DOD preps smart card roll out

The Defense Department is about to launch departmentwide deployment of its Common Access Card program, after issuing more than 84,000 smart cards during the last year as part of a beta test.

The CAC program uses secure, multi-application smart cards for physical identification, building access and network access. DOD's goal is to have the 4 million eligible personnel, including those in active duty, selected reservists, DOD civilians and some contractors, to be issued their unique card from more than 900 issuance centers within 15 months, said Mary Dixon, director of access card programs at DOD.

Among the initial applications for the card are public-key infrastructure functions, including authentication, encryption, decryption and digital signing, said Ken Scheflen, director of the Defense Manpower Data Center. Applications with the defense travel system and warfighter support are other short-term goals, with biometrics, logistics and medical functions possible future uses, he said.

The cards will act as "the passport to the electronic world" for users, and the digital signature capability will help DOD's "business and commerce move away from cumbersome paper-based systems," said David Chu, undersecretary of defense for personnel and readiness.

John Stenbit, DOD chief information officer, said the goal of the program is to "move toward a network-centric world." He said he had not heard of any privacy concerns from DOD personnel because the information on the cards includes the cardholder's name, picture, fingerprint and a personal identification number, which are "conveniences, not intrusions."

Chu and Stenbit were issued their cards —in a process that takes about 15 minutes —during an Oct. 29 event at Electronic Data Systems Corp. in Alexandria, Va. EDS is the prime contractor on the CAC program and is working with a number of other vendors, including SchlumbergerSema, which is providing the smart card readers, and Infineon Technologies AG, which is providing the secure microcontroller chips.

The cards are good for a maximum of three years and can hold 32K of information, with a technology refresh built into the contract to keep DOD from falling behind as advancements occur or applications are added, Dixon said.

"What we're committed to doing is whatever we do in the future won't obsolete what we did in the past," she said, adding the three-year life cycle is similar to how most agencies treat their PC purchases. "The same thing will happen with the cards."

Paul Beverly, a vice president at SchlumbergerSema, North America, said his company already has a 64K card and a 128K model on its roadmap, but that memory isn't really the issue with DOD. "It's really [about] the policies and procedures of what information will go on the card."