This is an unofficial resource. For the official MARADMINs site, visit marines.mil
M
Back to MARADMINs
MARADMIN 063/07

Software Incompatibility with Regard to the Fielding of the Next Generation Common Access Card (CAC)

This MARADMIN addresses software incompatibility issues related to the fielding of next generation Common Access Cards (CAC). The Department of Defense is transitioning from current CACs to transitional and next generation CACs between January 18, 2007 and October 28, 2007, but existing ActivClient 5.4 middleware on NMCI workstations cannot read the new cards. All DOD personnel (including government civilians and contractors) who obtain new CACs during normal business must ensure their workstations are upgraded to ActivClient 6.0 to maintain access to systems.

Issued: January 31, 2007
TechnologyAnnouncements
1. BACKGROUND. IN ORDER TO MEET THE 
PROVISIONS OF REF A, THE DOD WILL BEGIN FIELDING 
THE NEXT GENERATION CAC TO ALL ID CARD ISSUANCE 
FACILITIES. AS THE CURRENT CAC IS PHASED OUT, 
THERE WILL BE TWO NEW TYPES OF CACS FIELDED; THE 
TRANSITIONAL AND THE NEXT GENERATION. THE 
DELIVERY OF THE TRANSITIONAL CAC TO ID CARD 
FACILITIES BEGAN ON 18 JANUARY AND WILL CONTINUE 
UNTIL 28 OCT 2007 WHEN ONLY NEXT GENERATION CARDS 
WILL BE ISSUED. DURING THE TRANSITIONAL PERIOD, 
PERSONNEL VISITING AN ID CARD ISSUANCE FACILITY 
WILL BE PROVIDED WITH ONE OF THREE TYPES OF CAC: 
CURRENT, TRANSITIONAL OR NEXT GENERATION. WITHIN THE 
NAVY AND MARINE CORPS INTRANET (NMCI) THERE EXISTS 
THE POTENTIAL PROBLEM THAT SOFTWARE ON INDIVIDUAL 
WORKSTATIONS REQUIRED TO READ THE PKI CERTIFICATES 
ON THE CAC IS INCAPABLE OF READING THE 
TRANSITIONAL AND NEXT GENERATION CACS.
2. SCOPE. THIS MESSAGE APPLIES TO ALL DOD PERSONNEL 
(TO INCLUDE GOVERNMENT CIVILIANS AND CONTRACTORS) 
THAT OBTAIN A NEW CAC THROUGH THE NORMAL COURSE OF 
BUSINESS (I.E. EXPIRATION, PROMOTION, LOST CARD ETC.). 
THIS MARADMIN IS NOT DIRECTING ALL USERS TO OBTAIN 
NEW CACS.
3. INFORMATION 
A. AS OF 31 DEC 2006, ALL NMCI WORKSTATIONS UTILIZE 
ACTIVCLIENT 5.4 MIDDLEWARE. THIS SOFTWARE READS THE 
PKI CERTIFICATES FROM A CAC, WHICH IN TURN ALLOWS THE 
USER TO PERFORM CRYPTOGRAPHIC LOGON (CLO) TO THEIR 
WORKSTATION(S), SIGN/ENCRYPT EMAIL OR ACCESS DOD PK 
ENABLED WEBSITES. THIS VERSION OF ACTIVCLIENT ONLY 
WORKS WITH THE CURRENT CAC. VERSION 5.4 DOES NOT 
SUPPORT THE TRANSITIONAL OR NEXT GENERATION 
VERSIONS OF THE CAC. 
B. ACTIVCLIENT 6.0 IS REQUIRED TO BE INSTALLED ON 
INDIVIDUAL WORKSTATIONS IN ORDER TO READ THE 
TRANSITIONAL AND NEXT GENERATION CACS. NMCI 
HAS PROPOSED AN ENTERPRISE ROLLOUT SCHEDULE OF 
ACTIVCLIENT 6.0 BEGINNING IN EARLY FEBRUARY 2007, 
WITH AN ESTIMATED COMPLETION DATE OF 1 APRIL 2007. 
C. NMCI USERS HOLDING A CAC NOT SUPPORTED BY THE 
WORKSTATIONS MIDDLEWARE CANNOT PERFORM CLO, CANNOT 
DIGITALLY SIGN/ENCRYPT EMAIL AND ARE UNABLE TO ACCESS 
PKI ENABLED WEBSITES. USERS RECEIVING EITHER THE 
TRANSITIONAL OR NEXT GENERATION CAC, BUT HAVE 
YET TO HAVE THEIR WORKSTATION(S) UPDATED WITH 
ACTIVCLIENT 6.0, NEED TO FOLLOW INSTRUCTIONS IN 
PARAGRAPH 4B FOR NMCI USERS AND 4C FOR NON-NMCI USERS.
D. THE TRANSITIONAL CARD LOOKS THE SAME AS THE CURRENT 
CARD WITH ONE MINOR DIFFERENCE: ON THE BACK OF THE CARD, 
ABOVE THE MAGSTRIPE IN THE UPPER LEFT-HAND CORNER, THE 
MANUFACTURER NAME WILL READ EITHER GEMALTO ACCESS OR 
OBERTHUR ID ONE V5.2. 
E. THE NEXT GENERATION CAC HAS A DIFFERENT 
PHYSICAL LAYOUT MAKING IT EASILY DISTINGUISHABLE 
FROM THE CURRENT AND TRANSITIONAL CACS. 
THESE DIFFERENCES CAN BE VIEWED ON THE DOD CAC 
WEBSITE AT: HTTPS:(SLASH SLASH)WWW.CAC.MIL. 
F. IN ORDER TO ASSIST IN DETERMINING WHICH TYPE 
CAC MAY BE ISSUED, HQMC, C4 IA WILL POST INFORMATION 
AS TO WHEN EACH ID CARD ISSUANCE FACILITY WILL BE 
PROVIDED WITH TRANSITIONAL AND NEXT GENERATION CACS. 
THIS INFORMATION CAN BE FOUND AT 
HTTPS:(SLASH SLASH)HQDOD.HQMC.USMC.MIL/CAC.ASP 
UNDER THE HEADING CAC TRANSITION INFORMATION.
4. ACTION
A. ID CARD ISSUANCE FACILITY VERIFYING OFFICIALS/SITE 
SECURITY MANAGERS: PERSONNEL SHOULD ENSURE THAT 
CUSTOMERS ARE MADE AWARE THE TYPE OF CAC BEING ISSUED. 
WHILE ULTIMATE RESPONSIBILITY RESIDES WITH THE CAC 
HOLDER, ID CARD FACILITY PERSONNEL SHOULD MAKE 
THE USER EXPERIENCE AS SEAMLESS AND TROUBLE-FREE 
AS POSSIBLE.
B. NMCI USERS: 
(1) PRIOR TO VISITING AN ID CARD ISSUANCE FACILITY:
DETERMINE THE VERSION OF ACTIVCLIENT MIDDLEWARE 
LOADED ON THE WORKSTATION(S). TO ACCOMPLISH THIS 
CLICK ON START, PROGRAMS, ACTIVCARD ACTIVCLIENT,
USER CONSOLE. ONCE THE PROGRAM IS OPEN, CLICK ON
HELP, ABOUT ACTIVCARD ACTIVCLIENT AND THE VERSION 
OF THE SOFTWARE WILL BE PROVIDED. 
IF THE VERSION IS 6.0, CONTINUE TO THE ID CARD ISSUANCE 
FACILITY TO OBTAIN YOUR CAC. IF THE VERSION IS 5.4, CONTACT 
THE LOCAL ID CARD ISSUANCE FACILITY TO DETERMINE WHICH TYPE 
OF CAC YOU WILL BE ISSUED. IF USERS WILL BE ISSUED A 
TRANSITIONAL OR NEXT GENERATION CARD, THEY SHOULD CONTACT 
THE NMCI HELPDESK (866-843-6624) AND INDICATE THEY WILL 
BE ISSUED A TRANSITIONAL OR NEXT GENERATION CAC. THE 
HELPDESK WILL THEN INITIATE A TROUBLE TICKET TO UPGRADE THEIR
WORKSTATION(S) TO ACTIVCLIENT 6.0. 
(2) ID CARD ISSUANCE FACILITY SITE LOCATION CONTACT 
INFORMATION CAN BE FOUND AT HTTP:(SLASH SLASH)
WWW.DMDC.OSD.MIL/RSL/OWA/HOME (ALL LOWER CASE LETTERS). 
CONTACTING THE FACILITY AFTER 1 APRIL SHOULD NOT BE 
NECESSARY AS ACTIVCLIENT 6.0 SHOULD BE INSTALLED 
THROUGHOUT NMCI DUE TO THE ENTERPRISE ROLLOUT. 
(3) PRIOR TO DEPARTING THE ID CARD ISSUANCE FACILITY, 
USERS MUST BE AWARE OF THE TYPE CAC THEY RECEIVE. 
IN THE EVENT A NMCI TROUBLE TICKET WAS UNABLE TO BE 
INITIATED PRIOR TO CAC ISSUANCE, THE USER WILL BE 
REQUIRED TO INITIATE A NMCI TROUBLE TICKET, AS 
OUTLINED IN PARAGRAPH 4.B(1).
(4) IF REQUIRED FOR HOME USE, CONTACT THE MARINE 
CORPS NETWORK OPERATIONS AND SECURITY COMMAND 
(MCNOSC) RA OPERATIONS AT (703) 432-0394, DSN: 378-0394, 
TO OBTAIN A COPY OF THE ACTIVCLIENT 6.0 MIDDLEWARE. 
ADDITIONAL UPGRADE INFORMATION CAN BE FOUND ON THE
NMCI HOMEPORT WEBSITE AT 
HTTP:(SLASH SLASH)HOMEPORT. 
THIS INFORMATION CAN BE FOUND AT 
HTTPS:(SLASH SLASH)HQDOD.HQMC.USMC.MIL/CAC.ASP 
UNDER THE HEADING CAC TRANSITION INFORMATION.
C. LEGACY (NON-NMCI) USERS: 
(1) PRIOR TO VISITING AN ID CARD ISSUANCE FACILITY, 
DETERMINE THE VERSION OF ACTIVCLIENT MIDDLEWARE 
LOADED ON THE WORKSTATION(S). TO ACCOMPLISH THIS 
CLICK ON START, PROGRAMS, ACTIVCARD ACTIVCLIENT, 
USER CONSOLE. ONCE THE PROGRAM IS OPEN, CLICK ON 
HELP, ABOUT ACTIVCARD ACTIVCLIENT AND THE VERSION 
OF THE SOFTWARE WILL BE PROVIDED. 
(2) PRIOR TO DEPARTING THE ID CARD ISSUANCE FACILITY, 
USERS MUST BE AWARE OF THE TYPE CAC THEY RECEIVE. 
USERS RECEIVING A TRANSITIONAL OR NEXT GENERATION 
CAC SHOULD CONTACT MCNOSC RA OPERATIONS AT (703) 432-0394, 
DSN: 378-0394. THIS INFORMATION CAN BE FOUND AT 
HTTPS:(SLASH SLASH)HQDOD.HQMC.USMC.MIL/CAC.ASP 
UNDER THE HEADING CAC TRANSITION INFORMATION.
5. COMMANDERS SHALL ENSURE THIS INFORMATION IS 
DISSEMINATED THROUGH WIDEST MEANS, INCLUDING POSTING ON
ORGANIZATIONAL BULLETIN BOARDS.