OFFICE OF THE SECRETARY OF DEFENSE MEMORANDUM
OFFICE OF THE SECRETARY OF DEFENSE1000 DEFENSE PENTAGONWASHINGTON, D.C. 20301-1000CLEAREDFor Open PublicationFeb 01, 2019Department of DefenseOFFICE OF PREPUBLICATION AND SECURITY REVIEWMEMORANDUM FOR: SEE DISTRIBUTIONSUBJECT: Modernizing the Common Access Card - Streamlining Identity and ImprovingOperational InteroperabilityHomeland Security Presidential Directive 12 (HSPD-12) requires Federal departmentsand agencies to use strong authentication credentials to access their networks and informationsystems. The Common Access Card (CAC) is the DoD's primary credential for fulfilling theserequirements on the Non-Secure Internet Protocol Router Network (NIPRNet). Withoutadjustments to DoD's CAC implementation, the Department will continue to diverge from thePublic Key Infrastructure (PKI) standards utilized by the rest of the Federal Government,mission partners, and industrial suppliers. This memorandum makes the DoD's Personal IdentityVerification (PIV)-Authentication (Auth) certificate the standard for access to DoD informationtechnology assets on the NIPRNet across the Department.The United States warfighter's ability to interoperate with various mission partners ishampered by a lack of common identity standards. This memorandum directs the alignment ofDoD's use of the CAC with the Federal PIV-Auth certificate to: Standardize implementations and reduce inefficiencies around secure informationexchange with DoD, Federal. state, local, territorial, and tribal mission partners. Improve cybersecurity posture and simplify configuration and change management ofDepartment network resource authentication, as well as the implementation andreporting of risk management controls, by using a common Department-wide PKIprincipal authenticator. Reduce costs associated with maintaining DoD-peculiar legacy authenticationmechanisms. such as legacy CAC interfaces and certain smart card middleware. Allow the Department to use commercial products designed to read federal HSPD-12PIV compliant PKI credentials.By May I, 2020. DoD will issue a new configuration of DoD PKI certificates on theCAC in which the number of certificates will be reduced from four to three. At the same time.DoD's unclassified network and secure web asset user accounts will use the DoD PIV-Authcertificate as the only PKI certificate on the CAC for authenticating users.Accordingly. this memorandum directs: fDoD Components to begin immediate planning and prioritizing for reconiguringtheir network and web-application user accounts to support PfV-Auth authentication.
The DoD Chief Information Officer (CIO) Cybersecurity Scorecard Team todocument and track the progress of configuration changes to DoD unclassifiednetwork and web application user-accounts necessary to accommodate the use of thePIV-Auth certificate. The Scorecard Team will establish periodic reporting metricsfor the DoD Components and share this information with the DoD Identity Protectionand Management Senior Coordinating Group (IPMSCG). The DoD IPMSCG willmonitor and oversee the following actions:By May L 2019: DoD Components will provide their individual transition plans to the DoD CIOCybersecurity Scorecard Team. The Defense Information Systems Agency (DISA) will develop education, outreach,and training materials on changes to the CAC and instructions for selecting the PIV Auth certificate for authentication to NIPRNet systems.By May 1. 2020: The National Security Agency, DISA, and the Defense Management Data Center willcollaborate to create a new version of the CAC that contains certificates and attributesas outlined in Attachment 1. DoD Components will ensure unclassified network and secure web asset useraccounts leveraging user principal names (UPNs) are required to use the DoD PIV Auth certificate on the CAC for authenticating users. Particular attention should beplaced on the activity identified in Attachment 2 (Certificate Reduction TransitionAreas). DoD Components will complete re-provisioning all NIPRNet web application useraccounts not using UPNs to map to DoD PIV-Auth certificate.Your assistance and attention to detail in helping the Department make a seamlesstransition to better support interoperability with our mission partners are greatly appreciated.The points of contact for this effort are: Ms. Patricia Janssen for the Office of the DoD CIO,who may be reached at patricia.l.janssen.civ@mail.mil, or (571) 372-4221; and Mr. AlexSedillos for Office of the Under Secretary of Defense for Personnel and Readiness, who may bereached at alex.a.sedillos.civ@mail.mil, or (831) 583-2400.Dana DeasyAssistant Sec etary of Defense for Manpower DoD Chief Information Officerand Reserve Affairs, Performing the Dutiesof the Under Secretary of Defense forPersonnel and ReadinesAttachments:As statedcc:Chair, DoD IPMSCG
DISTRIBUTIOChief Management Officer of the Department of DefenseSecretaries of the Military DepartmentsChairman of the Joint Chief of StaffUnder Secretaries of DefenseChiefs of Military ServicesChief of the National Guard BureauCommandant of the Coast GuardCommanders of the Combatant CommandsGeneral Counsel of the Department of DefenseDirector of Cost Assessment and Program EvaluationInspector General of the Department of DefenseDirector of Operational Test and EvaluationAssistant Secretary of Defense for Legislative AffairsAssistant to the Secretary of Defense for Public AffairsDirector of Net AssessmentDirectors of Defense AgenciesDirectors of DoD Field Activities3
Attachment 1: Detail of Emerging Changes to Certificates on CACDoD PKI X.509 Certificates On CACDoD E-mailDoD PIVSigningAuthenticationKU:KU:Key Usage (KU): Digital Digital signature Digitalsignaturesignature Non-repudiation NonExtended KeyrepudiationUsage (EKU): Smart CardEKU: SCLLogon (SCL) Client ClientAuthenticationAuthentication Secure E-mailSubject AlternateName (SAN)Field:SAN Field: Federal DoD DerivedDerived UserUPNPrincipal Request ForName (UPN)Comment Federal(RFC) 822Agency SmartnameCredentialNumberSame as currentSame as current.Remove Certificateexcept: Remove SCLEKU RemoveClientAuthenticationEKU Add Microsoftdocumentsigning EKU Remove DoDDerived UPNin SANDoD IdentityCurrentCACFutureCACCLEAREDFor Open PublicationFeb 01, 2019Department of DefenseOFFICE OF PREPUBLICATION AND SECURITY REVIEWDoD E-mailEncryptionKU: KeyEnciphermentSAN Field:RFC 822 nameSame as current.
Attachment 2: Certificate Realignment Transition AreasWhen DoD IT assets encounter a CAC after May 1, 2020, the CAC holder's account is to be re provisioned or updated so existing access is not disrupted. The following areas have beenidentified as priorities for the DoD Components to address and ensure:J. Defense Information Systems Agency (DISA) Enterprise Application Services Forests(EASF) is modified to be able to provision user accounts/authenticate users to DoDenterprise web applications (e.g., Defense Collaboration Service, Defense Enterprise Portal,Defense Enterprise E-mail) for non-dual persona personnel with DoD PIV authenticationcertificate (and its 16-digit Federal derived User Principal Name (UPN)), rather than DoD E mail signing certificate (and its DoD-derived 10 digit UPN, i.e., DoD ID Number).2. Any DoD UNCLASSIFIED website using a DoD identity certificate is modified to provideuser accounts/authenticate users with a DoD PIV authentication certificate rather than a DoDidentity certificate.3. Any DoD UNCLASSIFIED website requiring the DoD E-mail signing certificate is modifiedto be able to provision user accounts/authenticate users with DoD PIV authenticationcertificate.4. All DoD UNCLASSIFIED network/Active Directory user accounts are modified/re provisioned to use DoD PIV authentication certificate (and its Federal derived 16-digit UPN)rather than DoD E-mail signing certificate.CLEAREDFor Open PublicationFeb 01, 2019Department of DefenseOFFICE OF PREPUBLICATION AND SECURITY REVIEW
Defense Enterprise E-mail) for non-dual persona personnel with DoD PIV authentication certificate (and its 16-digit Federal derived User Principal Name (UPN)), rather than DoD E mail signing certificate (and its DoD-derived 10 digit UPN, i.e., DoD ID Number). 2. Any DoD UNCLASSIFIED websit
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
Le genou de Lucy. Odile Jacob. 1999. Coppens Y. Pré-textes. L’homme préhistorique en morceaux. Eds Odile Jacob. 2011. Costentin J., Delaveau P. Café, thé, chocolat, les bons effets sur le cerveau et pour le corps. Editions Odile Jacob. 2010. Crawford M., Marsh D. The driving force : food in human evolution and the future.
Le genou de Lucy. Odile Jacob. 1999. Coppens Y. Pré-textes. L’homme préhistorique en morceaux. Eds Odile Jacob. 2011. Costentin J., Delaveau P. Café, thé, chocolat, les bons effets sur le cerveau et pour le corps. Editions Odile Jacob. 2010. 3 Crawford M., Marsh D. The driving force : food in human evolution and the future.
