ECA CP identifies three assurance levels for ECA certificates, Medium, Medium Token, and Medium Hardware, summarized in the below table.
All subscribers should contact the Application Owner to determine which, if any, ECA certificates are accepted for application or site access.
Medium | Software (FIPS 140 Level 1) | • Registration Authority • Trusted Agent • Notary • Authorized DoD Employee |
Medium Token | Hardware (FIPS 140 Level 2) | • Registration Authority • Trusted Agent • Notary • Authorized DoD Employee |
Medium Hardware | Hardware (FIPS 140 Level 2) | • Registration Authority • Trusted Agent |
Medium Assurance (Object Identifier: 2 16 840 1 101 3 2 1 12 1)
This level is intended for applications handling sensitive medium value information, with the exception of transactions involving issuance or acceptance of contracts and contract modifications. Private keys associated with Medium Assurance level certificates can be stored in software. Identity proofing must be done in-person, but can be performed by an ECA Registration Authority, Trusted Agent, Notary, or Authorized DoD Employee (outside the US). Medium Assurance has been mapped to DoD Medium Assurance and Federal Bridge Medium Assurance.
Medium Token Assurance (Object Identifier: 2 16 840 1 101 3 2 1 12 3)
This level is intended for applications handling sensitive medium value information, with the exception of transactions involving issuance or acceptance of contracts and contract modifications. Private keys associated with Medium Token Assurance level certificates must be generated and stored in hardware tokens. Identity proofing must be done in-person, but can be performed by an ECA Registration Authority, Trusted Agent, Notary, or Authorized DoD Employee (outside the US). Medium Assurance has been mapped to DoD Medium Assurance and Federal Bridge Medium Hardware Assurance.
Medium Hardware Assurance (Object Identifier: 2 16 840 1 101 3 2 1 12 2)
This level is intended for all applications operating in environments appropriate for medium assurance but which require a higher degree of assurance and technical non-repudiation. Private keys associated with Medium Hardware Assurance level certificates must be generated and stored in hardware tokens. Identity proofing must be done in-person by an ECA Registration Authority or Trusted Agent. Outside the US, an ECA Registration Authority or Trusted Agent must participate in the identity proofing process in addition to an Authorized DoD Employee. Medium Assurance has been mapped to DoD Medium Assurance Hardware and Federal Bridge Medium Hardware Assurance.