DISA plans CAC replacement prototypes for summer

PIV cards 

The common access card is on its way out, and prototype replacements could be in some users' hands by this summer.

DISA has long planned to move away from the CAC. But Vice Adm. Nancy Norton, DISA's director and commander of the Joint Force Headquarters-Department of Defense Information Networks, brought specificity to those plans during a May 15 keynote speech for the Armed Forces Communications and Electronics Association's cyber operations conference in Baltimore.

"Prototype devices for establishing assured identity are being developed right now," Norton said. "The first few will arrive this summer to assist with determining the right test parameters," with 75 devices slated for distribution later this fall.

Norton also said there would be a separate prototype that will give Defense Department pilot users "a more convenient alternative to using a CAC for authentication, decryption, and signing operations in Microsoft Windows PC environment." Continuous multifactor authentication will be used to unlock derived credentials on mobile devices, she said.

Norton also announced that DISA's Encore III contract for enterprise IT services is expected to award the small business suite in May – a $350 million multiple-award, five-year, blanket purchase agreement. The arrangement would allow DISA to consolidate requirements for professional support services into a single contract and, as Norton said, to "improve our effectiveness and efficiency with the ability to track the total professional support services expenditures for the agency."

Additionally, on the enterprise services front, DISA Executive Deputy Director Anthony Montemarano told conference-goers ahead of Norton's speech that the agency is going forward with its Defense Enterprise Office Solutions request for proposal, which has been approved by DOD's acquisition head Ellen Lord.

"We firmly believe DEOS is going to come to pass," he said.

Norton provided additional detail during her speech, saying the 137 questions and comments submitted for the draft RFP May 7 are being reviewed and industry should receive the final RFP during the fourth quarter of fiscal 2018, or anytime from July through September. "The estimated award ceiling for the single award IBIQ is $7.8 billion," she said.

DISA's priorities include cloud migrations, cyber defense security, mobility, assured identity, software-defined everything and DEOS. But Montemarano pointed to mobility as an area that's seen recent development with a deployed top secret capability, secret tablet and secret cell phone.

"Everything's going mobile," he said during a pre-conference workshop. "We're looking at the young kids and that's what they want, that's what they expect. And those are the soldiers, sailors of tomorrow."

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.