We released the ability for U.S. Federal Government customers to authenticate their signers by requiring them to use their common access cards (CAC) or personal identity verification cards (PIV). U.S. Government organizations require additional security measures to safeguard critical information and data. Common Access Cards, or CAC cards, are identification cards that are issued to U.S. Department of Defense personnel. They enable physical access to buildings and provide access to DoD computer networks and systems. While CAC cards are the primary identification cards for DoD personnel, Personal Identification Verification cards, or PIV cards, are smart cards used by other branches of the U.S. Federal Government that contain a certificate and a private key to gain access to computers, networks, and online resources.
With Box Sign, U.S. Federal Government organizations can now enable and require signature request recipients to authenticate themselves using their CAC or PIV smart cards before gaining access to sign the Box Sign signature request. Admins can configure their enablement settings to toggle CAC/PIV signer authentication on or off for specific users or groups. Additionally, senders can configure the the CAC/PIV signer authentication setting when initiating and sending a signature request. Signers are prompted to insert their CAC or PIV smart card into their smart card readers, enter their pin number successfully, and apply their signature to complete the request.
Signers can authenticate themselves via their CAC/PIV smart cards on Windows devices only. Additionally, Box Tools must be installed on the Windows device for each user receiving signature requests requiring CAC/PIV authentication. CAC/PIV smart card authentication is only available for single signers within a signature request.
To learn more about CAC/PIV smart card authentication in Box Sign, please see CAC/PIV E-Signature Authentication and Additional Recipient Authentication.