Install and trust DoD CA certificates on Mac OS X. Tested on Catalina and Mojave. *NOTE*: This should also enable CAC if you didn't override the system drivers.

import_dod_certs_mac.sh

#!/bin/bash 

set -eu -o pipefail

export CERT_URL='https://dl.dod.cyber.mil/wp-content/uploads/pki-pke/zip/unclass-certificates_pkcs7_DoD.zip'

# Download & Extract DoD root certificates
cd ~/Downloads/ || exit 1
/usr/bin/curl -LOJ "${CERT_URL}"

/usr/bin/unzip -o "$(basename "${CERT_URL}")"

cd "$(/usr/bin/zipinfo -1 "$(basename "${CERT_URL}")" | /usr/bin/awk -F/ '{ print $1 }' | head -1)" || exit 1

# Convert .p7b certs to straight pem and import
for item in *.p7b; do
  TOPDIR=$(pwd)
  TMPDIR=$(mktemp -d "/tmp/$(basename "${item}" .p7b).XXXXXX") || exit 1
  PEMNAME=$(basename "${item}" .p7b)
  openssl pkcs7 -print_certs -in "${item}" -inform der -out "${TMPDIR}/${PEMNAME}"
  cd "${TMPDIR}"
  /usr/bin/split -p '^$' "${PEMNAME}"
  rm "$(find . -name "x*" | sort | tail -1)"
  for cert in x??; do
    sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "${cert}"
  done
  
  cd "${TOPDIR}"
  rm -rf "${TMPDIR}"
done

Added your updates @dinosaurhead and some linter goodness to make shellcheck happy. Thanks for the input.