Overview

Details on ECA Certificates is provided by DISA and can be found here: http://iase.disa.mil/pki/eca/Pages/index.aspx

 

The DI2E Dev Tool environment accepts ECA Certificates for user authentication.  Key things about ECA Certificates that should be noted:

  • ECA Certificates can only be issued by certain provides (see ECA Providers)
  • Unlike CAC cards which are considered multi-factor, ECA certificates are only considered a single factor and thus an additional method must be used for multi-factor authentication
  • Users may register new accounts using an ECA certificate

Supported ECA Providers

The DoD has established the External Certification Authority (ECA) program to support the issuance of DoD-approved certificates to industry partners and other external entities and organizations. The ECA program is designed to provide the mechanism for these entities to securely communicate with the DoD and authenticate to DoD Information Systems.

The approved ECA providers are listed in the table below:

Vendor Name

Website

Name of Recommended Certificate

Operational Research Consultants, Inc. (ORC)

http://www.eca.orc.com/

Medium Assurance Identity and Encryption Certificate

IdenTrust, Inc.

http://www.identrust.com/certificates/eca/index.html

ECA Medium Assurance

In IdenTrust, choose "No ECA Agency Affiliation is required".

ECA Token Formats

There are a variety of different ECA token formats.  DI2E supports the following:

Token FormatTypeComments
Medium AssuranceSoftwareRecommended for customers needing access to DI2E Dev Tools.
Medium Token AssuranceHardwareCan be used to access Dev Tools but will require hardware token as well.
Medium Hardware AssuranceHardwareCan be used to access Dev Tools but will require hardware token as well.