<
 
 
 
 
×
>
hide
You are viewing a Web site, archived on 02:39:18 Oct 15, 2004. It is now a Federal record managed by the National Archives and Records Administration.
External links, forms, and search boxes may not function within this collection.
text only - site map
Top Banner Return to  the DISA main page Site Map Search the DISA.MIL Web Site

HOME

IECA/ECA VENDORS DOCUMENTS LINKS FAQs
1. Eligibility 2. Certificate Type 3. Download and Configuration

   FAQs


Q: Does the ECA program now support certificates that last longer than a year?
A: Yes.  Once the IECAs have transitioned to ECA status, they may issue certificates that are valid for up to three years.  Each ECA vendor will submit a CPS that will describe their certificate offerings.

Q: Is there a pre-conceived estimate of a 'fair and reasonable' cost for an IECA compliant certificate?
A: No. We are seeking a sustainable business and cost model, which provides the customers with certificate services at competitive rates, while allowing the IECA to make a profit and stay in business.

Q: What specific information about the three qualified IECA suppliers and their certificates will be supplied to DoD vendors?
A: DOD vendors will be directed to the web sites of the three qualified IECA suppliers. The IECAs will be expected to provide registration information, including processes, policies, and cost, to DOD vendors.

Q: What are the names and contact numbers of engineering resources that can be used to answer technical questions?
A: Please address your questions to pkieca@ncr.disa.mil, if they are of a technical nature they will be forwarded to the appropriate people promptly.

Q: What benefits do DoD contractors derive from participating in this program?
A: Policies are currently being drafted within the DoD requiring all contractors and other organizations doing business with the DoD to use secure means of communication.  By taking advantage of the this program, you are complying with DoD regulations.  Certificates can also be used to enable and improve electronic business processes.  In today's world, where the DoD relies more and more on commercial contractors to accomplish its war-fighting mission, and where terrorism is a primary concern, the IECA/ECA PKI is a vital tool in protecting Sensitive But Unclassified (SBU) information that might give our adversaries an advantage.

Q: What incentives will DoD provide to contractors to order and use certificates?
A: Again, it is the early participants that will have a leg up on other vendors in understanding how to use certificates in a paperless contracting environment. These vendors will be the first to realize the anticipated reduced processing cost of a paperless contracting environment.

Q: Can IECA/ECA software certificates be downloaded onto a hardware token (e.g. smart card, USB token)?
A: Technically, your software keys can certificates can be loaded on a hardware token, if the vendor's middleware supports importing "*.p12" files.  If your software certificate and associated private key are stored in, for example, your Netscape browser, it must be exported as a *.p12 file and then imported onto the hardware token using the vendor's middleware.

Q: Why can't the contractor community use PGP for secure messaging with DoD personnel instead of ECA's?
A: The purpose of the IECA program is to establish a process whereby
DoD's External partners (e.g., Contractors, Customers, DSS investigators, etc.) can communicate with DoD in a trusted manner.  The current IECA vendors have undergone an extensive procedure to standup a CA and document the operational requirements in their CPS which met DoD's requirements.  As part of the transition to ECA, these requirements are being formed into a separate ECA CP (which is very similar to the DoD CP).  We currently allow PKI Interoperability with the 3 IECA vendors solely because they are the only PKIs which have been evaluated to be compliant with the DoD PKI's CP.  In particular, we don't allow the use of PGP because the 'Web-of-Trust' model used by PGP circumvents the Evaluation process established for evaluating the Trust model used by our External PKIs (i.e., IECA vendors).

Q: Can the DoD contractor community use their own PKI for secure messaging with DoD personnel instead of ECA's?

A:
No.  Only PKIs that have been approved by the DoD can be used for secure messaging with the DoD.  Currently, the approved PKIs are the DoD PKI, the Interim External Certificate Authority (IECA) PKI (until March 2004), and the External Certificate Authority (ECA) PKI.

Q: If my organization requires IECA certificates for more than one person, should I consider purchasing a server certificate and is that sufficient?
A: No.  Please review the 3-step process for obtaining an IECA certificate and in Step 2, it describes the various certificate types and their function.  A server certificate isn't a substitute for large quantities of identity certificates.  A server and identity certificate are very different in function and have very unique cases in which they would be used and implemented.

Bottom Banner

Security, Privacy & Accessibility Notice
Page last updated:
July 30, 2004 by pkieca@ncr.disa.mil

return to the top of the page
Home Search
Webmaster:IA-web@ncr.disa.mil
Page Revised 02-Aug-04