Information Assurance Support Environment
What's New
Consent Notice
""

 ECA PKI Program
Assurance Levels
  
''''
Subject Matter Links:
      ECA Home Page
"" Obtain an ECA Certificate ""
Updates ""
Upcoming Changes/Capabilities ""
Users/Subscribers ""
Certificate Types ""
''
Assurance Levels ''
""
Relying Parties/Applications ""
Documents ""
Policy Change Process ""
FAQ ""
Contact Us ""
""
""

    ECA CP Version 4.1 identifies three assurance levels for ECA certificates, Medium, Medium Token, and Medium Hardware, summarized in the below table

    All subscribers should contact the Application Owner to determine which, if any, ECA certificates are accepted for application or site access

    Assurance Level

    Token Type

    Identity Proofing

    Medium

    Software

    (FIPS 140 Level 1)

    ·     Registration Authority

    ·     Trusted Agent

    ·     Notary

    ·     Authorized DoD Employee

    Medium Token

     

    Hardware

    (FIPS 140 Level 2)

    ·     Registration Authority

    ·     Trusted Agent

    ·     Notary

    ·     Authorized DoD Employee

    Medium Hardware

    Hardware

    (FIPS 140 Level 2)

    ·     Registration Authority

    ·     Trusted Agent

     

    Medium Assurance (Object Identifier: 2 16 840 1 101 3 2 1 12 1)

    This level is intended for applications handling sensitive medium value information, with the exception of transactions involving issuance or acceptance of contracts and contract modifications.  Private keys associated with Medium Assurance level certificates can be stored in software.  Identity proofing must be done in-person, but can be performed by an ECA Registration Authority, Trusted Agent, Notary, or Authorized DoD Employee (outside the US).  Medium Assurance has been mapped to DoD Medium Assurance and Federal Bridge Medium Assurance.

    Medium Token Assurance (Object Identifier: 2 16 840 1 101 3 2 1 12 3)

    This level is intended for applications handling sensitive medium value information, with the exception of transactions involving issuance or acceptance of contracts and contract modifications.  Private keys associated with Medium Token Assurance level certificates must be generated and stored in hardware tokens.  Identity proofing must be done in-person, but can be performed by an ECA Registration Authority, Trusted Agent, Notary, or Authorized DoD Employee (outside the US).  Medium Assurance has been mapped to DoD Medium Assurance and Federal Bridge Medium Hardware Assurance.

    Medium Hardware Assurance (Object Identifier: 2 16 840 1 101 3 2 1 12 2)

    This level is intended for all applications operating in environments appropriate for medium assurance but which require a higher degree of assurance and technical non-repudiation.   Private keys associated with Medium Hardware Assurance level certificates must be generated and stored in hardware tokens.  Identity proofing must be done in-person by an ECA Registration Authority or Trusted Agent.  Outside the US, an ECA Registration Authority or Trusted Agent must participate in the identity proofing process in addition to an Authorized DoD Employee.  Medium Assurance has been mapped to DoD Medium Assurance Hardware and Federal Bridge Medium Hardware Assurance.

     

     
Home

IASE Support Desk
Webmaster:IA-web@disa.mil
Page Revised: 02-Sep-09