Skip to main content

Safeguard Sensitive and Unclassified DoD Information using ECA certificates

Cyber theft of DoD program information from defense contractors’ unclassified computer networks puts the U.S. military’s technological advantage at risk.  Theft of information pertaining to DoD capability development can allow adversaries to bypass costly and lengthy research and development cycles and/or understand enough about U.S. military technology to develop countermeasures.

Best practices to mitigate the risk of information theft are to implement commensurate information security controls such as logical access controls, audit and accountability controls, configuration management controls, physical access controls and increasingly controls to encrypt data at rest and in transit to protect sensitive information from theft.  It is critical that all DoD contractors implement best practice information security to mitigate the risk of information theft.

Recognizing the need to ensure contractors implement best practice controls, the DoD developed new policy to mitigate this risk by including clauses in the Defense Federal Acquisition Regulation Supplement (DFARS).  The DFARS clauses require enhanced safeguarding of unclassified DoD information mandating the use of specific NIST SP800-53 controls.

While most of the required security controls represent best practices already in place within most contractor organizations, many contractors do not today implement controls to protect transmitted information.  The DFARS clauses specifically require the use of cryptographic mechanisms to prevent unauthorized disclosure of information during transmission for many types of unclassified DoD information.

DoD ECA certificates enable cryptographic protection of transmitted data

IdenTrust is an approved provider of DoD ECA (External Certificate Authority) certificates that can be used to enable cryptographic protection of transmitted data.  ECA certificates are individually issued digital identity credentials intended for the DoD contractor community.  DoD contractors can use these credentials to meet DFARS requirements for safeguarding sensitive and unclassified DoD information:

  • Digitally sign and encrypt email and/or documents
  • Ensure only intended recipient(s) can decrypt transmitted data
  • Ensure integrity of encrypted information (meaning it has not changed since encryption)
  • Ensure the identity of the sender of the information

DoD ECA certificates integrate seamlessly with a variety of email products including:

There are several DoD ECA certificate options that can be used for secure email.  There are different types of DoD ECA certificates that can be used for secure email, as well as other capabilities such as digital signing and two-factor authentication.  It is important to know how your will use your certificate in order to choose the appropriate type to best suit your personal or business needs.  Learn more about the specific characteristics and current pricing for DoD ECA certificates or simply use choose BUY NOW and our Certificate Selection Wizard will help you make your selection.

When public trust is all you require, IdenTrust offers TrustID® certificates to meet your needs.
When non-DoD government trust is required, IGC certificates offer the ideal solution.