DoD Implements Changes to Website CAC Logon

Published, January 2, 2019

DoD is required to use strong authentication credentials for network and IT system access, and the Common Access Card (CAC) is the DoD's primary mechanism for NIPRNet access authorization. On Dec. 7, DoD CIO issued a memo directing changes to the configuration of CAC certificates and their use, to align with the Federal Personal Identity-Authentication (PIV-Auth) certificate. In support of this directive the Navy issued NAVADMIN 200/18.

Homeland Security Presidential Directive 12 (HSPD-12) requires Federal departments and agencies to use strong authentication credentials for network and IT system access, the CAC is the DoD's primary mechanism for doing so on the NIPRNet. DoD has directed that the DoD's PIV-Auth certificate become the standard for DoD IT access on the NIPRNet in order to; standardize implementations and reduce inefficiencies with mission partners, improve cybersecurity posture and change management, reduce costs with maintaining DoD specific legacy authentication mechanisms, and allow the DoD to use commercial products designed to read HSPD-12 compliant Public Key Infrastructure (PKI) credentials.

To accomplish this DoD has directed DoD components to begin planning to reconfigure network and web-application user accounts to support PIV-Auth authentication, and has directed the DoD Chief Information Officer (CIO) Cybersecurity Scorecard Team to document and track progress towards achieving the changes necessary for use of the PIV-Auth certificate for authentication. To support this, the Navy has issued NAVADMIN 200/18 which among other things requires all personnel to activate their PIV-Auth certificate by 31 Jan 2019, requires website/web-application owners to post transition plans for shifting to PIV-Auth logon by the same date, and requires website/web-applications to only support use of the PIV-Auth certificate for logon by Feb. 29, 2020, and the Marine Corps has issued MARADMIN 025/19.

The most visible change to most unclassified IT users will be the change from selecting either an ID or Email for system logon to only selecting the PIV-Auth certificate. Though the PIV-Auth certificate is on all DoD CACs, it is not activated on CACs issued before Feb. 24, 2018. DON CAC holders for which the PIV-Auth certificate is not visible do not need a new CAC, but must visit the milConnect RAPIDS Self-Service portal to activate the certificate. The Navy PKI office has posted a step-by-step guide for doing so (USN PIV Activation Instructions) at https://infosec.navy.mil/PKI/main.html.

TAGS: Cybersecurity, IA, IDManagement, NEN, NNE, PKI

Related Policy
Related News
Related CHIPS Magazine
Related Resources