Thursday, March 15, 2012

HSPD-12 and Active Directory Domains -Documents Updated

Microsoft has updated their documentation regarding HSPD-12 Logical Access Authentication and Active Directory Domains

These documents are probably going to be more valuable to those that support federal customers in the US but they are a good read for anyone planning to deploy smart cards in their environment.

For those not familiar with HSPD-12 in a nut shell it is a mandate for federal organizations to issue common ID/Smart cards to their users.  This comes into play in the Active Directory arena as the cards are used for login using two-factor authentication/smart card login.  The two-factors in this case are:

  • Something the user has - the smart card
  • Something the user knows - PIN

Everyone has seen this referenced in the Account tab of a user in AD Users & Computers.



Those in the military or who have supported US Military customers will hear the term CAC Card used for their smart cards. Those supporting civilian agencies/.gov will hear the term PIV Card for their smart cards.

You can get the updated Microsoft documentation here:

Kurt Hudson has a good quote about the documents on the Windows PKI Blog

Included within this document are detailed steps to configure Windows Server 2008 R2 Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), Windows® 7, and Microsoft® Office 2010 to perform traditional UPN based smart card logon, explicit smart card logon (client authentication certificate mapped to multiple accounts), explicit cross-forest smart card logon and NIST SP800-78-3 compliant S/MIME email exchanges. 
Smart card/HSPD-12 adoption within agencies varies.  DoD has definitely been the leader in this space.  There are other agencies that I've been at that are also rolling but there are also those that haven't even started issuing smart cards to the majority of their users yet.   I'm not naming names here :)



1 comment:

  1. Hello Dude,

    This document is written for enterprise information technology professionals who are planning or implementing PIV-II smart card logon in accordance with the HSPD-12 directive. It is assumed that the audience for this document has basic knowledge of Public Key Infrastructure and Smart Card concepts. Thanks!

    ReplyDelete