CAC Modernization

What is CAC Modernization, and why do I need to take action?

The Coast Guard will be migrating to a new authentication method in alignment with the Federal government’s use of the Common Access Card (CAC) (DOD/USCG issued photo ID card).  All members of the Coast Guard who possess a CAC need to follow this guidance. The CAC is the Coast Guard’s primary means for authentication to access unclassified networks, information systems, and applications.

Frequently Asked Questions

Updated 10 July 2020

ALCOAST:  119/20 - Common Access Card (CAC) Modernization – CAC Holder Guidance

Relief from Modernizing the Common Access Card - Streamlining Identity and Improving Operational Interoperability May 1, 2020 deadlines​

Any suggestions for additional FAQ’s or notice any errors with the FAQ’s provided, please email HQS-SMB-CG-6812-CyberPortfolio@uscg.mil

Question:  What is CAC Modernization, and why do I need to take action?

Answer:Starting 22 June 2020, the Coast Guard will transition to a new authentication method in alignment with the Federal government’s use of the Common Access Card (CAC) (DOD/USCG issued photo ID card). To prepare for this transition, all personnel must have the new PIV-Auth (Authentication) certificate on their CAC by 31 May 2020. The CAC is the Coast Guard’s primary means for authentication to access unclassified networks, information systems, and applications. This modernization also applies to personnel who possess Auxiliary Logical Access Cards (ALAC) and Volunteer Logical Access Cards (VoLAC).

 

Question:  Do I need to get a new Common Access Card (CAC) or VoLAC?

Answer: No, users without the authentication certificate on their cards were contacted via email and were instructed to follow the instructions provided to update their CAC. As of March 2020, 90% of the Coast Guard already have the authentication certificate on their card.

 

Question:What do I need to do to comply with this requirement?

Answer:  If you were identified as a user without the authentication certificate, then you should have received an email from “CGFIXIT-DoNotReply” with instructions. The link provided in that email directed users to https://www.dcms.uscg.mil/CAC/ to “How to Add the Certificate to your CAC”.

SPECIAL NOTICE: It is preferred that users update their CAC from a CG workstation while connected to the CG network. However, during the COVID-19 pandemic, we understand many users are teleworking.

• VDI Users: Activating the PIV-Auth certificate cannot be performed using VDI. If you have access to a CG issued laptop follow the steps for VPN Users. If using a personal computer with a CAC reader follow the directions below for 'Adding your certificate' starting at step 3.
• VPN Users: If using a CG issued laptop with VPN (Cisco AnyConnect), it is preferred to access the DMDC website before logging into VPN. Follow the steps below:

Adding your certificate:

1. Log into your Coast Guard laptop
2. Once the desktop loads, ensure you are connected to the Internet.
3. Access this link: https://www.dcms.uscg.mil/CAC/
4. Click “How to add the certificate to your CAC” and follow the instructions provided.

 

Question:  How can I verify if I have the PIV Auth (Authentication) certificate on my CAC?

Answer:  Verify by performing the following steps:

1. Click the ^ arrow to open the System Tray (located to the left of the time/date on your desktop).
2. Double click the “ActivClient Agent” icon (looks like a very small CAC reader).
3. Double click the “My Certificates” icon.
4. Multiple certificates are listed here. The “Authentication” certificate is the new certificate everyone must have.

 

Question: I am one of the identified users as needing to add the PIV-Auth certificate. I tried following the instructions, but having trouble. Who can I contact?

Answer:  If you’re having trouble following the instructions provided, submit a CGFIXIT request via the CGFIXIT icon on your desktop and proceed to:

I NEED HELP WITH > MY CAC OR LOGIN > REQUEST NOW > I AM HAVING OTHER CAC ISSUES NOT IDENTIFIED ABOVE.

If unable to log in to a Coast Guard workstation contact the Centralized Service Desk Branch (CSDB) at 1-855-CG-Fixit (1-855-243-4948) (option 1, 1, 3).

 

Question:  What happens if those identified users that do NOT have the PIV-Auth (Authentication) certificate do not update their CACs by 31 MAY 2020?

Answer:  Those users will not be included in the transition (listed below in the following FAQ), and will continue receiving emails instructing them to update their CACs. As of 31 July 2020, those users not using the authentication certificate for logging into workstations, systems, and applications will be non-compliant.

 

Question:  How will I know when to start using the PIV-Auth (Authentication) certificate to log into Coast Guard workstations, systems, and applications?

Answer:  On 22 June 2020, District 1 user accounts were converted to enable the usage of the “Authentication” certificate.  Further user account conversions are postponed, and will commence 08 July 2020 to allow more time for units/offices to update their Multi-Functional Devices (MFDs) i.e. printers/scanners to accept the PIV-Auth (“Authentication”) certificate.

Coast Guard user accounts will automatically transition in a phased approach to enable the usage of the “Authentication” certificate for logging into Coast Guard workstations, unclassified networks, information systems, and applications.

Coast Guard personnel in the geographic regions below will begin using the “Authentication” certificate on this date:

08 July 2020: District 7 & C5ISC Kearneysville (OSC)
13 July 2020: District 8
15 July 2020: District 5
20 July 2020: Districts 9, 11, and 13
22 July 2020: Districts 14, 17 and Base NCR (HQ)

NOTE: User accounts could take up to 24 hours to update from the date listed above. Therefore, users may receive an error message when selecting the “Authentication” certificate while attempting to log into a Coast Guard workstation or accessing applications on the day of their scheduled transition. If this occurs, select the “Email” certificate (the same certificate used today to log into workstations), and continue using the “Email” certificate until this certificate is no longer accepted.

 

Question:  Will I be notified before my user account is transitioned (converted)?

Answer:  Yes, users will receive an email from PIV.Notification@uscg.mil (to include helpful tips) between 48-72 hours prior to your transition (conversion) date.

 

Question:  What happens to those users who have not added the “Authentication” certificate to their CAC before the scheduled transition (conversion) date?

Answer:  More than likely, these users will be excluded from the enterprise conversion.  Those users will be identified and will receive additional emails with further instructions.  The deadline to have all Coast Guard users converted to using the PIV-Auth (“Authentication”) certificate is Friday, 31 JULY 2020.

 

Question:  Does this CAC Modernization also apply to the high-side (SIPRNet)?

Answer:  No, this applies to unclassified (UNCLAS) networks only, so this only impacts a user’s issued CAC (DOD/USCG issued photo ID card).

 

Question:  What happens to my other CAC certificates once I update my CAC with the PIV-Auth (Authentication) certificate?

Answer:  The other certificates in your existing CAC will not disappear. However, new CACs obtained on or after 31 July 2020, will no longer contain the “ID” certificate, and will only contain the “Authentication” (PIV-Auth) certificate for logging into workstations, unclassified networks, information systems, and applications. See below for more details:

 

Question: Will there be changes to how I currently sign emails and sign PDF documents?

Answer: No, updating your CAC certificate will not affect how you sign emails or sign PDF documents. This process will NOT change.

 

Question: Will access to previously sent/received emails that were signed and/or encrypted be impacted?

Answer: No, you will still have access to previously sent/received emails.

 

Question: Will access to VDI or how I use VDI be affected?

Answer:No, the functionality of VDI will remain the same. However, you will begin using the “Authentication” certificate to log into VDI (Horizon Client) the day your user account is converted to enable the use of the “Authentication” certificate.

 

Question: What happens to my access to CGPortal, O365 and other applications/website?

Answer: All Coast Guard systems and applications currently requiring CACs for login must be PIV-Auth (authentication certificate) compliant. However, there may be some systems or applications still being updated to allow for this certificate.

Question:  What certificate do I select when logging into CG workstations, CG-VPN, systems, and applications? 

Answer:  See the various screen shots below:

Logging into a CG Workstation:

1. Click “Sign-in options”
   
2. Select the CAC icon that populates the 16-digit certificate as indicated below.
   

 

Logging in with CG-VPN (remote users only)

 

Logging into CG Portal, systems and application using Internet Explorer or Microsoft Edge web browser

1. Click “More Choices”
   
2. Select “Authentication” certificate, then click OK
   

 

Logging into CG Portal, systems and application using Google Chrome web browser

 

 

Question:  Will I be able to print, scan, or fax after my user account is converted to enable the use of the “Authentication” certificate? 

Answer:  All printers/scanners (i.e. Multi-Functional Devices (MFDs)) require a configuration update to accept the PIV-Auth (“Authentication”) certificate. Your local IT support should be taking action to ensure all MFDs will accept the PIV-Auth (“Authentication”) certificate. 

IT Support Info:  The links to the Time Compliance Technical Order (TCTO) and Configuration Guides are located below:

TCTO:  https://cg.portal.uscg.mil/units/tiscom/Services/TCTO/Multi-Functional_Devices_(MFDs)_Updates_Required_for_CAC_Modernization.pdf

Configuration Guides:  https://cg.portal.uscg.mil/units/tiscom/Services/Guides/CAC_to_PIV_MFD_Config_Guide.pdf

NOTE:  IT Support should be planning the updates to their MFDs on or before their user account conversion date (District dates listed below), or working with their MFD vendors (if necessary) to schedule their updates.  It is NOT preferred to wait until the deadline as users will go longer without access to MFDs.

Coast Guard personnel in the geographic regions below will begin using the “Authentication” certificate on this date:

08 July 2020: District 7 & C5ISC Kearneysville (OSC)
13 July 2020: District 8
15 July 2020: District 5
20 July 2020: Districts 9, 11, and 13
22 July 2020: Districts 14, 17 and Base NCR (HQ)

 

Question:  How is CAC Modernization going to affect my user profile? For instance, do I need to back up my profile to a disk in the event that this change clears out my files in my "Home"/U-drive?

Answer:  This modernization effort will not interfere with your profile, so your files will not be affected.

 

Question:  Is this going to impact permissions/access to certain sites such as AOPS/TMT, FPD, etc?

Answer:  You should not lose permissions/access to CG systems and applications.  Our Service Centers and system owners worked diligently to ensure our networks, systems, and applications are postured to accept the PIV-Auth (Authentication) certificate.

However, there may be external sites (not hosted by the USCG) that may not accept the “Authentication” certificate. If you’re unable to access an internal (USCG) or external system or application after your account is converted to enable the “Authentication” certificate, please email HQS-SMB-CG-6812-CyberPortfolio@uscg.mil and provide details.