Re: [Fed-Talk] DISA to test mobile ID, replacement for CAC
Re: [Fed-Talk] DISA to test mobile ID, replacement for CAC
- Subject: Re: [Fed-Talk] DISA to test mobile ID, replacement for CAC
- From: "Martin, Robert A." <email@hidden>
- Date: Wed, 16 Apr 2014 07:45:50 -0400
Dan,
Saw the same article and its very misleading.
It is my understanding that this is not a replacement for CAC but rather
DoD is experimenting on using the CAC issuance infrastructure to
trustably place a credential derived from your CAC on mobile devices so
they can use the derived credential instead of the actual CAC for
authentication in the mobile space.
This would only be for mobile devices that have a "trustable storage"
capability for such a cert. It is my understanding that the trustable
storage would be TEE/TPM based.
The point being to no longer need CAC readers/sleds for each device -
instead you'll use the derived credential from your CAC that was placed
on your mobile device.
Bob
On 4/15/14, 7:17 PM, Dan O'Donnell wrote:
DISA has apparently announced the start of testing on a replacement or
supplement for CAC.
http://www.c4isrnet.com/article/M5/20140409/C4ISRNET07/304090032/DISA-tests-move-away-from-CAC
One month ago, the National Institute for Standards and Technology
released draft guidance for government agencies looking to institute
derived credentials, *which store security certificates directly on
a device instead of through a separate piece* – in the case of DoD, the
CAC. NIST’s guidelines for derived credentials outline the use of
secure, standards-based public-key infrastructure (PKI) credentials that
use digital tokens instead of a physical card reader.
“We’ve gotten huge benefits from the PKI infrastructure in DoD and the
CAC has carried us a long way; we're now doing a similar thing on
SIPRNet,” said Mark Orndorff, DISA chief information
assurance executive. “So our main effort in mobility is to bring that
technology into the mobile platform, and the way I see it, the key is
the derived credential and using the capabilities that the leading-level
device vendors have built in to their platforms so we can bring our
certificate into their devices.”
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden