New restrictions to US DoD web access

AIR Force personnel who routinely access unclassified US Department of Defense (DoD) web sites in the course of their duties can no longer do so.

Changes in policy by the DoD mean that access is restricted to certified users.

Mandy Cramer, Director of eBusiness Strategies (DeBS) within Defence’s Chief Information Officer Group, said the common means of restriction were by the use of domain restriction (.mil or .gov), filtering of specific Internet protocol addresses, user ID or password authentication.

But the US has taken advantage of its Public Key Infrastructure (PKI) and now restricts access to holders of valid US DoD certificates.

The progressive introduction of this kind of access control means that, just like all US DoD employees, ADF members will be required to obtain a PKI Class 3 certificate from the DoD.

The ADF has been given authority to temporarily issue certificates using the US DoD PKI processes as a result of the US policy direction and the schedule for the Combined Communications Electronics Board decision to move towards mutual recognition of certificate authorities.

The Trusted Agent Project, within DeBS, has been established to implement an interim US trusted agent system for members to obtain US DoD recognised certificates to access DoD PKI-enabled web sites.

Applicants will have to attend an evidence of identity interview (similar to that done when opening a bank account), providing 150 points of identification to apply for a US PKI certificate at trusted agent sites.

If you require certification contact DeBS Assistant Director Chris Hein on (02) 6265 5355 or email chris.hein@defence.gov.au and explain your requirement.

.