IECA vendors are currently in
transition to become ECA vendors. To become an ECA vendor,
each vendor was required to submit a Certificate Practice
Statement (CPS) that is now being evaluated for compliance with
the ECA CP. If the ECA CPS is found to be compliant
with the ECA CP, then the ECA Policy Management Authority
(EPMA) and the commercial vendor will sign a Memorandum
of Agreement.
Unlike the DoD PKI, IECAs/ECAs may charge fees to subscribers
to issue certificates. It has been determined
that certificate fees are allowable as Other Direct Costs (ODCs). IECAs/ECAs are prohibited from charging fees
for access to certificate validation information and are required to
publish Certificate Revocation Lists (CRLs).
IECA vendors may issue IECA certificates with lifetimes up
to one year. As an ECA vendor, they will issue ECA certificates
with lifetimes up to three years.
The following
ECA vendor has been approved as meeting the required DoD assurance level
for issuing digital certificates for use with the DoD.
Operational Research
Consultants, Inc. (ORC)
http://www.orc.com
The following IECA vendors have been approved
as meeting the required DoD assurance level for issuing digital certificates
for use with the DoD.
Digital Signature
Trust Co. (DST)
http://www.digsigtrust.com/home.html
VeriSign, Inc.
http://www.verisign.com/enterprise/government/ieca.html
|