Despite these protections, the contactless interface is limited to physical access and does not support logical access to networks or systems, reserving such functions for the contact chip.^[52] Unshielded cards remain vulnerable to relay attacks, where signals are intercepted and relayed to a legitimate reader, potentially allowing unauthorized entry if the proximity range is exploited.^[54]

Security and Encryption

Encryption Standards

The Common Access Card (CAC) utilizes a Public Key Infrastructure (PKI) framework grounded in the Department of Defense (DoD) PKI, which issues X.509 Version 3 certificates to enable secure digital identities and transactions for DoD personnel. These certificates adhere to the DoD X.509 Certificate Policy and support interoperability with the Federal PKI Common Policy, ensuring standardized extensions for key usage and policy identifiers. The framework facilitates certificate-based operations such as authentication and encryption, with all certificates issued under controlled assurance levels to maintain trust in the PKI hierarchy.^[55]^[56] CACs transitioned to 2,048-bit RSA keys starting around 2010, becoming the standard by 2012 and providing cryptographic strength equivalent to at least 112 bits of security to align with NIST recommendations. Legacy 1,024-bit RSA keys, previously used in earlier card versions, were revoked in 2012 to mitigate vulnerabilities from shorter key lengths, prompting a reissuance of cards with the stronger keys for network access compatibility. This transition enhanced resistance to factoring attacks while supporting efficient on-card key generation using FIPS-approved algorithms like PKCS #1 Version 2.2.^[55]^[57]^[58] The PKI defines distinct key types for specific functions: authentication keys for user login to DoD systems, digital signature keys for approvals and ensuring non-repudiation in transactions, and encryption keys for protecting email via S/MIME and other secure communications. Private keys for these types are generated directly on the card's integrated circuit using tamper-resistant hardware, preventing export or exposure, and are escrowed only for encryption certificates to enable recovery if needed. Key usage is strictly enforced through X.509 v3 extensions, limiting operations to authorized purposes.^[55]^[59] Cryptographic compliance is achieved via modules validated to FIPS 140-2 (and its successor FIPS 140-3) for secure key management and operations, with DoD requiring Level 2 validation for certificate authorities and at least Level 1 for end-entity processes. The CAC's smart card chips, such as those from approved vendors like Gemalto and Oberthur, are certified to Common Criteria EAL4+ augmented with protections against high-level attacks, ensuring robust physical and logical security. All certificates and stored biometrics are encrypted on-card, while the Cardholder Unique Identifier (CHUID)—a digitally signed structure containing the Federal Agency Smart Credential Number (FASC-N) and expiration data—enables device-level authentication for Personal Identity Verification (PIV) access without requiring PIN activation. The Next Generation Uniformed Services ID Card, introduced in 2020 for retirees and dependents, features an updated plastic design to enhance security against counterfeiting, building on CAC standards.^[55]^[57]^[60]^[7] As of 2025, DoD is preparing for post-quantum cryptography transitions under CNSA 2.0, with RSA-2048 supported until 2030 and migration to quantum-resistant algorithms like those in NIST FIPS 203-205 planned for future CAC updates.^[61]^[62]

Authentication Processes

The authentication processes for the Common Access Card (CAC) employ a two-factor model combining possession of the physical card with knowledge of a Personal Identification Number (PIN), ensuring secure verification for both logical and physical access. The PIN, a six- to eight-digit numeric code selected by the user during issuance, must be entered alongside card insertion into a reader to unlock the chip's data and initiate authentication.^[23]^[3] To prevent unauthorized access, the card locks after three consecutive incorrect PIN attempts, requiring in-person reset to resume functionality.^[29]^[46] Core authentication relies on mutual verification through a challenge-response protocol, where the system issues a challenge to the CAC's embedded certificates, and the card responds using cryptographic operations to prove possession and validity. This process draws on Public Key Infrastructure (PKI) certificates stored on the card for secure session establishment. Certificate validation occurs against DoD PKI directories, checking revocation status via Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol (OCSP) responders to confirm the certificate's currency and trustworthiness before granting access.^[63]^[64]^[55] For logical authentication, middleware software interfaces with the CAC to facilitate access to applications such as Microsoft Outlook for email, virtual private networks (VPNs), and secure websites, enabling certificate-based single sign-on in CAC-enabled browsers like Microsoft Edge or Firefox with appropriate extensions. The middleware handles PIN entry, certificate selection, and cryptographic functions, allowing seamless integration without exposing private keys.^[65]^[15]^[65] Physical authentication involves a compatible reader interfacing with the CAC's integrated circuit chip via contact or contactless RFID for proximity-based verification, often without requiring PIN entry for standard doors but mandating it for high-security areas to add a knowledge factor. The reader confirms the card's authenticity and the holder's eligibility by validating stored data against access control lists.^[1]^[43] In cases of PIN lockout, reset requires visiting a Real-time Automated Personnel Identification System (RAPIDS) workstation, where identity is verified through sponsor documentation or biometric fingerprint matching against Defense Enrollment and Eligibility Reporting System (DEERS) records, followed by selection of a new PIN. Biometrics serve as an optional enhancement in advanced setups for ongoing authentication, though primarily used here for reset verification to ensure only the authorized holder can unblock the card.^[29]^[1]

Usage and Applications

Physical Access Control

The Common Access Card (CAC) serves as the primary credential for controlling entry to Department of Defense (DoD) facilities, ensuring that only authorized personnel gain unescorted access to installations, buildings, and restricted areas. Issued to active duty military members, selected reservists, DoD civilian employees, and eligible contractors, the CAC facilitates standardized physical access across DoD components by verifying identity and affiliation through multiple verification methods. This system supports secure entry at access control points (ACPs), reducing risks associated with unauthorized intrusion while accommodating varying levels of privilege based on the holder's status.^[1]^[66] Physical access methods for the CAC include visual inspection for initial identification at entry points, barcode scanning for quick validation at gates and doors, RFID technology for contactless reading at vehicle barriers and pedestrian turnstiles, and integrated circuit chip readers for higher-security areas requiring additional authentication. Visual checks provide a low-tech backup option, allowing security personnel to confirm the card's authenticity through its standardized DoD design elements like holograms and photos. These methods are integrated into electronic Physical Access Control Systems (ePACS) at many installations, where the CAC is scanned to log entries and authorize passage.^[3]^[66]^[67] Common scenarios for CAC use encompass base entry at perimeter gates, access to administrative and operational buildings, and vehicle gate controls, often in conjunction with turnstiles for pedestrian flow or elevator restrictions within multi-level facilities. For instance, at unmanned ACPs, the CAC enables rapid processing during high-traffic periods, such as shift changes, while supporting escorted access for short-term visitors through sponsor-verified temporary passes. These applications ensure efficient movement while maintaining security protocols tailored to the installation's threat level.^[66]^[67]^[21] Access privileges granted by the CAC vary by cardholder type and embedded authorization codes, with full CACs providing broad entry to secure workspaces for military and civilian personnel, while dependent family members receive Uniformed Services ID (USID) cards limited to areas like family housing, commissaries, and morale, welfare, and recreation facilities. Contractors and temporary personnel may receive short-term CACs valid for up to 10 days or visitor extensions via sponsor endorsement, restricting access to specific zones without full privileges. These tiered entitlements prevent overreach and align with DoD affiliation requirements.^[1]^[3]^[21] The CAC integrates with DoD-wide systems such as the Defense Biometric Identification System (DBIDS) and the Identity Management Enterprise Services Account (IMESA) for enhanced verification, combining card data with biometric checks like fingerprint templates at select ACPs to confirm identity against federal databases. This linkage supports continuous vetting, flagging potential risks such as outstanding warrants before granting access, and helps mitigate eavesdropping on RFID signals through data encryption standards.^[67]^[68]^[3] CACs are issued at over 850 sites worldwide, enabling physical access to DoD facilities globally, with personalized entry logs generated by ePACS reducing incidents of tailgating and unauthorized follow-through by providing auditable trails for each transaction. This infrastructure has strengthened overall installation security, though monitoring varies by military branch.^[69]^[67]

Logical Access and Network Security

The Common Access Card (CAC) provides robust logical access to Department of Defense (DoD) information systems, serving as the standard credential for authenticating users to unclassified networks such as the Non-classified Internet Protocol Router Network (NIPRNet). This enables secure login to DoD email systems, web portals, and applications without relying on passwords alone, leveraging the card's embedded digital certificates to verify identity and establish encrypted sessions.^[70] For classified environments like the Secret Internet Protocol Router Network (SIPRNet), the CAC's Public Key Infrastructure (PKI) framework supports authentication through compatible tokens, ensuring continuity in credential management across security levels.^[59] Additionally, the CAC facilitates email signing and encryption using Secure/Multipurpose Internet Mail Extensions (S/MIME), allowing users to digitally sign messages and attachments for non-repudiation and confidentiality in official communications.^[4] It also enables access to productivity software, such as Microsoft Office, where users can apply digital signatures to documents to confirm authenticity and prevent tampering.^[15] At its core, the CAC employs PKI to enable single sign-on (SSO) across DoD systems, reducing the need for multiple authentications while maintaining high security through certificate-based validation. Middleware software, such as ActivClient, interfaces with the CAC to activate and manage these certificates, facilitating seamless access to web portals, virtual private networks (VPNs), and other networked resources.^[71] Certificate usage requires entry of a personal identification number (PIN) to unlock private keys, adding a knowledge factor to the authentication process. This PKI integration aligns with DoD Instruction 8520.02, which mandates PKI for identity, authentication, and access control in DoD networks, ensuring compliance with cybersecurity standards for logical access.^[13] Furthermore, since the adoption of zero-trust architectures in 2022, the CAC has been incorporated into these models to provide continuous verification of users and devices, eliminating implicit trust in network perimeters.^[72] Practical examples of CAC deployment include generating digital signatures for official documents via PKI certificates, which embed verifiable user identity and timestamps to support auditability in workflows.^[4] S/MIME integration secures email exchanges by encrypting content and verifying sender integrity, a standard practice for DoD personnel handling sensitive unclassified information.^[73] The CAC also integrates with Active Directory for smart card logon, mapping certificate attributes to user accounts for domain-wide authentication in Windows environments.^[74] Enhancements in the Next Generation Uniformed Services Identification (USID) card, which evolves the CAC design, incorporate advanced security features like improved counterfeiting resistance and support for mobile-derived authentication bridges through systems like myAuth. As of 2025, the rollout of the Next Generation USID card continues, with full transition expected by 2026 and legacy cards no longer valid for base access after December 31, 2025.^[7]^[75] This allows hybrid access using CAC alongside multi-factor methods on mobile devices, expanding secure logical entry points while aligning with evolving zero-trust requirements.^[76]

Challenges and Future Developments

Common Operational Issues

Hardware failures in Common Access Cards (CACs) can include chip delamination, where the integrated circuit separates from the card substrate, potentially leading to complete card malfunction, as observed in military smart card applications exposed to environmental stresses.^[77] Dirty contacts on the card's gold chip surface often cause read errors during insertion into readers, requiring cleaning or replacement to restore functionality, a common issue in high-use DoD environments.^[78] Additionally, CACs exhibit fragility in extreme environments, such as deployments in austere or contested areas, where temperature fluctuations, moisture, or physical abrasion accelerate wear on the chip and embedding layers.^[79] PIN-related issues frequently disrupt CAC operations, including lockouts from forgotten PINs after multiple incorrect entries or expiration of the PIN alongside the card's validity period.^[29] Resetting a locked or expired PIN requires in-person verification at a Real-Time Automated Personnel Identification System (RAPIDS) site, often involving biometric fingerprint matching against the Defense Enrollment Eligibility Reporting System (DEERS) database, which can delay access if the user is not near a facility.^[80]^[81] This process necessitates travel, potentially halting logical access to DoD networks, email, or secure systems until resolved.^[82] Compatibility challenges arise from outdated card readers or middleware software, leading to login failures when the CAC is not recognized by systems running legacy operating systems or unupdated drivers.^[83] The magnetic stripe on CACs became obsolete post-2018 following deprecation in federal standards for Personal Identity Verification (PIV) cards, rendering stripe-based readers ineffective for authentication and contributing to errors in transitional environments.^[78]^[84] Loss or theft of CACs occurs with notable frequency during transit, such as travel between duty stations, compromising sensitive data if not addressed promptly.^[85] Immediate deactivation is required upon discovery to prevent unauthorized use, but replacement demands verification from a CAC sponsor or local security office, including documentation confirming the incident, which can slow the reissuance process by days or weeks.^[1]^[29] In remote or overseas locations, particularly contested areas, access to RAPIDS sites is limited, complicating PIN resets, card renewals, or replacements for deployed personnel.^[86] Expired CACs can block access to certain online platforms, such as those under the Uniformed and Overseas Citizens Absentee Voting Act, as systems often require a valid CAC for authentication, potentially denying service until renewal at a distant facility.^[87]^[88] Unshielded RFID in CACs poses minor security risks through potential skimming of contactless data in proximity to unauthorized readers.^[89]

Mitigations and Next-Generation Updates

To address common reliability issues with the Common Access Card (CAC), the Department of Defense (DoD) has implemented several proactive mitigations. Regular maintenance practices, such as using authorized cleaning kits provided through RAPIDS sites, help prevent reader malfunctions due to debris accumulation on the card's contact chip. Additionally, DoD apps integrated with the Defense Manpower Data Center (DMDC) systems offer PIN reminders and reset prompts to reduce lockouts from forgotten personal identification numbers. For personnel in remote or deployment environments, mobile RAPIDS units—deployable enrollment stations—enable on-site CAC issuance and updates without requiring return to fixed facilities. Auto-deactivation protocols ensure security by automatically revoking CAC access upon separation from DoD affiliation or failure to respond to lifecycle oversight directives, as outlined in DoD Instruction 5200.46.^[90] Security hardening measures further enhance CAC protection against skimming and unauthorized reads. Mandatory use of RFID-blocking shields or sleeves is recommended for cards during storage or transport to prevent proximity-based data interception. Anti-skimming training is incorporated into DoD cybersecurity awareness programs, emphasizing secure handling practices. Biometrics are integrated into the CAC for functions like enrollment verification via stored fingerprint templates, with ongoing federal experiments exploring derived credentials that enable advanced biometric authentication options, potentially supplementing or replacing PIN entry in future systems.^[91] These efforts build on prior mitigations, such as the removal of the magnetic stripe in earlier CAC versions to eliminate legacy vulnerabilities.^[43] The 2025 rollout of updated CAC designs introduces enhancements for durability and security, transitioning to standardized plastic stock with improved resistance to wear and embedded enhanced holograms for overt anti-counterfeiting features. Preparations for quantum-resistant cryptography are underway, aligning CAC certificates with NIST-approved post-quantum algorithms to future-proof against emerging computational threats, in line with DoD's broader quantum FAQs and transition guidance.^[92] Alignment with Real ID standards facilitates smoother civilian transitions for retirees and separated personnel, requiring REAL ID-compliant identification for base access beginning May 7, 2025, while maintaining CAC validity for DoD-affiliated travel.^[93]^[94] Looking ahead, future directions emphasize reduced physical card reliance through mobile CAC apps and expansions of Personal Identity Verification-Interoperable (PIV-I) credentials for broader federal interoperability. Derived credential initiatives, such as mobile PIV (mPIV) experiments, enable smartphone-based authentication derived from CAC data, paving the way for digital wallets that store encrypted CAC equivalents for logical access. The 2025 launch of the myAuth authentication system replaces the legacy DS Logon, providing modern, cloud-based options including CAC-free access via multi-factor alternatives for over 20 million DoD users. Policy advancements include the 2025 establishment of CAC-enabled access to the Security Assistance Management Manual (SAMM) system, improving contractor management by streamlining secure logins for DoD partners and reducing administrative burdens. Additionally, the transition to Next Generation Uniformed Services ID (USID) cards must be completed by December 31, 2025, for retirees and affiliates to maintain base access and benefits.^[95]^[96]^[97]^[75]

References

[1]
DoD Common Access Card - CAC.mil
The CAC, a "smart" card about the size of a credit card, is the standard identification for active duty uniformed Service personnel.Getting Your CAC · CAC Security · Managing Your CAC · Developer ResourcesMissing: introduction | Show results with:introduction
[2]
[PDF] Modernizing the CAC - DoD CIO
Feb 1, 2019 · The Common Access Card (CAC) is the DoD's primary credential for fulfilling these requirements on the Non-Secure Internet Protocol Router ...
[3]
CHIPS Articles: Common Access Card: Security and Privacy
Beginning in spring 2001, Department of Defense (DoD) employees began receiving a new identification (ID) card. This card, called the Common Access Card ...Missing: introduction | Show results with:introduction
[4]
[PDF] DoD Has Over 3.5 Million Insiders – Now What?
Nov 15, 2021 · DoD employs about 3.5 million military and civilian direct employees, contractors, and reserve personnel. In addition, over 50,000 ...
[5]
common access card (CAC) - Glossary | CSRC
Definitions: Standard identification/smart card issued by the Department of Defense (DoD) that has an embedded integrated chip storing public key infrastructure ...<|control11|><|separator|>
[6]
Next Generation Uniformed Services ID Card - CAC.mil
The Department of Defense transitioned from its legacy paper-based Uniformed Services Identification (USID) card to a more secure, next generation USID card.Online USID card renewal page · Getting Your ID Card · Managing Your ID Card
[7]
[PDF] The Clinger Cohen Act of 1996 - DoD CIO
The ITMRA and FARA were subsequently designated the Clinger Cohen Act of 1996 (CCA), encompassing both. This is the first time in law that Chief Information ...Missing: origins | Show results with:origins
[8]
[PDF] the Future of DoD Information Superiority - dodccrp.org
Mar 1, 1999 · • This “DoD Common Access Card (CAC)” will be the Military and ... •Clinger-Cohen Act of 1996. •Chapter 131 of Title 10, Section 2223 ...
[9]
History of the Common Access Card (CAC) | Security Info Watch
Mar 20, 2012 · Beginning in October 2006, the DoD launched a new CAC in compliance with HSPD-12, and in November of 2006, published a document entitled “ ...
[10]
10 years later, CAC is securely part of DoD - Federal News Network
Feb 23, 2011 · By November 1999, DoD created what became the Common Access Card office and began to create the DoDwide standard for smartcards. A year later ...Missing: introduction | Show results with:introduction
[11]
[PDF] DoD Instruction 8520.02 "Public Key Infrastructure and Public Key ...
May 18, 2023 · Approves DoD PKI form factors other than the common access card (CAC) or NSS SIPRNET PKI credential for DoD PKI identity, authentication, ...
[12]
How is a Smart CAC Card Used in A PKI? - SecureW2
Jul 1, 2024 · CAC cards, embedded with PKI certificates, are crucial for authentication, encryption, and digital signing within the DoD's security ...
[13]
Getting Started - DoD Cyber Exchange
The certificates on your CAC can allow you to perform routine activities such as accessing OWA, signing documents, and viewing other PKI-protected information ...
[14]
Updates - DoD Cyber Exchange
The ECA Certificate Policy Version 4.0 has been approved. April 2008, The ECA 2048 bit Root CA is operational. July 2007, IdenTrust was approved as an ECA ...
[15]
Defense Department order RF shields from National Laminating
Nov 29, 2010 · The FIPS 201-approved, shielding sleeves are distributed via RAPIDS ID offices worldwide with the issuance of new CACs. The product is ...Missing: RFID | Show results with:RFID
[16]
DoD Common Access Card > About - CAC.mil
Starting in the first quarter of calendar year 2018, the Department of Defense (DoD) will begin issuing Common Access Cards (CAC) without a magnetic stripe.Missing: discontinued | Show results with:discontinued
[17]
CAC Security - DoD Common Access Card
The CAC—which is roughly the size of a standard credit card—stores 144K of data storage and memory on a single integrated circuit chip (ICC) ...
[18]
CAC Change Aids Visually Color Impaired Security Officers - War.gov
Jun 25, 2015 · Security officials will recognize the new format as valid DoD cards on military installations both stateside and overseas, Yousef said.
[19]
32 CFR Part 161 Subpart B -- DoD Identification (ID) Cards - eCFR
(2) Eligibility. (i) DoD civilian employees are eligible for this CAC, to include: (A) Individuals appointed to appropriated fund and NAF positions. (B) USCG ...
[20]
None
### Summary of DoDM 1000.13, Volume 1: Eligibility and CAC Details
[21]
Getting Your CAC
Applicants for a CAC must be sponsored by a DoD government official or employee. For the majority of CAC holders (Military and DoD Civilian), your sponsor ...
[22]
None
### Summary of DoDI 5200.46 on CAC Eligibility and Related Criteria
[23]
ID Card Office Online
Welcome to the RAPIDS ID Card Office Online. Select an option below to update your CAC, manage sponsor or family member ID card information, or find a RAPIDS ID ...
[24]
CAC Issuance - PFPA
Two forms of ID are required: One must be a local, state, or federal government-issued ID card that bears a photo (e.g. current building pass, passport, ...
[25]
Managing Your Common Access Card (CAC)
Changing Your PIN If you forget your PIN, go to the nearest issuance site, where you will be given the opportunity to prove that you are the owner of the CAC ...
[26]
Military ID & CAC Cards
As a veteran, military retiree, or spouse or dependent of a service member, you may be eligible for a Next Generation Uniformed Services ID card.
[27]
CR80 Card Specification - CardLogix Corporation
CR80 cards measure 2.13′′ x 3.38′′ (54 mm x 86 mm), with a typical thickness of 30mil. CR80 cards are a popular choice for ID credentials because their size is ...Missing: materials DoD
[28]
ID and Security Polycarbonate Films - Tekra
Up to 10 years durability · High optical quality films, manufactured in a clean room environment · High temperature resistance · Excellent laser markability versus ...
[29]
[PDF] Alternative Uses of Common Access Cards (CAC) to Protect ... - XLsoft
The front of the CAC contains such information as Organization Seal, Branch of. Service, Color Photograph, Personnel Category, Name, Rank and Pay Grade, Issue.
[30]
[PDF] DoD Manual 1000.13, Volume 1, "DoD Identification (ID) Cards
Jan 23, 2014 · The expiration date of the PKI certificates on the CAC shall match the expiration date on the card. (a) DD Form 1173, “United States Uniformed ...Missing: introduction | Show results with:introduction
[31]
[PDF] removal of magnetic stripe from dod common access cards - CAC.mil
Oct 23, 2017 · ID card sites are required to exaust their existing magnetic striped card stock prior to using the new card stock without the magnetic stripe.Missing: discontinued | Show results with:discontinued
[32]
The new change to the CAC - DVIDS
Aug 6, 2018 · With the removal of the magnetic stripe, CAC carriers will not lose any functionality of their card, but will gain additional security. “We ...Missing: discontinued | Show results with:discontinued
[33]
Visitor Welcome Center | VWC | Fort Sill | Oklahoma - Army.mil
The V.A.-issued identification card no longer meets the criteria for installation access. Installation access cards from other DoD installations (for example: ...
[34]
https://www.xlsoft.com/en/services/materials/files/CAC.pdf
[35]
[PDF] dod common access card (cac) identification chart - National Guard
Feb 1, 2013 · Identification and Privilege Card. COLOR CODING. BLUE BAR: NON-U.S. CITIZENS. GREEN BAR: CONTRACTORS. WHITE: ALL REMAINING PERSONNEL. " ச.Missing: variants | Show results with:variants
[36]
https://www.cac.mil/Portals/53/Documents/Mag_Stripe_Removal.pdf?ver=2017-10-23-075808-193
[37]
CAC change aids visually color impaired security officers - AF.mil
Jun 25, 2015 · The letters will accompany white, green or blue bands across the cards, so security officials who cannot discern color can rely on the letter ...Missing: variants | Show results with:variants
[38]
Display Chap 3 Sect 3.1 (Change 87, Apr 7, 2025)
Apr 7, 2025 · Both the CAC and ID cards have an EDIPI printed on or embedded within the card. 2.1.2 The EDIPI is used as a unique person identifier. It is ...
[39]
Introducing the Next-Generation Common Access Card - DON CIO
Issuance of next-generation CACs began in October 2006 with an Interim Operational Capability solution and will be phased in throughout the DoD as current CACs ...
[40]
https://ky.ng.mil/Portals/59/CAC-Identification-Chart.pdf
[41]
[PDF] RAPIDS 7.3 User Guide - SSI LRC
Nov 5, 2008 · The DD Form 1172-2, “Application for Department of Defense Common Access Card DEERS. Enrollment” is very similar to DD Form 1172 but is used ...
[42]
jkusner/CACBarcode: Convert scanned CAC barcodes ... - GitHub
Convert scanned CAC barcodes (PDF417 and Code39) into Python objects with all data parsed - jkusner/CACBarcode.Missing: expiration rank
[43]
Types of Barcodes: Choosing the Right Barcode - Scandit
PDF417 codes are used for applications that require the storage of huge amounts of data, such as photographs, fingerprints and signatures. They can hold over 1 ...
[44]
[PDF] PDF417 - Express Identification Products
The document ANSI X3.182 "Bar Code Print. Quality - Guideline" presents a standardized methodology for measuring and grading bar code symbols. The PDF417 ...
[45]
https://barksdalelife.com/wp-content/uploads/2025/05/CAC-Replacement-Guide.pdf
[46]
"Next Generation" CAC Issuances | Article | The United States Army
May 7, 2010 · Please keep in mind that "contactless" means just that - you don't have to plug the CAC card in (as you do with your keyboard every day) when a ...
[47]
https://github.com/jkusner/CACBarcode
[48]
[PDF] DoD Implementation Guide for CAC Next Generation (NG) Version ...
Nov 6, 2006 · [PACS 2.3] Draft Technical Implementation Guidance: Smart Card Enabled Physical Access. Control Systems, Version 2.3, The Government Smart ...Missing: rollout timeline
[49]
[PDF] Guidelines for Securing Radio Frequency Identification (RFID ...
tag or place it in a shielded sleeve). Weaknesses: Distributing a ... used in the DoD Common Access Card (CAC), which serves as an identification card.Missing: 2011 | Show results with:2011
[50]
[PDF] United States Department of Defense X.509 Certificate Policy
Jun 3, 2021 · The DoD PKI supports key escrow and recovery for private keys associated with encryption certificates. The. DoD PKI does not support key ...
[51]
[PDF] X.509 Certificate Policy for the U.S. Federal PKI Common Policy ...
May 18, 2021 · This document is the X.509 Certificate Policy for the U.S. Federal PKI Common Policy Framework, version 2.12, dated August 4, 2025.
[52]
[PDF] CAC Data Model Change in 144K Dual Interface Cards
This memo advises you of changes in the CAC data model in the upcoming 144K dual interface cards, namely the Gemalto TOP DL GX4 FIPS 144K and Oberthur ...
[53]
Common Access Card being reissued - Kaiserslautern American
Mar 16, 2012 · The new 128K and 144K CACs issued have a 2048 bit encryption key, which is required to support network access later in 2012. Most individuals ...<|separator|>
[54]
About - DoD Cyber Exchange
DoD PKI issues certificates for identification, authentication, data integrity, confidentiality, and non-repudiation, supporting DoD missions and operations.
[55]
Personal Identity Verification Card 101 - IDManagement.gov
This PIV 101 focuses on using PIV credentials for logical access such as authenticating to networks or applications or digitally signing and encrypting.
[56]
[PDF] Announcing the Commercial National Security Algorithm Suite 2.0
May 30, 2025 · General-use quantum-resistant public-key algorithms. NIST recently announced its standardization selections for post-quantum cryptography.Missing: Generation Access Card
[57]
[PDF] Operational Information Management Security Architecture - DTIC
o CAC Authentication for Users – CAC (Common Access Card) is a standard ... authentication), but does use the challenge/response idea just described for client.
[58]
DoD PKI Management Help
These requests are automatically generated during certificate validation. Currently there are 49 DoD and ECA Certificate Authorities (CA's) supported by GDS, ...
[59]
CAC Middleware...Putting the CAC to Work for Information Security
the DoD's new standard ...
[60]
[PDF] DoD Manual 5200.08, Volume 3, Physical Security Program
Jan 2, 2019 · This manual assigns responsibilities and procedures for controlling physical access to DoD installations, including three access types and ...Missing: dimensions layout
[61]
[PDF] DOD INSTALLATIONS Monitoring Use of Physical Access Control ...
Aug 22, 2019 · The Department of Defense (DOD) has issued guidance on accessing its domestic installations and strengthening physical access control ...
[62]
Defense Biometric Identification System - Moody Air Force Base
Jan 30, 2012 · The Common Access Cards (CAC) issued to military personnel, DOD civilians, and some DOD contractors and the Teslin card issued to dependants and ...
[63]
DoD Issues Time-saving Common Access Cards - DVIDS
Mar 7, 2025 · The card will eventually allow physical access to secure areas, permit entry into DoD's computer networks and serve as he authentication token ...Missing: pilot | Show results with:pilot<|separator|>
[64]
SIPRNet and NIPRNet: Key Differences Explained | Netizen
Feb 20, 2025 · Access to NIPRNet is less restrictive compared to SIPRNet, typically requiring a Common Access Card (CAC) for authentication.Missing: logical | Show results with:logical
[65]
[PDF] DoD CAC Middleware Requirements Release 4.0
Nov 26, 2012 · 4.4 Common Access Card (CAC) and Alternate Tokens ... 4 Minidriver shall indicate to the user how many remaining PIN attempts before locking.Missing: lockout | Show results with:lockout<|control11|><|separator|>
[66]
[PDF] Department of Defense Zero Trust Reference Architecture - DoD CIO
Jul 4, 2022 · Common Access Card (CAC), while secure, has not kept pace with more user-friendly multi-factor authentication advances in industry. In ...
[67]
MilitaryCAC's Information about S/MIME
Secure / Multipurpose Internet Mail Extensions (S/MIME) is a standard for public key encryption and signing of MIME data.
[68]
Enabling smart card logon - Windows Server - Microsoft Learn
Jan 15, 2025 · Active Directory must trust a certification authority to authenticate users based on certificates from that CA. Both Smartcard workstations and ...
[69]
DoD's new myAuth system surpasses 900,000 users in first two ...
Jul 25, 2025 · The Defense Department's new identity credentialing system, myAuth, has surpassed 900,000 user accounts just two months into its pilot ...
[70]
[PDF] FUTURE - Naval Sea Systems Command
Jul 25, 2019 · Common Access Card office on base, which has really improved the ... polymers and can cause delamination and corrosion,” White said ...
[71]
[PDF] NIST.FIPS.201-3.pdf
Jan 3, 2022 · In the case of deprecated features on PIV Cards such as the magnetic stripe. (Section 4.1.4.4), existing PIV Card stock with deprecated features ...
[72]
[PDF] us army product manager force sustainment systems (pm-fss)
Jul 30, 2024 · The CCC is capability to fully support deployed soldiers in austere environments as an add-on package to the. Force Provider Module. The Complex ...
[73]
Forgot your CAC PIN?
You will only be able to reset the PIN on the CAC by providing a successful match to the fingerprint stored in the DEERS database when you were issued the card.Missing: lockout expired RAPIDS
[74]
[PDF] Frequently Asked Questions (FAQs)
Answer: The CAC is the DoD ID card issued to eligible personnel, including military members, civilian employees, and contractors, to facilitate physical access ...
[75]
MilitaryCAC's Get your ID card unBlocked by visiting the nearest ...
You will have to visit an ID card office (RAPIDS (Real-time Automated Personal IDentification System)) to get your card unblocked, updated, or replaced. The CAC ...Missing: forgotten expired
[76]
Developer Resources - CAC.mil
... DoD ID Cards to Begin in October 2017. FOUO available upon request; June 2016 - Removal of Magnetic Stripe from CAC · June 2016 - Intro of SHA-256 versions of ...
[77]
[PDF] Important note from TSA-TWIC regarding the TWIC NEXGEN ...
Oct 11, 2024 · NIST deprecated the magnetic stripe per their standard for PIV cards. Very few TWIC readers were using the magnetic stripe and hence appropriate ...
[78]
[PDF] DoDM 5200.01, Volume 3, "DoD Information Security Program
Feb 24, 2012 · The contract shall require cooperation with U.S.. Government inquiries in the event of a loss, theft, or possible compromise. The sender is.
[79]
[PDF] Untitled - Army.mil
If your CAC expires and you are eligible for a new CAC, you should make an appointment and go to the nearest RAPIDS site and obtain your new CAC. For your ...
[80]
ID Card Entitlements - Air Force Personnel Center
Information of ID card entitlements, DEERS, and other resources ... To renew a secondary dependent's ID card, the sponsor should visit their servicing MPF.Missing: Common | Show results with:Common
[81]
Coronavirus Disease 2019 (COVID-19) FAQs - Coast Guard
A: If your CAC expired on or after April 16, 2020, you may have the ... overseas to visit the Federal Voting Assistance Program (FVAP) website to:.Missing: blocking | Show results with:blocking
[82]
[PDF] Codifying Information Assurance Controls for Department of ... - DTIC
Mar 15, 2010 · Security vulnerabilities can also arise in a system because of problems in the system specification, the system implementation or during system ...
[83]
[PDF] DoD EnterpriseIdentity, Credential, and Access Management (ICAM ...
Second, as a descriptive document, it supports DoD Components in understanding how to consume DoD enterprise ICAM services and how to operate DoD Component, ...<|control11|><|separator|>
[84]
[PDF] Quantum Computing and Post-Quantum Cryptography - DoD
Aug 4, 2021 · A: Quantum-resistant, quantum-safe, and post-quantum cryptography are all terms used to describe cryptographic algorithms that run on standard ...Missing: CAC | Show results with:CAC
[85]
Changes to Base Access for DoD Civilian Retirees Goes into Effect ...
Aug 28, 2023 · After August 31, 2023, Department of Defense civilian retirees will be required to show a registered REAL ID card for base access.Missing: alignment | Show results with:alignment
[86]
Mobile PIV (mPIV) Experiment - IDManagement.gov
The Unifyia ID Wallet app is a comprehensive solution for digital identity management, delivering tailored experiences for issuing authorities, credential ...Missing: DoD | Show results with:DoD
[87]
2025 - April 10d | Defense Security Cooperation Agency
Apr 10, 2025 · DSCA Policy Memo 25-04 Establishment of the Common Access Card-Enabled SAMM Site has been posted. This memorandum establishes the Common Access ...