diff --git a/app/controllers/users/piv_cac_controller.rb b/app/controllers/users/piv_cac_controller.rb
index a675022ee94..e5905967232 100644
--- a/app/controllers/users/piv_cac_controller.rb
+++ b/app/controllers/users/piv_cac_controller.rb
@@ -1,6 +1,7 @@
 module Users
   class PivCacController < ApplicationController
     include ReauthenticationRequiredConcern
+    include PivCacConcern
 
     before_action :confirm_two_factor_authenticated
     before_action :confirm_recently_authenticated_2fa
@@ -33,6 +34,7 @@ def destroy
         create_user_event(:piv_cac_disabled)
         revoke_remember_device(current_user)
         deliver_push_notification
+        clear_piv_cac_information
 
         flash[:success] = presenter.delete_success_alert_text
         redirect_to account_path
diff --git a/spec/controllers/users/piv_cac_controller_spec.rb b/spec/controllers/users/piv_cac_controller_spec.rb
index f407d211e1f..3b929b2e852 100644
--- a/spec/controllers/users/piv_cac_controller_spec.rb
+++ b/spec/controllers/users/piv_cac_controller_spec.rb
@@ -139,6 +139,12 @@
       expect(flash[:success]).to eq(presenter.delete_success_alert_text)
     end
 
+    it 'removes the piv/cac information from the user session' do
+      controller.user_session[:decrypted_x509] = {}
+      response
+      expect(controller.user_session[:decrypted_x509]).to be_nil
+    end
+
     it 'logs the submission attempt' do
       response