In a previous post, I warned everyone that accessing the DoD’s Approved Products List Integrated Tracking System (APLITS) will require a client certificate. Currently, the APLITS system accepts the use of a DoD Common Access Card, or CAC, to access. However, this limits access to the APLITS site to only DoD civilian, military and contractor employees.
Since then, the Defense Information Systems Agency (DISA) Unified Capabilities Certification Office (UCCO) has been working on a solution to include allowing commercial vendors to access APLITS using an External Certification Authority (ECA). This process is now up and running. We recommend all of our current clients obtain a client certificate token from only the following vendors, as these are the only authorized ECAs DISA is accepting. Details for these vendors are below.
- IdenTrust: IdenTrust provides medium-assurance hardware token certificates for users with a smart-card or USB-token. They are similar to a DoD CAC in that a second factor is required. It is above and beyond a “soft-certificate” that is loaded in a web browser. These electronic USB tokens are $139 for 1-year, $232 for 2-years, and $281 for 3-years plus the cost of the hardware. The USB/Smartcard (in-person) hardware token is $179 for 1-year or $365 for 3-years plus the cost of the hardware. They require forms to be filed with Notary Public signatures to verify identity. Click here for more information on the online process.
- Operational Research Consultants (ORC): ORC provides medium-assurance hardware token certificates similar to IdenTrust. The electronic USB tokens are $129 for 1-year and $279 for 3-years plus the cost of the hardware. The USB/Smartcard (in-person) hardware token is $169 for 1-year or $369 for 3-years plus the cost of the hardware. They require various IDs and a form filed by your company’s security manager. A sample letter is located on their site here: http://eca.orc.com/wp-content/uploads/ECA_Docs/ECA_IndivProofofOrganizationalAffiliation.doc
- Verisign (Symantec): Symantec offers ECA medium-assurance hardware token certificates the same as the others with a cost of $119 for 1-year, $218 for 2-years, and $299 for 3-years. The smart-cards are $85 and the USB-token is $65. Enrollment is done by either using a Notary Public or if your organization has a Trusted Agent (someone designated for ECA). Details are located here: Medium Assurance Token Form
- If you already have a medium-assurance client identity certificate from one of the three ECA vendors listed above, then all you have to do is send the certificate identity number to the UCCO and have them link it to your APLITS account.
If you are interested in having a trusted consultant help guide you through the DoD UC APL process, or have questions on any of the information above, please don’t hesitate to get in contact with us as soon as possible. You won’t regret you did!