[Federal Register Volume 76, Number 1 (Monday, January 3, 2011)]
[Notices]
[Pages 126-127]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-33066]



[[Page 126]]

=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF DEFENSE

Department of the Army


Requirement for Commercial Users To Use Commercial Public Key 
Information (PKI) Certificate

AGENCY: Department of the Army, DoD. Surface Deployment and 
Distribution Command (SDDC).

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: To implement DoD Instruction 8520.2, dated 1 April 2004, SDDC 
will require all commercial accounts accessing transportation systems 
and applications to use a commercial PKI certificate or Transportation 
Workers Identification Credential (TWIC). This requirement will enhance 
the security for

[[Page 127]]

authentication, digital signatures and encryption.

DATES: Effective date: October 1, 2011.

ADDRESSES: Submit comments to SDDC/G6/IMA/TSS, 709 Ward Dr., Bldg 1990, 
Scott AFB, IL 62225 ATTN: ETA Program Manager.

FOR FURTHER INFORMATION CONTACT: ETA Program Manager at 
[email protected]. Technical questions should be addressed to 
the source of certificate.

SUPPLEMENTARY INFORMATION: The Department of Defense (DOD) and the U.S. 
Army are enhancing customer identification security as part of an 
overall program to provide a stronger and more secure authentication 
process for accessing DOD information systems. As of 1 October 2011, 
Surface Deployment and Distribution Command (SDDC) will meet this DOD 
mandate by requiring the use of a digital certificate for industry 
partners requiring access to SDDC information systems. Userid and 
password access will be discontinued on 30 September 2011.
    The External Certification Authority (ECA) program supports the 
issuance of DOD-approved certificates to industry partners and other 
external entities and organizations that conduct business with the DOD. 
The ECA program is designed to provide a mechanism for these entities 
to securely communicate with the DOD and authenticate to DOD 
Information Systems. Additional information can be found at: http://iase.disa.mil/pki/eca/.
    The ECA Certificates can be purchased through three sources: 
VeriSign, Operational Research Consultants (ORC), or Identrust. The 
following URLs provide additional information and links to purchase 
sources:

http://www.identrust.com/index.html
https://www.verisign.com/authentication/government-authentication/DOD-interoperability/index.html
http://www.eca.orc.com/index.html

    This ECA Certificate purchase information is provided as a 
convenience to our industry partners and does not constitute 
endorsement of particular commercial entities by the Surface Deployment 
and Distribution Command, the United States Department of the Army, or 
the Department of Defense. We do not exercise any control over the 
information you may find at these sites or the security of these sites; 
responsibility for such remains with the individual companies 
represented.
    An alternative identification security option is the Transportation 
Worker Identification Credential (TWIC). TWIC requirements and how to 
get a TWIC can be found at the TWIC Web site at: http://www.tsa.gov/public (click on ``what we do'', search ``TWIC'').
    References: Department of Defense Instruction number 8520.2, 1 
April 2004, 4.4 Joint Task Force-Global Network Operations (JTF-GNO) 
Communication Tasking Order (CTO) 07-015 Task 10.
    Miscellaneous: DOD Instruction 8520.2 can be accessed at the 
following Web site: DoD Instruction 8520.2 (http://www.cac.mil/assets/pdfs/DoDD_8520.2.pdf).

Randy Moore, CAPT, USN,
Division Chief, G6, Information Management/CIO.
[FR Doc. 2010-33066 Filed 12-30-10; 8:45 am]
BILLING CODE 3710-08-P