ECA Certification
- ECA certification allows for secure online connection, communications and transaction between the DoD and other governmental organizations and private contractors. An ECA certificate is housed in an email program or browser and can encrypt emails, authenticate a user's identity to access a DoD website and use various applications as well as sign documents digitally. With the certification, approved individuals can interact with DoD information systems and sensitive and secure information among other capabilities such as commerce involving data reliability and confidentiality. Organizations conducting business with the DoD are notified concerning exactly what type of ECA certification is appropriate.
- Certificates can be purchased by employees working for businesses in commerce with the DoD; by those employed by state and local government agencies doing DoD business; by foreign government employees or employees of foreign companies doing work with the DoD; and by individuals who require secure lines of communication with the DoD.
- The Department of Defense has approved three vendors to issue ECA certificates Operational Research Consultants, Inc. (ORC); VeriSign, Inc., a part of Symantec Corporation; and IdenTrust, Inc.
- Because the Defense Department is involved, acquiring ECA certifications is a complex process for both individuals and organizations. Citizens of the U.S., Great Britain, Australia, New Zealand and Canada must apply online for an ECA certificate from the work station or computer at which the certificate will be installed. Additionally, citizens must have their identity verified. Once approved, the individual requesting the ECA certificate will receive an email of Certificate Issuance Notification that explains how the certificate is imported, tested and backed up. Finally the individual will be "trusted" to receive his certificate by the ECA Root Certificate Authority and the ORC ECA Certificate Authority.
- ECA certificates cover a variety of aspects of online communication and are designed to make sure certain transactions are safe and secure. The certificates include Medium Assurance Identity/Encryption, Medium Token Assurance Identity/Encryption Certificates, Medium Hardware Assurance Identity/Encryption Certificates, Server Certifications, Domain Controller Certificates and Mobile Code Signing Certificates. There are also extensions of these certifications including Medium Assurance Foreign Country, Foreign Countries Supported and Medium Token Assurance Foreign Country.
