CAC
IdentityCommon Access Card -- the US Department of Defense smart card for identification, authentication, and digital signing.
CAC -- Common Access Card
The Common Access Card (CACCACIdentityUS DoD identification smart card.Click to view →) is the standard identification smart card issued by the United States Department of Defense to active-duty military personnel, reserve members, civilian employees, and eligible contractors. Serving as both a physical identification badge and a cryptographic credential, the CAC provides authenticated access to DoD buildings, computer networks, and secure communication systems.
Card Contents
Each CAC contains a dual-interface module with multiple X.509 certificates and RSA 2048-bit key pairs for identity authentication, digital signing, and email encryption. The chip stores the cardholder's personal data, an electronic photograph, and two fingerprint biometric templates for identity verification. The cards EEPROM holds multiple applets including a PIV-compatible applet (for interoperability with federal civilian systems) and a legacy CAC applet that supports the DoD's existing PKI infrastructure.
Security and Certification
CAC cards must meet stringent security requirements. The smart card chips are certified to Common Criteria EAL 5+ or higher, and cryptographic modules carry FIPS 140 Level 2 validation. All cryptographic operations -- key generation, signing, and decryption -- occur within the cards secure element, ensuring private keys never leave the chip boundary. The DoD's PKI hierarchy issues certificates through the DoD Root CA and subordinate CAs, with certificate revocation checking enforced through OCSP or CRL distribution points embedded in each certificate.
Lifecycle and Deployment
The DoD issues approximately 3.5 million CAC cards annually through the Defense Manpower Data Center (DMDC). Cards are personalized at RAPIDS (Real-time Automated Personnel Identification System) sites, where electrical personalization loads cryptographic keys and certificates while graphical personalization prints the cardholder photo, name, rank, and agency affiliation. Each card has a three-year lifecycle, after which re-issuance is required. The CAC middleware (ActivClient or similar) enables integration with Windows smart card login, email clients (S/MIME), and web browsers for CAC-authenticated access to DoD portals.
Related Content
Contact vs Contactless vs Dual-Interface
Getting Started…contact for certain operations), PIV logical-access cards, CAC military credentials. Contactless Cards and ISO 14443…
PKI on Smart Cards
Standards & Protocols…hardware is the foundation of government PIV cards, NATO CAC cards, corporate badge access, and document signing…
Common Criteria for Smart Cards
Security…augmented AVA_VAN.5 (high attack potential) National ID, CAC, PIV EAL6 Semiformally verified design Formal policy model…
Post-Quantum Cryptography for Smart Cards
Security…|| ML-KEM_shared_secret) For smart card PIV and CAC cards, the transition path is: Phase 1 (now) :…
Smart Card Readers and Middleware
Programming…Smart card logon, S/MIME CoolKey / cackey PKCS#11 Linux CAC cards on Linux Yubico PIV Tool PIV-specific CLI All…
PKCS#11 for Smart Cards
Programming…YubiKey 4/5 specific ActivClient Windows US government CAC/PIV middleware Gemalto SafeNet Cross-platform Commercial;…
OpenSC and Open-Source Smart Card Tools
Programming…drivers (e.g. card-piv.c , card-openpgp.c , card-cac.c ). pkcs11-tool — PKCS#11 Operations pkcs11-tool…
Smart Card Web Authentication
Programming…Notes Windows CNG / Minidriver Automatic for PIV, CAC cards macOS Keychain Smart Card Built-in; sc_auth CLI…
Questions fréquemment posées
The smart card glossary is a comprehensive reference of technical terms, acronyms, and concepts used in smart card technology. It covers protocols (APDU, T=0, T=1), security (Common Criteria, EAL, HSM), hardware (SE, EEPROM, contact pad), and applications (EMV, ePassport, eSIM). It serves developers, product managers, and engineers.
Yes. SmartCardFYI provides glossary definitions in 15 languages including English, Korean, Japanese, Chinese, Spanish, Portuguese, Hindi, Arabic, French, Russian, German, Turkish, Vietnamese, Indonesian, and Thai.