Access approvals for DoD personnel that once took weeks will now take hours, and every access-related activity will generate a permanent audit trail.
The decidedly analog process for accessing Defense Department information systems is getting undergoing a digital modernization.
The Defense Department is retiring one of its most widely used — and often incorrectly submitted — paper forms, replacing it with an automated identity management system designed to accelerate secure user access and reduce administrative errors.
Specifically, the department is replacing the decades-old DD Form 2875 System Authorization Access Request, or SAAR, with fully automated Identity, Credential and Access Management (ICAM) workflows for requesting, authorizing and provisioning access to the department’s systems and applications.
This transition is a central component of the Defense Department’s shift to a zero-trust cyber security architecture, which assumes that DoD’s networks and systems are already compromised and that users or devices require continuous authentication, monitoring and authorization. The department needs to complete 91 activities to reach the target level of zero trust by 2027.
Under the new process, access approval that used to take weeks will now take hours, access is revoked immediately upon a person’s departure, and every access-related event generates a permanent, unchangeable audit trail.
The latest ICAM modernization directive, signed by the Defense Department chief information security officer in December, requires all DoD components to implement ICAM-integrated SAAR workflows that automatically provision access based on identity attributes and roles, ensure all access actions are tracked and auditable. and integrate with enterprise identity services. The goal: to streamline and sync operations across approved ICAM providers, the Enterprise Identity Attribute Service, and DISA Enterprise Identity Services to achieve interoperable, secure ICAM departmentwide and resolve pain points of the legacy SAAR process.
The transition will occur in phases. By June 2026, DoD ICAM service providers must ensure that automated access workflows are available to system and application owners. By September 2026, all access requests for systems and applications that have onboarded to approved ICAM providers must be processed through automated workflows.
The department wants to fully retire the paper-based DD Form 2875 by September 2027, except in cases where policy exceptions are granted.
“Department application owners should now work with their ICAM providers to transition to the new system. This involves categorizing applications by risk level and updating user roles and permissions to ensure a secure and accurate migration,” DoD officials said in a recent release.
DoD also released an ICAM workflow implementation guide to help components transition away from this PDF-based access request process. The document will be updated as “technical capabilities expand and ICAM service provider maturity increases to accommodate legacy system architectures.”
“The legacy DD Form 2875 process relies on manual data entry, sequential approvals, and static documentation that do not scale to modern operational demands. These practices introduce unnecessary delays, data-quality issues, and audit challenges,” the document reads. “This guide provides technical and operational direction for implementing automated account provisioning and access governance across the DoD enterprise.”
At some DoD components, work already under way to transition away from the legacy DD Form 2875 process. The Army’s recent policy states that PDF versions of the DD Form 2875 and DA Form 7789, the Privileged Access Agreement and Acknowledgement of Responsibilities, are “no longer acceptable mechanisms for system access” to Army systems on the Nonclassified Internet Protocol Router Network (NIPRNet) and the Secret Internet Protocol Router Network (SIPRNet).
Copyright
© 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
