MARADMIN 025/19
111442Z JAN 19
MSGID/GENADMIN/CMC WASHINGTON DC C4//
SUBJ/MODERNIZING THE COMMON ACCESS CARD (CAC) – STREAMLINING IDENTITY AND IMPROVING OPERATIONAL INTEROPERABILITY//
REF/A/DOC/HSPD-12/POTUS/27AUG04//
REF/B/DOC/FIPS 201-2/NIST/28FEB17//
REF/C/DOC/MEMORANDUM/DOD CIO/07DEC18//
NARR/REF A IS HOMELAND SECURITY PRESIDENTIAL DIRECTIVE 12, POLICY FOR A COMMON IDENTIFICATION STANDARD FOR FEDERAL EMPLOYEES AND CONTRACTORS.  REF B IS NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY FEDERAL INFORMATION PROCESSING STANDARD (FIPS) 201-2, PERSONAL IDENTITY VERIFICATION OF FEDERAL EMPLOYEES AND CONTRACTORS.  REF C DOD CIO MEMORANDUM “MODERNIZING THE COMMON ACCESS CARD – STREAMLINING IDENTITY AND IMPROVING OPERATIONAL INTEROPERABILITY.”//
POC/DR. R. A. LETTEER/CIV/C4 CY/TEL: 703-693-3490/EMAIL: RAY.LETTEER@USMC.MIL//
POC/C. A. HESEMANN/CIV/C4 CY/TEL: 703-693-3490/EMAIL: CHRISTINE.HESEMANN@USMC.MIL//
GENTEXT/REMARKS/1.  As the cac modernization effort continues, this MARADMIN message outlines and directs action that all Marine Corps personnel, including non-classified internet protocol router network (NIPRNET) users and web/application owners must comply with.
2.  Background:
2.a.  As outlined in refs (a) and (b), DOD is transitioning to one common authentication public key infrastructure (PKI) certificate on PKI tokens (i.e., ALTTOKEN, CAC) called the personal identity verification authentication (piv auth) certificate.  The piv auth certificate is mandated as the standard for niprnet, web/application login and establishes continuity across federal and mission partner organizations for the use of DOD PKI certificates.
2.b.  The planned end-state will reduce the certificate profile from four to three encoded certificates: piv auth for authentication, signature for e-mail/document signing, and encryption for encrypting files and emails.  The identity certificate will be removed and the email signing certificate will no longer support client authentication or smartcard logon.
3.  IAW ref (c), required action for all Marine Corps personnel.
3.a. In Jun 2016, the piv auth certificate was activated by DOD on all Marine Corps CACs at issuance.  If a CAC was issued after Jun 2016, no further action is required.  3.b. Cardholders with CACs issued prior to Jun 2016 must activate the piv auth certificate by using the online id card office, (https:(slash)(slash)www.dmdc.osd.mil/self service/).  Use the cac maintenance option.
4.  IAW ref c, action for all Marine Corps NIPRNET users, web/application owners.
4.a. Marine Corps NIPRNET, web/applications owners shall transition to use of the piv auth certificate for user authentication no earlier than 01 Jul 2019 and no later than 31 Jan 2020.
4.b. Web and application owners relying on active directory (ad) for user authentication will transition when the active directory relied upon transitions.
4.c. Web and application owners currently relying on the identity certificate or email signing certificate will transition to the piv auth certificate for user authentication on or before 31 Jan 2020.
4.d. Web and application owners shall announce a date of transition to accepting only the piv auth certificate by posting a transition plan on website/application to inform users NLT 60 days from the release of this message.
5.  The MCCOG PKI team is available to assist owners in the transition to the piv auth certificate.  Request for assistance must be made by remedy work order (WO).
6.  No waivers will be considered or granted for this transition.
7.  This MARADMIN message will remain in effect until superseded by inclusion in ECSM 013 PKI.
8.  Release authorized by BGen Lorna M. Mahlock, Director, Command, Control, Communications, and Computers (C4), Department.//