Back to Glossary
Security

Common Access Card(CAC)

The standard smart card identification credential for DoD personnel and eligible contractors, providing physical and logical access to facilities and networks.

Overview

The Common Access Card (CAC) is a credit-card-sized smart card issued by the Department of Defense to active-duty military, civilian employees, and eligible contractor personnel. It serves as the primary identification credential for physical access to installations and buildings, and for logical access to DoD computer networks, email, and secure websites through embedded PKI certificates.

Why It Matters in GovCon

Contractors working on DoD contracts frequently require CAC cards to access military facilities, DoD networks, and secure systems. The CAC issuance process requires background investigation adjudication and sponsorship by a government organization, which can take weeks to months — a timeline that must be factored into project planning and staffing.

Key Details

  • PKI Certificates: Each CAC contains digital certificates for identity authentication, email encryption, and digital signatures.
  • Eligibility: Contractors must be sponsored by a DoD organization and have a favorable background investigation (typically NACI or Tier 1).
  • DEERS: CAC holders are registered in the Defense Enrollment Eligibility Reporting System.
  • Expiration: CACs typically expire after three years or when the contract or affiliation ends, whichever comes first.
  • Alternatives: Non-DoD agencies use PIV (Personal Identity Verification) cards under HSPD-12 for similar purposes.

Related Terms

  • Personal Identity Verification (PIV)
  • HSPD-12
  • Security Clearance
  • Defense Information Systems Agency (DISA)

More Security Terms

Contracting Officer (CO)

The government official with the authority to enter into, administer, and terminate contracts on behalf of the U.S. government.

Contracting Officer's Representative (COR)

A government employee designated by the contracting officer to monitor contractor performance and serve as the technical point of contact.

Federal Information Security Management Act (FISMA)

Federal law establishing a framework for securing federal information systems and protecting government data.

FedRAMP

A government-wide program that provides a standardized approach to security assessment and authorization for cloud services.

For Official Use Only (FOUO)

A sensitivity designation for unclassified information that requires protection from unauthorized disclosure.

Identity and Access Management (IAM)

Policies and technologies that control who can access systems and data and what they can do.

Ready to Win More Contracts?

Use GovCon Data to find opportunities matched to your business and generate winning proposals with AI.

Start Free TrialBrowse Glossary