Navy mulls user access for NMCI

The Navy Department is considering using one portal product that will help control individuals' access to applications the department will place on its burgeoning $6.9 billion Navy Marine Corps Intranet.

Users logging on to NMCI, which will tie together on one network all the services' shore-based organizations, would obtain access to the intranet using a Common Access Card inserted into their computer's PC Card reader.

The Web-based portal product would replace the Navy's costly effort to develop a public-key infrastructure for all applications accessible via NMCI. The portal would be PKI-enabled and would work as a handshake with the access card, verifying the card and reading which applications the user has permission to access.

"I never have to PKI-enable the application" using the portal, said Ron Turner, deputy chief information officer at the Navy for infrastructure, systems and technology. "That's something we're looking at investing in heavily."

But Linton Wells II, the Defense Department's acting CIO, has questions. "The problem I have is the security in the portals," he said May 30 at the Army Small Computer Program conference in Baltimore. He conceded that there's sometimes a trade-off between security and functionality.

DOD has required the military services to PKI-enable all applications by 2003, many of which are on legacy systems. Navy officials believe the portal and access card will meet DOD guidelines.

Turner said that, from a CIO perspective, the Navy would like to have one portal product, but he is not sure such technology is available yet.