Defense to test PIV II-compliant access cards

By early next year, the Defense Department expects to have an idea of what bases, and how many, will test new common access cards (CACs) that meet Federal Identity Processing Standard-201, Personal Identity Verification II.

Mike Butler, chief of DOD's smart card programs, said today that the agency will conduct as many as nine pilots starting as early as April 2006 across all the services. Butler's office would issue about 20,000 new CACs and the bases would have to upgrade their physical security systems.

'We will work with any base that volunteers,' Butler said today at a Homeland Security Presidential Directive-12 conference sponsored by the market research firm Input Inc. of Reston, Va. 'They will have to pay for the changes to their physical infrastructure. The cards will continue to look like the CAC but have PIV II capabilities.'

Butler added that his office will provide card issuance stations. 'We expect to have full CAC production that meets PIV II by October 2006,' he said. 'We did a gap analysis between FIPS 201 and our CAC card and there were 700 items we had to do and most are planned or under way.'

The Bush administration mandated that all agencies have the back-end infrastructure in place by Oct. 26 to issue PIV-II compliant cards.

Butler said that because DOD has issued more than 8 million cards and has 3.2 million in operation, it will transition to PIV II over the next few years.

Mary Dixon, deputy director of the Defense Manpower Data Center, said at another conference last month that DOD will place a Java applet on the CAC card to meet the PIV II requirements.

'When we want to or need to change, it is easily doable,' she said at a conference on HSPD-12, sponsored by the CIO Council. 'The applet will be used when someone from DOD does business with a non-DOD agency. Otherwise, the CAC will continue to be used as it is now.'

Dixon said DOD had planned a new card architecture when HSPD-12 came along. So instead of changing the entire card each time, the applet lets Defense modify it when necessary.

'When we put the applet on the card, we will be PIV II-compliant,' Dixon said. 'We will replace existing cards as the current ones expire.'

She expects a huge percentage to be replaced in two years and most by the end of 2009.

inside gcn

  • digital key (wavebreakmedia/Shutterstock.com)

    Encryption management in government hyperconverged IT networks

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group