DOD to eliminate common access cards

DOD to eliminate common access cards

Department of Defense CIO Terry Halvorsen announced on June 14 that his agency will be eliminating common access cards for authenticating users on information systems.  “We are embarking on a two-year plan to remove CAC cards from our information systems,” he said at the Brocade Federal Forum in Washington D.C. 

“Frankly, CAC cards are not agile enough to do what we want,” he said.  According to Halvorsen, the cards have too much overhead in terms of cost, time and location. It's difficult, for example, to get to one's CAC card to access a system when mortar shells are flying, he quipped. 

The plan is to use true multifactor authentication and some combination of behavioral or biometric information to allow users to access networks.  Halvorsen was sure to clarify that DOD would not be eliminating public key infrastructure (PKI) encryption. 

Defense Information Systems Agency Director Lt. Gen. Alan Lynn previously alluded to the notion of behavioral authentication.  At an April event, Lynn suggested leveraging some form of commercial technology such as the popular traffic mobile application Waze, which monitor users’ travel patterns, exact location, speed and other data points to figure out how best to get drivers where they’re going.  This information, Lynn said, could paint behavioral pictures, deviations from which could tip off system administrators that users might not be who they say they are.   

Halvorsen also discussed data center consolidation, conceding that it’s “no secret, we’re behind in data center closures inside of DOD.”  He announced the establishment of a panel within DOD – which will include some members of industry –  to look at the 50 most expensive data centers currently in operation and figure out which should be closed. Halvorsen called this an easy first step,  noting that the harder step will be determining where the data housed in those closed centers will go.  That, he said, will be an enterprise decision, not an individual element decision.

Editor's note: This article was changed June 22 to correct a reference to PKI.

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected