SOFTWARE INCOMPATIBILITY WITH REGARD TO THE FIELDING OF THE NEXT GENERATION COMMON ACCESS CARD (CAC)
Date Signed: 1/31/2007 | MARADMINS Number: 063/07
MARADMINS : 063/07

UNCLAS 311543Z JAN 07
CMC WASHINGTON DC(UC)
TO AL MARADMIN(UC)
MARADMIN
MARADMIN 063/07
MSGID/GENADMIN/R1//
SUBJ/SOFTWARE INCOMPATIBILITY WITH REGARD TO
/THE FIELDING OF THE NEXT GENERATION COMMON ACCESS CARD (CAC)//
REF/A/MSGID:DOC/HSPD 12/YMD:20040827//
NARR/REF A IS HOMELAND SECURITY PRESIDENTIAL DIRECTIVE 12
WHICH DIRECTED THE IMPLEMENTATION OF A GOVERNMENT-WIDE
STANDARD FOR SECURE AND RELIABLE FORMS OF IDENTIFICATION
ISSUED BY THE FEDERAL GOVERNMENT TO ITS EMPLOYEES. //
POC/JOSEPH S. UCHYTIL/CAPT/HQMC C4 IA/-/TEL:703-693-3490
/TEL:DSN 223-3490/EMAIL:JOSEPH.UCHYTIL@USMC.MIL//
POC/CHRISTINE HESEMANN/CTR/HQMC C4 IA/-/TEL:703-693-3490
/TEL:DSN 223-3490/EMAIL:CHRISTINE.HESEMANN.CTR@USMC.MIL//
GENTEXT/REMARKS/1. BACKGROUND. IN ORDER TO MEET THE
PROVISIONS OF REF A, THE DOD WILL BEGIN FIELDING
THE NEXT GENERATION CAC TO ALL ID CARD ISSUANCE
FACILITIES. AS THE CURRENT CAC IS PHASED OUT,
THERE WILL BE TWO NEW TYPES OF CACS FIELDED; THE
TRANSITIONAL AND THE NEXT GENERATION. THE
DELIVERY OF THE TRANSITIONAL CAC TO ID CARD
FACILITIES BEGAN ON 18 JANUARY AND WILL CONTINUE
UNTIL 28 OCT 2007 WHEN ONLY NEXT GENERATION CARDS
WILL BE ISSUED. DURING THE TRANSITIONAL PERIOD,
PERSONNEL VISITING AN ID CARD ISSUANCE FACILITY
WILL BE PROVIDED WITH ONE OF THREE TYPES OF CAC:
CURRENT, TRANSITIONAL OR NEXT GENERATION. WITHIN THE
NAVY AND MARINE CORPS INTRANET (NMCI) THERE EXISTS
THE POTENTIAL PROBLEM THAT SOFTWARE ON INDIVIDUAL
WORKSTATIONS REQUIRED TO READ THE PKI CERTIFICATES
ON THE CAC IS INCAPABLE OF READING THE
TRANSITIONAL AND NEXT GENERATION CACS.
2. SCOPE. THIS MESSAGE APPLIES TO ALL DOD PERSONNEL
(TO INCLUDE GOVERNMENT CIVILIANS AND CONTRACTORS)
THAT OBTAIN A NEW CAC THROUGH THE NORMAL COURSE OF
BUSINESS (I.E. EXPIRATION, PROMOTION, LOST CARD ETC.).
THIS MARADMIN IS NOT DIRECTING ALL USERS TO OBTAIN
NEW CACS.
3. INFORMATION
A. AS OF 31 DEC 2006, ALL NMCI WORKSTATIONS UTILIZE
ACTIVCLIENT 5.4 MIDDLEWARE. THIS SOFTWARE READS THE
PKI CERTIFICATES FROM A CAC, WHICH IN TURN ALLOWS THE
USER TO PERFORM CRYPTOGRAPHIC LOGON (CLO) TO THEIR
WORKSTATION(S), SIGN/ENCRYPT EMAIL OR ACCESS DOD PK
ENABLED WEBSITES. THIS VERSION OF ACTIVCLIENT ONLY
WORKS WITH THE CURRENT CAC. VERSION 5.4 DOES NOT
SUPPORT THE TRANSITIONAL OR NEXT GENERATION
VERSIONS OF THE CAC.
B. ACTIVCLIENT 6.0 IS REQUIRED TO BE INSTALLED ON
INDIVIDUAL WORKSTATIONS IN ORDER TO READ THE
TRANSITIONAL AND NEXT GENERATION CACS. NMCI
HAS PROPOSED AN ENTERPRISE ROLLOUT SCHEDULE OF
ACTIVCLIENT 6.0 BEGINNING IN EARLY FEBRUARY 2007,
WITH AN ESTIMATED COMPLETION DATE OF 1 APRIL 2007.
C. NMCI USERS HOLDING A CAC NOT SUPPORTED BY THE
WORKSTATIONS MIDDLEWARE CANNOT PERFORM CLO, CANNOT
DIGITALLY SIGN/ENCRYPT EMAIL AND ARE UNABLE TO ACCESS
PKI ENABLED WEBSITES. USERS RECEIVING EITHER THE
TRANSITIONAL OR NEXT GENERATION CAC, BUT HAVE
YET TO HAVE THEIR WORKSTATION(S) UPDATED WITH
ACTIVCLIENT 6.0, NEED TO FOLLOW INSTRUCTIONS IN
PARAGRAPH 4B FOR NMCI USERS AND 4C FOR NON-NMCI USERS.
D. THE TRANSITIONAL CARD LOOKS THE SAME AS THE CURRENT
CARD WITH ONE MINOR DIFFERENCE: ON THE BACK OF THE CARD,
ABOVE THE MAGSTRIPE IN THE UPPER LEFT-HAND CORNER, THE
MANUFACTURER NAME WILL READ EITHER GEMALTO ACCESS OR
OBERTHUR ID ONE V5.2.
E. THE NEXT GENERATION CAC HAS A DIFFERENT
PHYSICAL LAYOUT MAKING IT EASILY DISTINGUISHABLE
FROM THE CURRENT AND TRANSITIONAL CACS.
THESE DIFFERENCES CAN BE VIEWED ON THE DOD CAC
WEBSITE AT: HTTPS:(SLASH SLASH)WWW.CAC.MIL.
F. IN ORDER TO ASSIST IN DETERMINING WHICH TYPE
CAC MAY BE ISSUED, HQMC, C4 IA WILL POST INFORMATION
AS TO WHEN EACH ID CARD ISSUANCE FACILITY WILL BE
PROVIDED WITH TRANSITIONAL AND NEXT GENERATION CACS.
THIS INFORMATION CAN BE FOUND AT
HTTPS:(SLASH SLASH)HQDOD.HQMC.USMC.MIL/CAC.ASP
UNDER THE HEADING CAC TRANSITION INFORMATION.
4. ACTION
A. ID CARD ISSUANCE FACILITY VERIFYING OFFICIALS/SITE
SECURITY MANAGERS: PERSONNEL SHOULD ENSURE THAT
CUSTOMERS ARE MADE AWARE THE TYPE OF CAC BEING ISSUED.
WHILE ULTIMATE RESPONSIBILITY RESIDES WITH THE CAC
HOLDER, ID CARD FACILITY PERSONNEL SHOULD MAKE
THE USER EXPERIENCE AS SEAMLESS AND TROUBLE-FREE
AS POSSIBLE.
B. NMCI USERS:
(1) PRIOR TO VISITING AN ID CARD ISSUANCE FACILITY:
DETERMINE THE VERSION OF ACTIVCLIENT MIDDLEWARE
LOADED ON THE WORKSTATION(S). TO ACCOMPLISH THIS
CLICK ON START, PROGRAMS, ACTIVCARD ACTIVCLIENT,
USER CONSOLE. ONCE THE PROGRAM IS OPEN, CLICK ON
HELP, ABOUT ACTIVCARD ACTIVCLIENT AND THE VERSION
OF THE SOFTWARE WILL BE PROVIDED.
IF THE VERSION IS 6.0, CONTINUE TO THE ID CARD ISSUANCE
FACILITY TO OBTAIN YOUR CAC. IF THE VERSION IS 5.4, CONTACT
THE LOCAL ID CARD ISSUANCE FACILITY TO DETERMINE WHICH TYPE
OF CAC YOU WILL BE ISSUED. IF USERS WILL BE ISSUED A
TRANSITIONAL OR NEXT GENERATION CARD, THEY SHOULD CONTACT
THE NMCI HELPDESK (866-843-6624) AND INDICATE THEY WILL
BE ISSUED A TRANSITIONAL OR NEXT GENERATION CAC. THE
HELPDESK WILL THEN INITIATE A TROUBLE TICKET TO UPGRADE THEIR
WORKSTATION(S) TO ACTIVCLIENT 6.0.
(2) ID CARD ISSUANCE FACILITY SITE LOCATION CONTACT
INFORMATION CAN BE FOUND AT HTTP:(SLASH SLASH)
WWW.DMDC.OSD.MIL/RSL/OWA/HOME (ALL LOWER CASE LETTERS).
CONTACTING THE FACILITY AFTER 1 APRIL SHOULD NOT BE
NECESSARY AS ACTIVCLIENT 6.0 SHOULD BE INSTALLED
THROUGHOUT NMCI DUE TO THE ENTERPRISE ROLLOUT.
(3) PRIOR TO DEPARTING THE ID CARD ISSUANCE FACILITY,
USERS MUST BE AWARE OF THE TYPE CAC THEY RECEIVE.
IN THE EVENT A NMCI TROUBLE TICKET WAS UNABLE TO BE
INITIATED PRIOR TO CAC ISSUANCE, THE USER WILL BE
REQUIRED TO INITIATE A NMCI TROUBLE TICKET, AS
OUTLINED IN PARAGRAPH 4.B(1).
(4) IF REQUIRED FOR HOME USE, CONTACT THE MARINE
CORPS NETWORK OPERATIONS AND SECURITY COMMAND
(MCNOSC) RA OPERATIONS AT (703) 432-0394, DSN: 378-0394,
TO OBTAIN A COPY OF THE ACTIVCLIENT 6.0 MIDDLEWARE.
ADDITIONAL UPGRADE INFORMATION CAN BE FOUND ON THE
NMCI HOMEPORT WEBSITE AT
HTTP:(SLASH SLASH)HOMEPORT.
THIS INFORMATION CAN BE FOUND AT
HTTPS:(SLASH SLASH)HQDOD.HQMC.USMC.MIL/CAC.ASP
UNDER THE HEADING CAC TRANSITION INFORMATION.
C. LEGACY (NON-NMCI) USERS:
(1) PRIOR TO VISITING AN ID CARD ISSUANCE FACILITY,
DETERMINE THE VERSION OF ACTIVCLIENT MIDDLEWARE
LOADED ON THE WORKSTATION(S). TO ACCOMPLISH THIS
CLICK ON START, PROGRAMS, ACTIVCARD ACTIVCLIENT,
USER CONSOLE. ONCE THE PROGRAM IS OPEN, CLICK ON
HELP, ABOUT ACTIVCARD ACTIVCLIENT AND THE VERSION
OF THE SOFTWARE WILL BE PROVIDED.
(2) PRIOR TO DEPARTING THE ID CARD ISSUANCE FACILITY,
USERS MUST BE AWARE OF THE TYPE CAC THEY RECEIVE.
USERS RECEIVING A TRANSITIONAL OR NEXT GENERATION
CAC SHOULD CONTACT MCNOSC RA OPERATIONS AT (703) 432-0394,
DSN: 378-0394. THIS INFORMATION CAN BE FOUND AT
HTTPS:(SLASH SLASH)HQDOD.HQMC.USMC.MIL/CAC.ASP
UNDER THE HEADING CAC TRANSITION INFORMATION.
5. COMMANDERS SHALL ENSURE THIS INFORMATION IS
DISSEMINATED THROUGH WIDEST MEANS, INCLUDING POSTING ON
ORGANIZATIONAL BULLETIN BOARDS.//