The Common Access Card or CAC is a smart card designed to be used as an ID card that enables physical access to buildings and controlled space like server rooms and for access to computer systems and networks. Department of Defense (DoD) deployed this system to meet its high security requirements for authentication of personnel entering in the Department’s buildings, controlled areas and computer networks. Common Access Card is a smart card that has public key infrastructure (PKI) features to provide secure system functionalities such as authentication, data integrity, confidentiality and non-repudiation. CAC stores the private key of the client certificates, used with PKI cryptography program, in the card and it is hard to extract this key from the card.
Common Access Card relies on public key systems and certificates which are way more secure than the current common username and password based identity management systems. An important consideration with Public key based system is that the system is secure as long as the private key remains private. CAC is temper resistant and portable. The CAC is planned to be most widely used in the future to encrypt Email, expanding number of web portals for online business suing public key infrastructure (PKI) authentication tools. Adding a biometric to the card will provide three-factor authentication.
Common Access Card (Smart Card) Deployment
Enterprises are consistently looking for secure solutions that provide easily deployable, strong authentication with data protection capacity and improved user experience. CAC is believed to provide strong protection without the need to modify their existing infrastructure. With CAC, organizations are looking to achieve strong multi-factor authentication, access into all applications with added single sign on features. To that end, cost efficient deployment and life cycle management strategy is a must.
The basic phases of CAC (smart card) deployment as outlined by Microsoft are:
- Envisioning phase. Develop clear vision for the CAC implementation. Involve higher management. Executive buy-in is crucial to get sponsorship for the project. This is where requirement gathering, documenting of the requirements, creating vision strategy, Team building and preparation and high-level vision or scope review will be conducted.
- Planning phase. After the envisioning phase has been full executed and the visionscope approved for implementation, this phase will follow. In this phase, detailed planning and specification for the CAC deployment project will be outlined. The main activities in this phase would be preparing the functional specification for CAC, Designing the chip and cards and readers, preparation of schedule and budget, prepare Risk assessment were the team will brainstorm the risks to the smart card deployment in a way that it will address risks associated to lost cards, inconsistency, inefficiency etc., conduct a project plan review.
- Development phase. Enterprises usual work with different software vendors and card manufacturers to custom design their smart card solutions. However, some in-house development is required to enable smooth application integration, develop deployment script and to add custom features depending on the type of business the firm does and security considerations. The main tasks in this phase are proof of concept to test the card solution in a simulated lab setting, pre-production testing, pilot deployment, preparing of production deployment plan, policies and procedures, determine the number of cards needed, plan process for card issuance and training end user and conduct a ready-to-release review. Once the tasks in this phase have been executed the final stage in the smart card deployment process would be to deploy core technology, deploy readers and begin issuance of the card.