Common Access Card (CAC) Security
The CAC—which is roughly the size of a standard credit card—stores 144K of data storage and memory on a single integrated circuit chip (ICC). This CAC technology allows for rapid authentication and enhanced security for all physical and logical access.
CAC and Your Privacy
The CAC meets or exceeds applicable privacy laws and Geneva Convention requirements. More importantly, the data it stores can only be accessed through secure CAC applications. In fact, the information stored on a CAC cannot be accessed without:
To provide additional security, the card is:
Information Stored on a CAC
These cards contain only selected, abbreviated data relating to your work functions or benefits and privileges provided as a uniformed member of the Armed Forces, U.S. Public Health Service, or NOAA, DoD Civilian, or DoD Contractor. Sensitive data such as passwords or highly personal medical information are not contained on your smart card.
Also, effective June 1, 2011, the Social Security Number (SSN) is being replaced on all cards by the DoD Identification Number. Eligible beneficiaries will also have a DoD Benefits Number printed on their ID card. Medical providers have the option of using the SSN or the DoD Benefits Number to validate eligibility and process claims. CACs with the SSN remain valid until replaced.
Card Body Information
Card Bar Code Information
The magnetic stripe is reserved for Service/Agency use.
Only individuals who have authorization to preform normal identification processes and run CAC applications have access to the information on your CAC. For example, if your card contains dental information, only someone who has an authorized application can access and review the data in your dental file. Each application on the CAC is firewalled from the other, and someone who has access to one application does not typically have access to another application.
Each application can be secured with different levels of protection. Some applications can have encrypted levels of security while others may not have any encryption at all. The ability to read a field does not necessarily mean that the person has the ability to alter the information in a file.
You can release your information using your PIN at a Real-Time Automated Personnel Identification System (RAPIDS) sites or facilities using CAC applications. For more about your PIN, read more about keeping your CAC secure.