DoD Implementation Guide for CAC PIV End-Point

1.1   Background
Homeland Security Presidential Directive-12 [HSPD-12] mandates the implementation of a Federal Information Processing Standard 201 [FIPS 201] Personal Identity Verification (PIV) of Federal Employees and Contractors. The Department of Defense (DoD) Common Access Card (CAC) and DoD Public Key Infrastructure (PKI) programs are being aligned to meet this additional set of requirements. This document takes into account recent updates to FIPS 201, SP800-73-1 and SP800-76.

This document acknowledges that the cryptographic parameters specified by National Institute of Standards and Technology (NIST) SP 800-73-1 will evolve to larger key sizes and hash algorithms according to the time line published in SP800-78. Guidance on physical access is being developed in draft SP 800-116.

Note: For the sake of simplicity the term “CAC Next Generation” or “NG” is also referred to as the “CAC Transitional” or “Transitional” in line with NIST SP800-73-1 part 2 or PIV Transitional.

1.2   Purpose
This Guide specifies technical details for implementing PIV II National Institute of Standards and Technology (NIST) Special Publication (SP) 800-73-1 End-Point requirements in the DoD CAC environment. It covers PIV and DoD mandatory and optional capabilities. It takes advantage of the editorial clarifications in the SP 800-73-2 but otherwise does not include v2.

This Guide emphasizes the delta from the previously published 2007 DOD Implementation Guide for the CAC Next Generation. This document specifically deals with the PIV as implemented on the CACv2 with Transitional platform. Middleware specifications are discussed in other documents.

1.3   Audience
This guidance is written for those who provide, acquire, test or develop CAC/PIV applications, middleware or applets for the DoD CAC/PIV End-Point Smart Card program.

1.4   Assertions
• Scope of this document is the delta between the CAC Transitional and PIV EndPoint.
• Scope is the End-point interfaces and data model as described in parts 1 and 3 –
• The PIV and CAC applications have clearly defined dependencies.
• CAC is the primary application for DoD
• DoD adds PIV mandatory data model elements to the CAC
• This guide focuses on Java Card implementation
• Optional SP 800-73-1 elements may be mandated for internal use by DoD
• Backward compatibility with existing middleware and card
• DoD middleware has the ability to communicate with CAC, CAC Transitional and
• CAC Credentials will be the primary Credentials
• PIV Transitional and PIV End-Point both surface at the card edge and share the7 of SP 800-73-1 PIV End-point  same data

The CAC platform baseline requirements, host application, issuance process, and card usage are only mentioned here when required as context.

Download (PDF, 547KB)