IdenTrust has leveraged more than a decade of expertise in identity proofing and providing authentication credentials for the U.S. Government and global financial organizations to develop and cross-certify with the U.S.

Federal Bridge Certification Authority a PKI that ensures trust and provides the most flexibility possible to customers for registration of users and certificate issuance. The IdenTrust Global Common (IGC) PKI provides certificates from Basic Assurance up through PIV-I credentials.

IGC certificates are ideal for U.S. Federal Government, State Government, contractors and corporations where a high degree of trust and interoperability is desired.
Each individual IGC Certificate includes both a certificate for authentication/digital signing and a certificate for encryption. The certificate pair enables a wide range of uses such as:

• Authentication to networks and applications
• Digitally signing Microsoft Office, Adobe and other types of documents
• Digitally signing online transactions
• Digitally signing email
• Encrypting email
• Encrypting documents

Back to IGC Certificates Knowledge Center IGC Certificate Options: Which one Do I Need?

IGC offers many different certificate types as shown in the table below. If you are unfamiliar with certificate assurance levels, identity proofing levels of assurance and PKI terminology, the number of options available can be daunting.

If you have been asked to obtain a certificate for use with a particular application, please visit our partners and applications page which leads you to exactly the right certificate and storage device for your application; simple and easy. If you are trying to figure out which certificate is best for your application, or would just like to learn more, read on!


Strong Strong Super Strong Supreme
IGC Basic Assurance Certificates IGC Basic Assurance Certificates on Hardware IGC Medium Software IGC Medium Hardware IGC PIV-I Hardware
U.S. FBCA Certificate Assurance Level Mapping Basic Basic Medium Medium Hardware Medium Hardware (PIV-I)
Identity Proofing Level of Assurance (LOA) LOA3 LOA3 LOA4 LOA4 LOA4
Affiliation Options Unaffiliated* Unaffiliated* Affiliated Affiliated Affiliated
Storage Options Software (browser) Software (browser)
USB Token
Smart Card
Hybrid PKI/OTP Token
Software (browser)
USB Token
Smart Card
USB Token
Smart Card
Smart Card (PIV card)
Authentication to networks and applications
Digitally signing Microsoft Office, Adobe and other types of documents
Digitally signing online transactions
Digitally signing email
Encrypt email
Encrypt documents
Requires In-Person Identity Proofing
One Year Certificate Buy
$59.00
Buy $69.00 Buy $89.00 Buy $119.00
Two Year Certificate Buy $99.00 Buy $109.00 Buy $139.00 Buy $179.00
Three Year Certificate Buy $139.00 Buy $149.00 Buy $179.00 Buy $269.00
IGC Certificate level of assurance is based on the identity proofing level of assurance, the manner in which the certificate is delivered and how it is stored as shown in the above table.

IGC Certificates are cross-certified with the U.S. Federal Bridge Certification Authority at the assurance level shown in the table, enabling trust and interoperability with a wide range of systems and applications.
IGC Basic Assurance Certificates

IGC Basic Assurance Certificates map to a U.S. FBCA Basic assurance level and are inclusive of LOA3 identity proofing and certificate delivery to your browser. Each certificate purchased is actually a certificate pair including both a signing and encryption certificate.

By default, IGC Basic Software Certificates are unaffiliated, meaning affiliation (or association) with an organization is not asserted in the certificate. In-person identity proofing is generally not required for IGC Basic Software Certificates, making the registration and approval process fast and simple with no forms required.

IGC Basic Assurance Certificates are ideal for email (S/MIME) signing and encryption, and document signing where relying applications impose basic assurance / LOA3 identity proofing and do not require the use of a hardware device for certificate private key storage.

If you require affiliated IGC Basic Software Assurance certificates, please contact IdenTrust sales.

IGC Basic Assurance Certificates on Hardware

IGC Basic Assurance Certificates on Hardware map to a U.S. FBCA Basic assurance level and are inclusive of LOA3 identity proofing and certificate delivery via your browser* to your choice of an IdenTrust-supplied hardware device. Each certificate purchased is actually a certificate pair including both a signing and encryption certificate. By default, IGC Basic Assurance Certificates are unaffiliated, meaning affiliation (or association) with an organization is not asserted in the certificate. In-person identity proofing is generally not required for IGC Basic Assurance Certificates, making the registration and approval process fast and simple with no forms required.

IGC Basic Assurance Certificates are ideal for email (S/MIME) signing and encryption, and document signing where relying applications impose Basic assurance / LOA3 identity proofing and also require the use of a hardware device for two-factor authentication.

During the registration process, you will be prompted to select the type of device for storage of the private keys associated with your certificates.

If you require affiliated IGC Basic Assurance on Hardware certificates, please contact IdenTrust sales.

IGC Medium Software Certificates

IGC Medium Software Certificates map to a U.S. FBCA Medium assurance level and are inclusive of LOA4 identity proofing and certificate delivery to your browser. Each certificate purchased is actually a certificate pair including both a signing and encryption certificate. IGC Medium Software Certificates are affiliated; meaning affiliation (or association) with an organization is asserted in the certificate. In-person identity proofing is required for IGC Medium Software Certificates, along with sponsorship from your organization.

IGC Medium Software Certificates are ideal for email (S/MIME) signing and encryption, and document signing where relying applications impose Medium assurance / LOA4 identity proofing and do not require the use of a hardware device for certificate private key storage.

At the conclusion of the on-line registration process, you will be provided a forms packet for download that must be completed and returned to IdenTrust for certificate approval.

IGC Medium Hardware Certificates

IGC Medium Hardware Certificates map to a U.S. FBCA Medium assurance level and are inclusive of LOA4 identity proofing and certificate delivery via your browser* to your choice of an IdenTrust-supplied hardware device. Each certificate purchased is actually a certificate pair including both a signing and encryption certificate. IGC Medium Software Certificates are affiliated, meaning affiliation (or association) with an organization is asserted in the certificate. In-person identity proofing is required for IGC Medium Software Certificates, along with sponsorship from your organization.

IGC Medium Hardware Certificates are ideal for email (S/MIME) signing and encryption, and document signing where relying applications impose Medium assurance / LOA4 identity proofing and also require the use of a hardware device for protection of private keys and two-factor authentication.

During the registration process, you will be prompted to select the type of device for storage of the private keys associated with your certificates. At the conclusion of the on-line registration process, you will be provided a forms packet for download that must be completed and returned to IdenTrust for certificate approval.

Identity Proofing Level of Assurance (LOA) is defined by the U.S. National Institute of Standard and Technology (NIST) in Special Publication (SP) 800-63-1. IGC Certificates include LOA3 or LOA4 identity proofing, depending on the certificate type selected. LOA4 identity proofing requires an in-person appearance for identity verification.

LOA3 identity proofing is generally automated although in some cases in-person identity proofing may be used. Lesser assurance credentials based on LOA1 or LOA2 identity proofing are not offered under IGC.
Certificates that are Affiliated require proof and verification that the individual is associated in some manner with an organization, e.g. as an employee, contractor, etc., which generally means some additional paperwork and processing. Certificates asserting the identity of the individual only and no affiliated are “Unaffiliated”.

Some applications, such as State level applications, rely on digitally signed engineering documents requiring that certificates be Affiliated, asserting the individual’s identity and association with a particular engineering firm. Other application use cases, such as Electronic Signing of Controlled Substances (EPCS), may only require the identity of the individual be asserted.
IGC Basic Assurance on Hardware or IGC Medium Software Certificates may be retrieved through your browser, which stores the certificate private key in your local operating system certificate store. When retrieving software certificates, they should always configured for high security, which means a password will be always be required to access the locally stored private key.

IGC Basic Assurance on Hardware and IGC Medium Hardware Certificates require certificate private key storage in a hardware device separate from your local operating system/browser. The certificates are retrieved through your browser and appear in your local operating system certificate store, however the private key is installed onto the hardware device. To use a hardware certificate, the device must be inserted into your system and you must provide the device password before any application may make use of your certificate private key. All IdenTrust provided hardware devices are certified at FIPS 140-2 Level 2 or higher for cryptographic functions.

IGC PIV-I Certificates are stored on a special type of smart card called a PIV card. PIV cards are required to meet NIST specifications created specifically for PIV, and must be on a U.S. Federal Government Approved Product List APL. IdenTrust supplies only APL-approved PIV cards for storage of IGC PIV-I certificates.
U.S. FBCA cross-certified IGC Device and IGC SSL Certificates are available under IGC. Beyond standard device and SSL certificates, these certificates assert a U.S. FBCA certificate assurance and may be validated against the U.S. Federal Common CA as a trust anchor. IGC Device and IGC SSL certificates are ideal for purposes such identification of network devices, server to server authentication, client/server authentication within a known trust environment and server level signing of EPCS messages. They are also ideal for any systems that need to communicate with U.S. Federal Government systems.

For information regarding IGC Device and SSL Certificates, please contact IdenTrust sales.

It should be noted that some browsers (e.g. Mozilla Firefox) do not currently have the U.S. Federal Common CA in their trust store. To have the certificate “trusted”, Firefox users would need to install the IGC Root CA or U.S. Federal Common Root CA in their local trust store, otherwise it may show as “untrusted”. For SSL certificates that will be used to identity web sites as “trusted” to the general public, IdenTrust currently recommends using standard IdenTrust SSL certificates.

To learn more about and apply for IdenTrust SSL Certificates, please visit https://www.identrustssl.com/