DoD to implement department-wide PKI by 31 July

The U.S. Department of Defense (DoD) is accelerating the pace of installing public key infrastructure (PKI) throughout the department. The deadline is 31 July 2006. The Joint Task Force-Global Network Operations (JTF-GNO) on 17 January directed DoD to accelerate implementation of PKI and public-key enabling for user authentication, digital signatures, and encryption on all of its desktops, servers, and laptops. JTF-GNO, which reports to the Strategic Command, is responsible for operating and protecting the Global Information Grid, the core of network-centric warfare, intelligence, and business operations.

According to a JTF-GNO memo issued in December, DoD has revised the schedule for PKI implementation, which will require 100 percent use of smart cards to log on to the Non-Classified IP Router Network by 31 July. DoD issued Directive 8520.2 in April 2004, establishing policy, assigning responsibilities, and prescribing procedures for developing and implementing a DoD-wide PKI. The directive did not specify when the services had to fully implement the technology, but the 17 January directive resolves this issue.

To examine its security status, DoD had an “information assurance stand-down day” in late November. As part of the stand-down, all the services and military agencies to verify their user accounts. The results: Between 10 percent and 20 percent of all DoD accounts were either expired, unauthorized, or had higher access than the users qualified for.

-read more in this report