Lost Your CAC Card? Prove It, Says the Pentagon

Two airmen processing CACs at RAF Mildenhall

In a new rule, DOD will require troops and employees wanting a replacement ID to provide certified proof that they lost their common access card. By Aliya Sternstein

Starting this spring, Pentagon personnel attempting to obtain replacement identification cards will be required to present documentation verifying theirs have been taken or misplaced, according to Defense Department officials. 

Showing proof of the need for a duplicate “common access card” currently is optional. 

“Beginning in late March [or] early April of this year, we are going to begin fully enforcing current common access card policy, which will require individuals to bring supporting documentation if they have had their ID cards lost or stolen,” said Sam Yousef, a Pentagon program manager for ID and benefits policy. “If you have your card lost or stolen, you should work with your local security office or the individual sponsoring you for that ID card.”

The certification must appear on Defense component letterhead and explain why the CAC card went missing, he added. 

If the card has been stolen,” Yousef said, “they may also bring in the police report that accounts for that.”

CAC cards permit authorized civilian and military employees to access military networks and facilities.

Officials made no mention of recent unauthorized use of Pentagon credentials, such as the case of Aaron Alexis, who reportedly had a card that allowed him access to the Navy Yard but not to the office building where he later opened fire, killing 12 people. 

Lawmakers have urged overhauling the procedures and policies for acquiring security clearances, which allow personnel to obtain CAC cards.  A House Oversight and Government Reform Committee staff report released the same day noted that Alexis used “a valid Common Access Card” to enter the facility. 

Yousef described the new mandate as an additional security precaution and a way to prevent people from replacing their cards merely for convenience.

It creates better awareness with our local security offices [and] our individuals that are sponsoring our contractors for common access cards,” he said. “So this way, they have full oversight if someone is losing multiple ID cards.”

Yousef said that most card issuing locations have been requiring certification already for quite some time.

The supporting documentation will be scanned and stored in the Defense Enrollment Eligibility Reporting System.

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.