DON to Migrate to Use of Stronger Cryptographic Algorithms
Published, July 7, 2011
The Department of the Navy Chief Information Officer released guidance directing the Department's migration to the use of a stronger cryptographic hash algorithm in data security authentication procedures such as CAC logon and digital signatures.
The June 15 memo "Department of the Navy Secure Hash Algorithm Migration Guidance" provides guidance in response to Department of Defense and Federal Government direction to migrate.
In January 2011 federal agencies, excluding DoD, ceased their use of Personal Identity Verification (PIV) credentials signed using the Secure Hash Algorithm (SHA)–1 and began using credentials signed using the stronger cryptographic standard of SHA-256. As a result, federal personnel previously authorized to use federal PIV credentials to access DoD systems, applications and websites experienced interoperability issues.
To restore interoperability and advance the DoD's cryptographic hash algorithm use to the stronger standard, the DON must ensure that systems and applications supporting DoD Public Key Infrastructure (PKI) authentication, digital signature generation and email encryption/decryption migrate to support for SHA-256.
To best align DON SHA-256 migration plans with pending DoD planning guidance, DON components will target systems, applications and websites for compliance by April 1, 2014. The memo also establishes an Integrated Product Team to support DON migration coordination activities.