CAC/PKI TRAINING GUIDE - IDManagement.gov

More documents

Recommendations

Info

1 General 4 Product Manager Secure Electronic Transactions – Devices The Army Common Access Card (CAC)/Public Key Infrastructure (PKI) program implements Department of Defense (DoD) policy to adopt smart card technology department-wide. Smart card technology implementation has been led through guidance and direction of the Deputy Secretary of Defense and Public Law 106-65, National Defense Authorization Act for FY 2000. In response to these directives, the U.S. Army has aggressively pursued the programmatic steps required to ensure a seamless integration of this emerging technology at the operational level. The CAC will be implemented to provide the following functionality: personnel identification, building access, network access utilizing Public Key Infrastructure (PKI) certificates and eventually sending and receiving digitally signed and encrypted email. The CAC will replace the current Teslin military identification card (ID) and serve as the official ID card for civilians and eligible contractors. The CAC will also be used for physical access to facilities and serve as a token to enable logical access to networks and systems. The CAC will be issued using the existing Defense Enrollment Eligibility Reporting System/Real-time Automated Personnel Identification System (DEERS/RAPIDS) infrastructure. Approximately 1.4 million CACs will be issued to all Army active duty military, National Guard members, select Reservists, DoD civilians and eligible contractors in FYs 01 to 02. 2 Introduction On 6 May 1999, the Deputy Secretary of Defense issued a memorandum that encouraged widespread use of public key-enabled applications and provided specific guidelines for applying PKI services throughout the Department. The strategy to achieve the target DoD PKI is intrinsically linked to the overall DoD strategy for achieving information assurance (IA). The 12 August 2000 Deputy Secretary of Defense memorandum further defines these guidelines and supercedes the memorandum of 6 May 1999. On 10 November 1999, the Deputy Secretary of Defense directed that the CAC be used as the DoD’s primary platform for the PKI authentication token. The report submitted in compliance with the requirement in Section 374 of FY 2000 Defense Authorization Act (Public Law 106-65) requiring the evaluation of the option of using the smart card as the DoD’s authentication token concludes the smart card is the most feasible, cost effective technology for the authentication mechanism to support the DoD PKI and to protect its critical information. The DoD CAC will employ smart card and PKI technology. The CAC is the size of a credit card and contains an Integrated Circuit Chip (ICC) that is capable of storing a significant amount of data, has both read and write capabilities as well as a Personal Identification Number (PIN) selected by the cardholder. This PIN acts as a security code for the cardholder preventing others from fraudulently using the card. The CAC also contains a magnetic stripe, a Code 39 bar code,
5 Product Manager Secure Electronic Transactions – Devices a two-dimensional PDF417 bar code, a color photograph and printed text. As DoD implements applications that use these automated technologies on the CAC, data can be added, modified, or removed from the card as needed. These cards will be used for visual identification, access to buildings and controlled spaces, and access to DoD computer networks and systems. Eventually, users will be able to use their cards to send and receive secure e-mail messages and access secure Web sites. Additional component-specific uses may be added as well. Through RAPIDS version 6.0, one or more PKI certificates are stored on the CAC. Certificates contain user identity data, the validity period for the certificate, and the public key portion of the public/private key pair used in public key encryption. Managing keys and certificates through a PKI helps an organization establish and maintain a trustworthy network environment. With a few exceptions, all the members of these target populations will be issued a CAC: • Active Duty members. • Selected Reserve and National Guard members. This includes members in these categories who are on Active Duty. There may be some exceptional situations where members in other Reserve categories will receive a CAC, because they require an electronic card to gain physical access to controlled areas or logical access to government computers. • Civilian DoD employees, including Non-appropriated Fund (NAF) and Foreign National employees. Issuance of cards to foreign military will follow the same rules as those for Foreign National DoD employees. • Designated DoD contractors who require an electronic card to gain physical access to controlled areas or logical access to government computers. The following populations will continue to be issued Teslin Uniformed Services identification and privilege cards, unless a CAC is issued for exceptional conditions, as noted in the preceding: • Reserve members who are in the Standby Reserve, Individual Ready Reserve, or the Inactive National Guard, i.e., components that are not classified as Selected Reserve. These members will receive a DD Form 2 (Reserve). • Designated DoD contractors who do not require an electronic card to gain physical access to controlled areas or logical access to government computers, but do require an ID card to conduct government business or a privilege card to access authorized DoD benefits. This mostly applies to contractors who are employed overseas or are considered emergency essential because they are likely to be assigned overseas, are serving overseas, or are employed at US installations where benefits are authorized locally. These individuals will receive DD Forms 2750 or 2764.
Page 1 and 2: CAC/PKI TRAINING GUIDE Common Acces
Page 3: 3 Product Manager Secure Electronic
Page 7 and 8: 7 Product Manager Secure Electronic
Page 9 and 10: 3.3 What is the Common Access Card?
Page 11 and 12: RAPIDS is designed to automate the
Page 13 and 14: 13 Product Manager Secure Electroni
Page 27 and 28: 24. Click “Finish” to close the
Page 29 and 30: 4. Connect the Keyboard or Mouse to
Page 33 and 34: 3. Accept the default file folder,
Page 35 and 36: 2. When the Welcome screen appears,
Page 37 and 38: 6. Click Start, Settings, Control P
Page 41 and 42: The ActivCard Serial SmartCard Read
Page 43 and 44: 3. Click “Yes” to accept the So
Page 47 and 48: 4. Select “Typical” for the set
Page 49 and 50: 6.3.3 Schlumberger Reflex 72 Serial
Page 51 and 52: 2. Double click the “Add/Remove H
Page 55 and 56:
3. Click “Yes” to accept the So
Page 57 and 58:
6.3.4 Schlumberger Reflex USB Card
Page 59 and 60:
59 Product Manager Secure Electroni
Page 61 and 62:
6.3.4.2 Installation on Windows 98
Page 63 and 64:
Page 65 and 66:
6.3.5.1 Installation on Windows 200
Page 67 and 68:
4. Click “Yes” to accept the So
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
7. Click on “Finish” to complet
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
19. Click “OK” to close the Cer
Page 85 and 86:
23. Click “Finish” to complete
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
3. The Certificate Import Wizard wi
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
101 Product Manager Secure Electron
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
To turn off MS Word as an Email Edi
Page 119 and 120:
Page 121 and 122:
6. Click on “Digitally Sign Messa
Page 123 and 124:
7 Functional Training Scenarios 7.1
Page 125 and 126:
Page 127 and 128:
7. Click “Send” to send the mes
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
7.3.2 Retrieval from DOD PKI Direct
Page 139 and 140:
3. Select the “Standard Search”
Page 141 and 142:
Page 143 and 144:
9. Select “Save this file to disk
Page 145 and 146:
Page 147 and 148:
17. The Public Key has now been imp
Page 149 and 150:
7.3.2 Windows 98 Network Login 1. I
Page 151 and 152:
Page 153 and 154:
8. Enter your PIN at the prompt. 9.
Page 155 and 156:
3. Who will receive a CAC? 155 Prod
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165:
show all

CAC/PKI TRAINING GUIDE - IDManagement.gov

Create successful ePaper yourself

Delete template?

Save as template?