DOD extends Common Access Cards deadline

The Defense Department has extended by six months its deadline for issuing Common Access Cards to its more than 4 million users. It still has about 500,000 cards to distribute.

Defense initially had planned to issue all the cards by October to active-duty, civilian and contract workers and some reservists. The cardholders use the CACs for network authentication and digital signatures on the department's public-key infrastructure.

The enormity of the project made the extension necessary, said Mike Butler, chief of smart-card programs for DOD's Access Card Program Office. The department has been issuing between 10,000 and 14,000 cards a day.

'It's a big logistics deal,' Butler said. 'It's a challenge because there's a lot of rules and policies especially when you are giving PKI certificates to folks. Just the encoding time on the CAC takes about five minutes.'

The Smart Card Senior Coordinating Group decided in September to push the deadline date back to avoid an onslaught of last-minute waiver requests.

To date, 3.7 million users have received smart cards since the program began more than three years ago. But that number fluctuates between the several thousand employees who have left military service and turned back in their cards and the thousands of new recruits being assigned cards each day, Butler said. The cards currently use the Java Card run-time environment on 32K chips.

After the April deadline, Butler said, the DOD Access Card Office is looking ahead to the next wave of smart cards, which will carry 64K chips. The next-generation cards will also include digital images and biometric identifiers. DOD's medical organizations also are working on some standard data elements that they could include on the cards.


  • automated processes (Nikolay Klimenko/

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected