The Department of War has issued new guidance expanding approved login options beyond the Common Access Card, allowing alternative authentication methods when CAC use is impractical or infeasible, Federal News Network reported Friday.
The policy is outlined in a recent memorandum titled “Multi-Factor Authentication (MFA) for Unclassified & Secret DoD Networks.” This clarifies when users may access War Department systems without CAC or public key infrastructure credentials and identifies approved non-PKI authentication tools by system risk level and use case.
Table of Contents
What Does the New Memo Change?
The memo formalizes the use of non-CAC, non-PKI multi-factor authentication across a defined set of scenarios, addressing long-standing ambiguity around which login technologies are authorized and when they may be used.
According to the guidance, the CAC remains the department’s primary credential, but alternative authenticators may be used for limited access scenarios, particularly when users do not yet have CACs or cannot reasonably use one.
The policy also acknowledges newer authentication technologies, including Fast Identity One-based passkeys, and provides direction on how such tools should be protected and deployed.
Who Can Use Non-CAC Authentication?
The memo highlights several practical use cases, including:
- Early-stage recruits, who may access limited DOW resources using basic login methods.
- Low-risk training environments, where employees, contractors and partners without CACs may authenticate using DOW-approved non-PKI MFA after identity verification.
The department identified more than 20 approved use cases, noting the list will evolve as mission needs and technologies change.
How Does the CAC Memo Align With Existing DOW Access Policy?
The update builds on prior access management guidance issued by the DOW Office of the Chief Information Officer, which established department-wide policy for managing access to IT systems and identity, credential and access management platforms.
Notably, the new memo does not require phishing-resistant authenticators, even as Congress and federal cyber leaders continue to push the department to phase out vulnerable login methods.
Related Articles
The U.S. Air Force has designated Northrop Grumman’s semi-autonomous prototype aircraft, Project Talon, as YFQ-48A as part of the Collaborative Combat Aircraft program, DVIDS reported. According to the report, the Mission Design Series, or MDS, designation reflects the service branch’s commitment to rapidly deliver new capabilities to warfighters. “We are encouraged by Northrop Grumman’s continued investment in developing advanced semi-autonomous capabilities,” said Brig. Gen. Jason Voorheis, program executive officer for fighters and advanced aircraft. “Their approach aligns with our strategy to foster competition, drive industry innovation and deliver cutting-edge technology at speed and scale.” Get the latest business opportunities in
Juliane Gallina, a two-time Wash100 Award winner, has joined the Arlington, Va.-based Lavrock Ventures as a partner after 12 years at the CIA in two tours. Who Is Juliane Gallina? Gallina is a veteran intelligence and national security professional. In addition to most recently serving as deputy director for digital innovation at the CIA, she also served as associate deputy director for digital innovation and a dual-hatted role as chief information officer and director of information technology enterprise. Prior to joining the CIA, Gallina was vice president of federal key accounts at IBM. She began her federal career as a cryptologic officer in the
The Food and Drug Administration is exploring a new federal contracting structure that aims to provide venture capital-backed startups with a more direct pathway to compete for agency work related to public health innovation. Through a newly-issued request for information, venture capital firms are invited to comment on the proposed contract vehicle that would allow companies within an approved portfolio to compete for task orders supporting FDA missions, the agency said on Dec. 19. The approach is designed to reduce reliance on traditional prime contractors and speed access to emerging technologies. Federal healthcare agencies are navigating major shifts in technology,