scope:

Purpose:

In accordance with the authority in DoD Directive 5144.02, this issuance:

• Establishes policy, assigns responsibilities, and provides procedures for authenticating person and non-person entities (NPEs) to DoD information systems, including credential management.

• Establishes policy and prescribes procedures for establishing credentials and performing identity authentication of all entities accessing DoD information systems that authenticate themselves to DoD or external entities in accordance with DoD Instruction (DoDI) 8500.01.

• Establishes sensitivity levels to align with risk management requirements as specified in DoDI 8510.01, and establishes credential strengths to better align with identity proofing, credential management, and authentication requirements as specified in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63-3.

• Implements use of hardware public key infrastructure (PKI) certificates such as the personal identity verification (PIV) authentication public key certificate, as defined in the NIST Federal Information Processing Standard (FIPS) 201-2, on the DoD common access card (CAC), as the preferred authenticator for person entities to use when accessing DoD information systems on unclassified networks.

• Provides guidance on using authenticators including hardware and software PKI based, username and password, multi-factor authentication (MFA), and assertions.