CAC, PIV, and Smart Card

December 9, 2011 By 1 Comment

tt twitter big4 CAC, PIV, and Smart Card

When preparing for security exams such as Security+ or SSCP, you should know the differences between a common access card (CAC), a personal identity verification (PIV) card, and a smart card. All three are used for authentication. More specifically, each of them are in the Something You Have factor of authentication.

Users prove their identity with authentication and there are three factors of authentication. They are commonly known as:

  • Something you know, such as a password or PIN
  • Something you have, such as a smart card, CAC, PIV, or RSA token
  • Something you are, using biometrics

Now Available
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide CAC, PIV, and Smart Card

Smart Card

A smart card is a credit card sized card that has an embedded microchip and one or more certificates. The information on the card identifies the user and the certificate also includes the user’s private key used for asymmetric cryptography.

Users are often required to enter a personal identification number (PIN) along with the smart card. Using a smart card (something you have) and a PIN (something you know) provides multifactor authentication. Combining two or more factors of authentication is more secure than using only a single factor.

Both a CAC and PIV provide the same benefits of a smart card, but also include photo identification.

CAC

A common access card (CAC) is a smart card used by employees and other personnel in the United States Department of Defense (DoD). A CAC includes a picture of the user along with other information such as their name. DoD employees wear the CAC as a badge and can show it to guards to prove their identity. They can also use it as a smart card to log onto systems.

PIV

A personal identity verification (PIV) card is also a specialized type of smart card used by personnel in United States federal agencies. Just as a CAC does, the PIV card includes a picture of the user along with their name. A PIV can be used for visual verification of users, and then as a smart card when users log onto their computer.

Benefits of Smart Card, CAC, and PIV

Each of these provide some specific benefits worth emphasizing. They are:

  • Authentication. A basic purpose is to allow users to prove their identity.
  • Confidentiality. The certificate can be used with asymmetric cryptography to ensure confidentiality of data.
  • Integrity. The certificate can also be used with digital signatures and provide integrity for the message.
  • Non-repudiation. In addition to providing integrity, a digital signature also provides integrity.

Security+ Practice Test Question

Q. Which of the following includes a photo and can be used for identification?

A. MAC

B. DAC

C. RBAC

D. CAC

Answer below

 

Security+ Practice Question Answer: D

A common access card (CAC) includes a picture used for identification and can also be used as a smart card. While not included in the answers, a personal identity verification (PIV) card also includes a picture and can be used as a smart card. A media access control (MAC) address is assigned to a network interface card or wireless network adapter. Discretionary access control (DAC) is an access control model; Microsoft’s NTFS uses DAC. Role based access control (RBAC) is an access control model; RBAC uses roles or groups and users are placed into a role or group based on their assigned jobs.

Filed Under: Security+, SSCP Tagged With: , , , , ,

About Darril
Darril Gibson has authored or coauthored more than a dozen books and contributed as a technical editor to many more. He holds many current IT certifications and actively teaches, writes, and consults on a wide variety of IT topics including CompTIA Security+.

Comments

Trackbacks

  1. Identification, Authentication, and Authorization says:
    December 26, 2011 at 4:04 am

    [...] you have, such as a smart card, CAC, PIV, or RSA [...]

    Reply

Speak Your Mind

*