The DoD has a massive PKI system already and makes the assumption users of its sites have the appropriate CAs installed. (Home access typically requires installing a set of them, typically bundled separately or in an installer)
DoD uses https and crypto at the transport layer in SIPR. Lots of "type 1" crypto as well, which is its own special thing with NSA issued hardware crypto keys.