Use of a Common Access Card (CAC)

Use a Common Access Card (CAC) on a Personal Computer running Windows, Mac OS X, or Linux

A Common Access Card (CAC) is a smart card issued by the Department of Defense (DoD) to civilian employees, military personnel, and contractors. These cards, which contain user certificates, help protect data and restrict access by providing two-factor authentication to DoD systems, networks, applications, and websites. The DoD utilizes a method known as Public Key Infrastructure (PKI) to implement and enforce the use of smart cards – which contain user certificates – and personal identification numbers (PINs) for two-factor authentication. Many users will never understand or appreciate the complexity that works behind the DoD’s PKI. Nor will users fully understand why their CACs (smart cards) are not functioning on a personal computer (PC) while using a smart card reader alone. Often, CAC-holders will be misled by retailers into believing that they can use their CACs by simply inserting it into a “plug-and-play” card reader. Due to the nature of PKI, it takes a little more effort to Public Key Enable (PKE) a computer. Aside from having an internal or external smart card reader to use a CAC, the computer needs to have the hardware drivers, the trusted root chains (of the user’s certificates), and possibly even third party middleware.

While using a CAC on a PC may not be as easy as “plug-and-play,” DoD agencies and contractors have spent considerable resources to make the process as simple and inexpensive as possible, not just for system administrators, but for general users as well. Instructions and almost all downloads (with the exception of third party middleware) are accessible through the Information Assurance Support Environment (IASE) website hosted by the Defense Information Systems Agency (DISA). On the IASE website, DISA hosts a PKI-PKE subsection titled, Getting Started for End Users (external link). There, users will find instructions and downloads for enabling their Windows, Mac, or Linux computers.

Third party middleware, such as ActivID ActivClient, is not required on Windows 7 or later versions of Windows. Only Windows XP, Vista, or earlier Windows OS versions require middleware. If ActivClient is required on an operating system, personnel can usually obtain a free copy from their agency’s support desk or military installation. Alternatively, Mac OS X users can obtain middleware for free from Mac OS forge or Centrify (external links). Thus, there is no need to purchase middleware regardless of what type of operating system runs on a PC.

Source by Dustin R