An Important Message for Government Contractors and Sub-Contractors


If you are a government contractor or sub-contractor and you possess and process sensitive data, you must comply with NIST Special Publication 800-171 no later than December 31, 2017.

NIST SP 800-171 describes the IT security controls the government expects to be used when a contractor is processing federal data. Multi-factor authentication for local and network access to privileged accounts and for network access to non-privileged accounts is required. An overview of NIST SP 800-171 and the associated requirement for multi-factor authentication is provided here.

In addition to the requirement for multi-factor authentication, the following is applicable:

  • For all contracts awarded prior to October 1, 2017, the contractor is required to notify the DoD Chief Information Officer (CIO) via email within thirty (30) days of contract award, of any security requirements specified by NIST SP 800-171 not implemented at the time of contract award.
  • Further, NIST SP800-171 states that in order to report cyber incidents, the contractor or subcontractor shall have or acquire a DoD-approved medium assurance digital certificate to report cyber incidents. The IdenTrust ECA Medium Token Assurance certificate meets this requirement.


Compliance Requires the Use of Multi-Factor Authentication


IdenTrust digital certificates comply with multi-factor authentication requirements specified under NIST SP 800-171. IdenTrust offers the following options:

IdenTrust DoD ECA Certificates
IdenTrust provides individually issued digital identity credentials in compliance with the DoD’s External Certification Authority (ECA) Program. If you are a government contractor or sub-contractor and need to meet requirements of the DoD, an ECA certificate is the best choice for you. Use our secure and easy self-service model to purchase your ECA digital certificate!

See the bottom of this web page for Hardware Options and Pricing.

Step-by-Step Process

*Hardware certificates must be retrieved using Internet Explorer. Once retrieved, you may use your hardware certificate with any application that supports standard x.509 certificates.



IdenTrust IGC Certificates
If you do not need a DoD-approved certificate, IdenTrust offers IdenTrust Global Common Certificates (IGC) that are cross-certified with the U.S. Federal Bridge Certification Authority (FBCA), enabling trust and interoperability with a wide range of systems and applications. When you don’t require complete identity lifecycle management or need just a few digital certificates, simply purchase your certificate using the IdenTrust self-service model.

See the bottom of this web page for Hardware Options and Pricing.

Step-by-Step Process

*Hardware certificates must be retrieved using Internet Explorer. Once retrieved, you may use your hardware certificate with any application that supports standard x.509 certificates.



HID Global PIV Enterprise or PIV Express Solution
If your organization requires complete identity lifecycle management, the HID Global PIV Enterprise or PIV Express solution may be right for you. HID PIV (Personal Identity Verification) delivers an integrated solution for standards-compliant identity and credential management. The components are designed to support each other, so you can deploy our solution faster and enjoy a simplified management experience going forward.

Should you need assistance with a digital certificate to meet the multi-factor authentication requirements of NIST SP 800-171, please send an email to sales@identrust.com or contact IdenTrust inside sales at (801) 384-3521.

Don’t wait to address the requirements of NIST SP 800-171! Your ability to work with government contracts depends on compliance!

Hardware Options and Pricing

As part of the on-line registration process for hardware certificates, IdenTrust provides an option to select hardware. All hardware offered by IdenTrust in conjunction with Certificates is validated to FIPS 140-2 Level 2 or higher for cryptographic functions. With the exception of the Hybrid USB PKI/OTP Tokens, tokens and cards do not expire and may be used for an unlimited number of certificate renewals. Following are hardware options and pricing:

$65

USB Token

$50

Smart Card

$66

Smart Card plus USB Card Reader

Hardware (Smart Cards or USB Tokens) may be purchased with Certificates as part of the purchase process. Purchase of hardware includes a one-time license for middleware and drivers necessary for the hardware to function.