CAC

The Common Access Card (CAC), also commonly referred to as the CAC or CAC card, is a smart card about the size of a credit card used for multi-factor authentication. It is the standard identification for Active Duty United States Defense personnel, to include the Selected Reserve and National Guard, United States Department of Defense (DoD) civilian employees, United States Coast Guard (USCG) civilian employees and eligible DoD and USCG contractor personnel. It is also the principal card used to enable physical access to buildings and controlled spaces, and it provides access to DoD computer network and systems.

The CAC Card also serves as an identification card under the Geneva Conventions (esp. the Third Geneva Convention). In combination with a personal identification number, a CAC satisfies the requirement for two-factor authentication: something the user knows combined with something the user has. The CAC also satisfies the requirements for digital signature and data encryption technologies: authentication, integrity and non-repudiation. The embedded microchip contains a digital image of the cardholder’s face, two digital fingerprints, organizational affiliation, Social Security number, agency, card expiration date, and PKI certificate. The card enables the encryption and cryptographic signing of email and use of public key infrastructure (PKI) authentication tools.

When a CAC is inserted into a smart card reader and the associated PIN has been entered, software in the reader uses standard Internet protocols to compare the information on the card’s chip with data on a government server and either grant or deny access. While a CAC is being used to access a computer system, the card stays in the reader for the duration of the session. When the card is removed from the reader, the session ends and the system remains inaccessible until the next user is validated.