(a) The USD(P&R) shall:
(1) Oversee implementation of the procedures within this part.
(2) Establish overall policy and procedures for the issuance of ID cards to members of the uniformed services, their dependents, and other eligible individuals.
(3) Establish minimum acceptable criteria for establishment and confirmation of personal identity, policy for the issuance of the DoD enterprise personnel identity credentials, and approve of additional systems under the PIP Program in accordance with DoD Instruction 1000.25.
(4) Act as the Principal Staff Assistant (PSA) for the DEERS, the RAPIDS, and the Personnel Identity Protection (PIP) Program in accordance with DoD Instruction 1000.25.
(5) Maintain the DEERS data system in support of the Department of Defense in accordance with applicable law and directives.
(6) Develop and field the required RAPIDS infrastructure and all elements of field support to issue ID cards including but not limited to software distribution, hardware procurement and installation, on-site and depot-level hardware maintenance, on-site and Web-based user training and central telephone center support, and telecommunications engineering and network control center assistance.
(7) In coordination with the Under Secretary of Defense for Intelligence (USD(I)), the Under Secretary of Defense for Acquisition, Technology, and Logistics (USD(AT&L)), and the DoD Chief Information Officer (DoD CIO) establish policy and oversight for CAC life-cycle compliance with FIPS Publication 201-2.
(8) Establish procedures that will uniquely identify personnel with specific associations with the Department of Defense and maintain the integrity of the unique personnel identifier in coordination with the DoD Components in accordance with DoD Directive 8320.03, “Unique Identification (UID) Standards for a Net-Centric Department of Defense” (available at http://www.dtic.mil/whs/directives/corres/pdf/832003p.pdf).
(b) The Assistant Secretary of Defense for Reserve Affairs (ASD(RA)), under the authority, direction, and control of the USD(P&R), shall develop policies and establish guidance for the National Guard and Reserve Component communities that affect benefits, entitlements, identity, and ID cards.
(c) The Deputy Assistant Secretary of Defense for Military Community and Family Policy (DASD(MC&FP)), under the authority, direction, and control of the USD(P&R), shall develop policy and procedures to determine eligibility for access to DoD programs for MWR; commissaries; exchanges; lodging; children and youth; DoD schools; family support; voluntary and post-secondary education; and other military community and family benefits that affect identity and ID cards.
(d) The Director, Defense Human Resources Activity (DHRA), under the authority, direction, and control of the USD(P&R) and in addition to the responsibilities in paragraph (h) of this section, shall, in accordance with DoD Instruction 1000.25:
(1) Develop policies and procedures for the oversight, funding, personnel staffing, direction, and functional management of the PIP Program.
(2) Coordinate with the Principal Under Secretary of Defense for Health Affairs (ASD(HA)), and the ASD(RA) on changes to enrollment and eligibility policy and procedures pertaining to personnel, medical, and dental issues that affect the PIP Program.
(3) Develop policies and procedures to support the functional requirements of the PIP Program, DEERS, and the DEERS client applications.
(4) Secure funding in support of new requirements to support the PIP Program or the enrollment and eligibility functions of DEERS and RAPIDS.
(5) Approve the addition or elimination of population categories eligible for ID cards in accordance with applicable law.
(6) Establish the type and form of ID card issued to eligible populations categories and administer pilot programs to determine the suitable form of ID card for newly identified populations.
(7) Determines and maintains a list of forms of documentation that are acceptable for the purpose of eligibility verification, in accordance with applicable law.
(8) Through the Director, Defense Manpower Data Center:
(i) Provides and maintains training on the examination and inspection of documentation for the purpose of eligibility verification for DEERS enrollment, record management, and ID card issuance.
(ii) Supports and maintains the development of automated data feeds to DEERS that serve as authoritative eligibility sources for applicable DoD ID card-eligible personnel.
(iii) Supports and maintains the development of the Real-time Automated Personnel Identification System (RAPIDS) as the application used to incorporate and collect eligibility documentation.
(e) The USD(AT&L) shall:
(1) Update the Defense Federal Acquisition Regulation Supplement (DFARS), current edition (available at http://www.acq.osd.mil/dpap/dars/dfarspgi/current/index.html) to support requirements for CAC and Homeland Security Presidential Directive 12 for contracts.
(2) Ensure that the requirement for contractors to return CACs at the completion or termination of each individual's support on a specific contract is included in all applicable contracts.
(f) The USD(I) shall:
(1) Establish policy for the use of DoD issued ID cards for physical access purposes in accordance with DoD 5200.08-R, “Physical Security Program” (available at http://www.dtic.mil/whs/directives/corres/pdf/520008r.pdf).
(2) Establish policy for military, civilian, and contractor employee background investigation, submission, and adjudication across the Department of Defense, in compliance with Homeland Security Presidential Directive 12 and Office of Personnel Management Memorandum, “Final Credentialing Standards for Issuing Personal Identity Verification (PIV) Cards Under HSPD-12” (available at http://www.opm.gov/investigate/resources/final_credentialing_standards.pdf).
(g) The DoD CIO shall:
(1) In coordination with the USD(I), USD(P&R), and USD(AT&L), establish policy and oversight for CAC life-cycle compliance with Federal Information Processing Standards Publication 201-1.
(2) Provide guidance regarding the use of DoD and non-DoD identification credentials on DoD information systems, including the Federal PIV cards, for authenticating to DoD network accounts and DoD private Web sites.
(3) Ensure that the DoD Public Key Infrastructure (PKI) conforms to all applicable FIPS to the greatest extent possible.
(h) The OSD and DoD Component heads other than the Secretaries of the Military Departments, shall:
(1) Develop and implement Component-level procedures for DoD directed policies and statutory requirements to support benefits eligibility through DEERS.
(2) Develop and implement Component-level ID card life-cycle procedures to comply with the provisions of this Instruction.
(3) Ensure all DoD employees, uniformed service members, and all other eligible CAC applicants, including contractor employees and other affiliate CAC applicants, have met the background investigation requirements referenced in paragraph (a)(3) of § 161.6 of this part prior to approving CAC sponsorship and registration. Background investigation status must be verified and documented by the sponsor or sponsoring organization in conjunction with application for CAC issuance.
(4) Establish processes and procedures as part of the normal check-in and check-out process for collection of the CAC for all categories of DoD personnel and contractor employees when there is a separation, retirement, termination, contract termination or expiration, or CAC revocation. Since CACs contain personally identifiable information (PII), they shall be treated and controlled in accordance with 32 CFR part 310, and DoD 5200.1-M, Volume 4, “DoD Information Security Program: Controlled Unclassified Information (CUI)” (available at http://www.dtic.mil/whs/directives/corres/pdf/520001_vol4.pdf). CACs shall be returned to any RAPIDS issuance location for proper disposal in a timely manner once surrendered by the CAC holder.
(5) Provide appropriate space and staffing for all DoD ID card issuing operations, as well as reliable telecommunications to and from the Defense Information Systems Agency managed Non-Classified Internet Protocol Router Network.
(6) Provide funding for CAC cardstock, printer consumables, and electromagnetically opaque sleeves to Defense Manpower Data Center (DMDC).
(7) Protect cardstock and consumables in accordance with the guidelines and standards issued and maintained by DMDC.
(8) In accordance with FIPS Publication 201-2, provide electromagnetic opaque sleeves or other comparable technologies to protect against any unauthorized contactless access to the cardholder unique identification number stored on the CAC.
(9) Manage the distribution and locations of CAC personal identification number (PIN) reset workstations.
(10) To the maximum extent possible, and in accordance with DoD Components' designated accrediting authority guidelines, ensure networked workstations are properly configured and available for CAC holders to use the User Maintenance Portal-Post Issuance Portal (UMP-PIP) service.
(11) Oversee supervision of TASS TAs and TA security managers and ensure the number of contractors overseen by any TA is manageable.
(12) Comply with the provisions of this part and provide timely and accurate support to the provisions of this part.
(13) Ensure that the policies and procedures in subpart D of this part are implemented to protect the privacy of individuals in the collection, use, maintenance, and dissemination of personally identifiable information, in accordance with 32 CFR part 310.
(i) The Secretaries of the Military Departments; Director, Division of Commissioned Corps Personnel and Readiness, USPHS; and Administrator, NOAA, shall:
(1) Appoint project officers from a level that represents the Service position of the active, National Guard, and Reserve Components for personnel policy to serve on the Joint Uniformed Services Personnel Advisory Committee.
(2) Comply with the provisions of this part and other related policy and procedural guidance from the Department of Defense.
(3) Coordinate with the Director, DoDHRA, through the Joint Uniformed Services Personnel Advisory Committee, to determine if the list of acceptable eligibility documentation needs to be amended to add new documents or remove outdated documents.
(4) Ensure that the policies and procedures in this subpart are implemented to protect the privacy of individuals in the collection, use, maintenance, and dissemination of personally identifiable information, in accordance with 32 CFR part 310.
[79 FR 709, Jan. 6, 2014, as amended at 81 FR 74878, Oct. 27, 2016]