DEPARTMENT OF THE ARMY
HEADQUARTERS
WASHINGTON, D.C. 27 APR 1975
*Department of the Army
Pamphlet 25-2-13
Headquarters
Department of the Army
Washington, DC
27 April 2023

Information Management : Army Cybersecurity

Army Identity, Credential, and Access Management and Public Key Infrastructure Implementing Instructions

By Order of the Secretary of the Army:

JAMES C. MCCONVILLE
General, United States Army
Chief of Staff

Official:

MARK F. AVERILL
Administrative Assistant to the
Secretary of the Army

History. This publication is a major revision.

Applicability. This pamphlet applies to the Regular Army, the Army National Guard/Army National Guard of the United States, and the U.S. Army Reserve, unless otherwise stated.

Proponent and exception authority. The proponent of this pamphlet is the Deputy Chief of Staff, G-6. The proponent has the authority to approve exceptions or waivers to this pamphlet that are consistent with controlling law and regulations. The proponent may delegate this approval authority, in writing, to a division chief within the proponent agency or its direct reporting unit or field operating agency, in the grade of colonel or the civilian equivalent. Activities may request a waiver to this pamphlet by providing justification that includes a full analysis of the expected benefits and must include formal review by the activity's senior legal officer. All waiver requests will be endorsed by the commander or senior leader of the requesting activity and forwarded through their higher headquarters to the policy proponent. Refer to AR 25-30 for specific requirements.

Suggested improvements. Users are invited to send comments and suggested improvements on DA FormDA FormDepartment of the Army form 2028 (Recommended Changes to Publications and Blank Forms) via email to usarmy.pentagon.hqda-cio-g-6.mbx.policy-inbox@mail.mil.

Distribution. This pamphlet is available in electronic media only and is intended for the Regular Army, the Army National Guard/Army National Guard of the United States, and the U.S. Army Reserve.

*This regulation supersedes DA PamDA PamDepartment of the Army Pamphlets 25-2-13, dated 8 April 2019.

DA PAM 25-2-13 • 27 April 2023

UNCLASSIFIED

Unless otherwise indicated, all Army publications are available on the Army Publishing Directorate website at https://armypubs.army.mil. DoD publications are available on the ESD website at https://www.esd.whs.mil. USCs are available on the USCUSCUnited States Code website at https://uscode.house.gov.

Army Identity, Credential, and Access Management and Public Key Infrastructure Implementing Instructions This major revision, dated 27 April 2023— • Changes the proponent and exception authority from the Army Chief Information Officer to the Deputy Chief of Staff, G – 6 (throughout). • Identifies organizational split with the Chief Information Officer and the Deputy Chief of Staff, G – 6 (throughout). • Updates guidance on the use of the Army Master Identity Directory Service to obtain authoritative identity data, and requirements for all enterprise cloud-based services to use Enterprise Access Management Service–Army for authentication (para 3 – 3). • Provides new guidance on the process to change an identity attribute standard used for identifying personnel on Army networks (para 3 – 4). • Provides new guidance on the process to request a new identify, credential, and access management capability or an update to an existing capability within the Army (para 3 – 5). • Provides new guidance on the management of Artificial Intelligence and Machine Learning technologies that are authorized to operate on Army networks and access information technology resources (para 3 – 6). • Updates token retention guidance during duty assignment changes; creates two separate sections for Nonclassified Internet Protocol Router Network and Secure Internet Protocol Router Network to provide clarity (paras 4 – 13, 4 – 14). • Updates guidance on the Nonclassified Internet Protocol Router Network Enterprise Alternate Token System and prohibits the issuance of the signature certificate on Nonclassified Internet Protocol Router Network Enterprise Alternate Token System and or the alternate smart card logon tokens (para 4 – 18). • Updates guidance on requirements for senior official second Secure Internet Protocol Router Network token and use of the very important person’s signing certificate (4 – 19). • Provides new guidance on the issuance of public key infrastructure certificates for non-person entity devices (paras 5 – 4, 5 – 5). • Updates guidance on requirements for personally owned devices to access unclassified information systems (para 5 –6). • Updates guidance for systems authorized to use user name and password authentication to transition to an Army approved alternative multi-factor authentication solution (para 5 – 7a). • Provides guidance on the use of compensating controls to mitigate single-factor authentication to strengthen network security and on password standards (para 5 –7b). • Provides new guidance on the use of biometrics for logical access to Army Information Technology resources (para 6 – 2). • Provides clarifying guidance on requesting approval to use alternate multi-factor authentication in place of direct public key infrastructure or the Army’s Identity Federation Services Enterprise Access Management Service – Army (para 6 – 6). • Updates Trusted Agent and Enhance Trusted Agent training website location (para 10 – 2c).