Common Access Card (CAC)
A Common Access Card (CAC) is a smart card issued by the U.S. Department of Defense (DoD) that serves as the standard identification credential for active-duty military personnel, reserve and National Guard members, DoD civilian employees, and eligible contractor personnel. It enables physical access to military facilities and secure digital access to DoD systems and networks.
What Is a Common Access Card (CAC)?
A Common Access Card (CAC) is a smart card issued by the U.S. Department of Defense (DoD) that serves as the standard identification credential for active-duty military personnel, reserve and National Guard members, DoD civilian employees, and eligible contractor personnel.
It enables physical access to military facilities and secure digital access to DoD systems and networks.
Key Characteristics of the CAC
Identity Verification
Serves as official DoD identification for authorized personnel.
Physical Access Control
Grants entry to military installations, controlled areas, and secure facilities.
Network Authentication
Provides secure login access to DoD computer systems using two-factor authentication (card + PIN).
Encryption and Digital Signatures
Enables encrypted email communications and legally valid digital signatures for official documents.
Regulatory Framework
CAC issuance and use are governed by:
United States Department of Defense policies
Federal Information Processing Standards 201 (FIPS 201), which establishes Personal Identity Verification (PIV) requirements
DoD identity management directives
Federal cybersecurity compliance requirements
CAC is part of the DoD's Public Key Infrastructure (PKI) framework.
Why the CAC Matters for Contractors
In defense and DoD-related contracts, CAC access is often required for contractor personnel who work onsite at military installations, access classified or controlled unclassified information (CUI), use DoD networks such as NIPRNet, or support operational systems or logistics infrastructure. For defense contractors, CAC compliance directly impacts:
Facility access eligibility
System login authorization
Secure communications
Contract performance continuity
Contractors must ensure personnel are properly sponsored, meet clearance requirements, complete background checks, and maintain valid credentials. Delays in CAC issuance can directly affect project timelines.
For example, if a contractor is awarded a systems integration contract supporting a U.S. military installation, contractor employees must be sponsored in the Defense Enrollment Eligibility Reporting System (DEERS), background investigations must be completed, and CAC credentials must be issued before system access is granted.
Common Misconceptions About the CAC
Only military members need a CAC.
Eligible contractor personnel working on DoD contracts may also require CAC access.
A CAC replaces security clearance.
A CAC provides identification and authentication; security clearance is a separate adjudication process.
CACs never expire.
CACs have expiration dates and must be renewed, typically every three years or upon employment changes.
Frequently Asked Questions
Who qualifies for a CAC?
Active-duty personnel, reserve members, DoD civilians, and eligible contractor personnel sponsored by a DoD organization.
How is a CAC issued?
Through sponsorship and identity verification in DEERS, followed by issuance at a RAPIDS ID card facility.
What happens if a CAC is lost?
It must be reported immediately and revoked to prevent unauthorized access.
Related Government Contracting Topics
Department of Defense (DoD): The federal department responsible for military operations and defense policy.
Federal Information Processing Standards (FIPS) 201: The federal standard governing secure identity credentials.
Cybersecurity Maturity Model Certification (CMMC): A DoD cybersecurity framework for contractors handling controlled information.
Security Clearance: The adjudicated eligibility to access classified information.
Controlled Unclassified Information (CUI): Sensitive information that requires safeguarding but is not classified.
The Common Access Card is a foundational identity and cybersecurity control mechanism within the Department of Defense. For contractors supporting DoD programs, proper CAC management is essential for facility access, secure communications, and compliant contract performance.