Before obtaining an ECA certificate for authentication to DoD information systems, it is recommended that the system owner be contacted to ensure ECA is supported, and determine which certificate types and assurance levels are acceptable.

The ECA Subscriber is the entity whose name appears as the subject in a certificate, and who asserts that it uses its key and certificate in accordance with the ECA CP.

ECA Subscribers are limited to the following categories of entities:

  • Employees of businesses acting in the capacity of an employee and conducting business with a US government agency at local, state or Federal level;
  • Employees of state and local governments conducting business with a US government agency at local, state or Federal level;
  • Employees of foreign governments or organizations conducting business with a US Government agency at local, state or Federal level;
  • Individuals communicating securely with a US government agency at local, state or Federal level; and
  • Workstations, guards and firewalls, routers, trusted servers (e.g., database, FTP, and WWW), and other infrastructure components communicating securely with or for a US government agency at local, state or Federal level. These components must be under the cognizance of humans, who accept the certificate and are responsible for the correct protection and use of the associated private key.

ECA certificates are obtained directly from vendors. For information on how to obtain a certificate visit the vendor’s website: