NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0486 DOD-New Cards for Enhanced Security:
The Department of Defense is on track to upgrade the workstations that issue the identity credentials of
its personnel worldwide to comply with the requirements of Homeland Security Presidential Directive
(HSPD) 12 by the end of the year, according to a top official in the Defense Manpower Data Center
(DMDC). To meet the mandate of HSPD-12, DoD must issue personal identity verification (PIV) cards that
provide military and civilian employees with physical and logical access to its facilities and computer
systems, respectively. In addition, the new cards must work in a contactless mode, enab ling warfighters
and civilians to enter buildings by sweeping their identity passes past a reader that interprets information
from the cards without contact with a magnetic strip. As of press time, DoD had upgraded more than 450
workstations out of 2,300 worldwide for the Real-Time Automated Personnel Identification System (RAPIDS)
from its old Common Access Card (CAC) infrastructure to support the new HSPD-12 cards, said DMDC director
of Personnel Identity Protection Solutions Division. This card is a bit different than any others because
possession of this card implies a reliable train of trust, a reliable standardized level of vetting the
cardholder so that you have a greater level of trust that the person holding the card is who they say they
are. It has a strong tie to biometrics. It has the potential for the concept of federation, which is new
to federal space. Federation is the ability to recognize and trust a credential that has been issued by
an organization other than your own, based on confirmation that the proofing and vetting of the cardholder
has been completed, the process is auditable so it can be trusted, and the credential can be rapidly
electronically authenticated. Another part of the genius of HSPD-12 standards is that the loss of a PIV
card would not compromise government employees at any of these agencies. There is no private information on
any of these cards. Even the fingerprint data collected on these HSPD-12 cards is not a fingerprint. It
is something called minutia. They take your fingerprint and run it through an algorithm. That produces a
number. That number is unique to your fingerprint but there is no way to reverse-engineer the number to
find out what your fingerprint is.
(Military Information Technology 09APR08)