Navy misses PKI deadline

Updated CNO CAC & PKI Implementation Timeline and Reporting Requirements

The Navy has been granted a six-month extension to comply with Defense Department public-key infrastructure (PKI) standards, according to a memorandum issued late last month by the Office of the Chief of Naval Operations. Many users within the Navy do not have access to work stations that offer functionality for the Common Access Card or PKI.

"Monitoring of Navy PKI implementation by [the Program Executive Office for Command, Control, Communications, Computers, Intelligence and Space]...indicates a number of technical and nontechnical changes remain," the memo, dated March 26, reads. "Full milestone implementation within Navy will not be achieved by" April 1.

Part of the problem, according to the memo, is that the CAC's full functionality cannot be realized unless hardware and software is installed departmentwide, including Navy and Marine elements. The goal to accomplish that is Oct. 31.

David Wennergren, Navy chief information officer, has acknowledged Navy's accomplishments to date and directed the emphasis on PKI and associated applications and Web sites, according to the memo.

Wennergren is DOD's point man for smart cards, CAC and PKI deployment to the department. He has testified to the value of PKI security and its authentication properties.

The Navy Marine Corps Intranet (NMCI) will assist in furthering the widespread use of the CAC and PKI, but sailors and Marines not yet cut over to the enterprise-wide network often cannot avail themselves of the identifying and authenticating technologies. One of the goals of NMCI is to make all computers and workstations CAC-enabled, requiring users to use their smart cards as to log in to a system and ensuring the validity of digital signatures.

But sailors and Marines who are not working on NMCI often lack the technical hardware and software to effectively use CAC's technology features.

"Digitally signing e-mail sent within DOD is effective 1 April, or as the desktop equipment is provided," according to the memo.

The memo also calls for public key-enabled networks to be established during the next six months and for commands to take advantage of the functionality as the hardware and software is made available.