Defense

Program offering alternatives to CAC could be expanded, Army officials say

Tests of YubiKey tokens and an authenticator app have been encouraging, IT leaders say.

March 2, 2020

YubiKeys. (Yubico)

The Army is optimistic about expanding a pilot program that would give soldiers a new way to log in without using a Common Access Card (CAC).

The pilot, involving about 1,000 people for now, is scheduled to be completed this month, and Army CIO Lt. Gen. Bruce Crawford and others in his office are eager to expand it, according to Michael Payne, deputy project director of Enterprise Services. Most of the participants are soldiers who access training material remotely by logging in with authentication from a physical token or an app.

If the pilot is deemed successful, the Army will purchase more of the USB tokens, called YubiKeys, and expand access to the authenticator app. The program is not designed to replace the CAC, but instead expand access to those who might not have the card or card reader that are needed to authenticate a login credential. Using off-the-shelf YubiKeys could be especially beneficial to members of the National Guard or first responders working with the military during national emergencies. “It is easing the accessibility to those soldiers,” Payne told FedScoop.

The token has been tested longer than the app, but so far each are showing promising results, Payne said.

“They are very interested, we are working very closely with [the Army CIO],” he said.

Users with the YubiKey tokens put them into a USB port, and the token’s unique signal authenticates their other login credentials. For users with the phone app, a unique secure code is generated for them, and they type it in while logging in — much like a text message code that a bank might send to a consumer.

Soldiers — and one day first responders — will be able to use their own phones with the app.

“Multifactor authentication for the Army is a game changer for our Soldiers,” Lee James, project director for Enterprise Services, in a news release. “It allows Soldiers the convenience and capability of conducting business in a secure way from their own devices and on their own time.”

Program offering alternatives to CAC could be expanded, Army officials say

More Like This

MPEs gain momentum for sharing information with allied partners

State Department officials say they’re trying to set the tone globally on AI usage, as lawmakers question if it’s enough

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

Top Stories

CISA unveils guidelines for AI and critical infrastructure

DHS launches safety and security board focused on AI and critical infrastructure

OPM says it has issued generative AI guidance, competency model for AI roles required by Biden order

ACLU seeks AI records from NSA, Defense Department in new lawsuit

IRS touts Direct File usage, while mulling the future of the program

GSA welcomes nominations for advisory committee focused on federal transparency efforts

Security flaws in IRS systems pose risk to financial statements, GAO says

DOJ seeks public input on AI use in criminal justice system

More Scoops

New-era authentication key widens trusted access to federal resources

Yubico replacing FIPS security keys used by feds

Rollout of two-factor authentication begins for .gov registrars

Latest Podcasts

Program offering alternatives to CAC could be expanded, Army officials say

CISA is building an automated ransomware warning program

GSA’s Login.gov platform gets a new director

DOD’s Ashley Elizabeth Evans on effectively implementing AI

Tech

Defense

Cyber

Acquisition