Government Access Cards¶
You must have a Common Access Card (CAC), External Certification Authority (ECA), or Federal Personal Identity Verification (PIV) card to access Game Warden-hosted IL2+ applications. These cards provide access to the Staging (STG) and Production (PRD) environments.
CACs, ECAs, and PIVs are wallet-sized cards and might vary slightly in color and access based on the card holder’s level of government support. You can slide these cards into internal or external card readers to gain access to government systems. Some users, based on their support levels, also might have access levels that permit them to open building doors and rooms.
You must obtain these cards from government sponsors or a Department of Defense (DoD)-approved third-party vendor, as the Game Warden team has no involvement in the government access card issuance process.
Upon receipt of your government access card (and any applicable certificate downloads), you must configure this card to work with your Platform One (P1) Single Sign-On (SSO)credentials. For additional information, read Government Access Cards and P1 SSO Configuration.
Common Access Cards¶
You must navigate the DoD vetting process to secure a CAC from a government sponsor. This process may take months to complete. The DoD issues CACs to eligible DoD active military personnel, reservists, civilians, and contractors.
External Certification Authority¶
You must navigate the DoD vetting process to secure an ECA from a DoD-approved third party such as IdenTrust or WidePoint. This process may take approximately 30 days to complete. ECAs are alternatives to CACs. The DoD ECA program issues approved certificates to eligible individuals associated with companies who use DoD systems.
- The Game Warden team recommends DoD-approved third-party IdenTrust to assist with secure government access. In addition, the Game Warden team recommends ECA Medium Token Assurance, which is an IdenTrust token type that ensures functionality with Game Warden’s Keycloak SSO. This is the Identity and Access Management (IAM) solution that allows you to access the Game Warden Web App, your products, and other Game Warden-hosted solutions more securely and using a single set of login credentials. We have no affiliation with IdenTrust and suggest you contact them directly with any questions.
- Customers using an IdenTrust ECA and a Mac computer with an M1 chip must use a Firefox browser when accessing government systems. IdenTrust is aware of this restriction and is working diligently to address this issue.
- You cannot use Linux/Ubuntu when attempting to retrieve your digital certificate, as these systems are not compatible. IdenTrust recommends MS Windows and Apple Mac machines. For Windows, IdenTrust recommends the MS Edge and Google Chrome browsers. For Macs, IdenTrust recommends Mozilla Firefox. You also should use the latest browser versions. For additional information, read IdenTrust Certificate Compatibility.
Personal Identity Verification¶
Federal agencies issue PIV cards to eligible persons to allow secure access to government systems.
Users with CACs, ECAs, or PIVs will have access to the Game Warden IL2, IL4, and IL5 environments via Platform One (P1) SSO, given that their cards are associated with one of the required Certificate Policies. The Game Warden team encourages card holders to contact the Game Warden Platform for proactive guidance, as our team can perform testing to ensure IL2/IL4/IL5 access.
Private Key Infrastructure¶
Private Key Infrastructure (PKI), a security framework that exists in each card, uses encryption and authentication to validate users and provide secure access to government systems. PKI implementation is widely used and not only exists in CACs, ECAs, and PIVs but also in Web browser security (via Transport Layer Security/TLS and Secure Sockets Layer/SSL) along with bank card microchips. Although PKI is a security framework, CACs, ECAs, PIVs (and other entities that include the PKI encryption and authentication) are often referred to as PKIs.
Below are the certificate policies specific to PKIs. These policies (or rules) are embedded into hardware tokens. Contingent upon the government agency, different certificates may have varying permissions.
Users with CACs, ECAs, or PIVs associated with one of the required certificate policies listed below will have access to the Game Warden IL2, IL4, and IL5 environments via P1 SSO, as these policies identify them as trusted system users.
Government Access Card Comparisons¶
The tables below provide general requirements along with the acquisition process for each card type. While government sponsors issue both CACs and PIVs, you must secure ECAs from the DoD-approved vendor, IdenTrust, Inc.
Each card provides access to government systems. CACs, ECAs, and PIVs provide access to IL4+ environments.
|Card Type||Wait Time||US Citizenship||Cost|
|CAC||The National Agency Check with Inquiries (NACI), which participates in the Background Investigation, takes up to 18 months to complete this process; however, you might be issued a CAC if fingerprint results are acceptable. If NACI does not approve card issuance, this agency will revoke the previously issued CAC.||Not Required||Consult with your government sponsor.|
|ECA (IdenTrust)||After form completion and notarization, you have 30 calendar days to submit this information to IdenTrust. Information is INVALID if submitted more than 30 calendar days after paperwork notarization. Upon form receipt, IdenTrust will proceed with a verification process which takes 3-5 business days. Certificate shipment is contingent upon the courier you select.||Not Required||Access Current Pricing, Certificates and Vouchers. Prices for Non-US Citizens vary slightly.|
|PIV||2-6 Weeks||Not Required. Must be a US National||Consult with your government sponsor.|
High-Level Process for Card Acquisition¶
|Card Type||Process to Acquire CAC|
|CAC||You must work directly with your government sponsor to obtain CACs, navigating:
1. Sponsorship and Eligibility
2. Registration and Enrollment
3. Background Investigation
4. Card Issuance
For detailed information, access Process for Acquiring or Renewing CAC or review General Information for additional insight.
|Card Type||Process to Acquire ECA (IdenTrust)|
– First-time applicants (persons within organizations tasked with acquiring ECA) must provide a company’s official signature.
– Applicants must create an account that includes the company’s legal name and legally registered address, company’s Dun & Bradstreet (D-U-N-S) number, and legal company status such as for-profit, government, or sole proprietor.
– Applicants must have forms notarized to complete processing.
– Applicants must provide I9 identification.
– Applicants should improve their understanding of the IdenTrust ECA Program.
– Applicants should be prepared to select our preferred token type, ECA Medium Token Assurance.
– Applicants must choose a 1-year, 2-year, or 3-year certificate and a storage device.
For additional insight, visit or call:
1. Ensure you have a solid understanding of your preferred certificate and other information specific to your ECA purchase.
2. Click Buy Now from the DoD ECA Programs page.
3. Navigate the Certificate Selection Wizard, responding to a series of questions – clicking Next to proceed to each subsequent page:
– For DoD ECA Programs, select My Federal Program is not Listed.
– For I Live in the US, select the applicable response.
– For Select a Certificate, choose ECA Medium Token Assurance – Hardware Storage.
– For Storage Device, select HID Smart Card with Reader.
– For Certificate Validity Period, select – for example – 1 Year.
– For Storage Device for Certificate, select HID Smart Card with reader.
– For Verify Your Selections, review page content and, if accurate, click Buy Now.
– For Application (Overview), review page content and enter any applicable Voucher information.
– For Application (Organization), enter Organization Name (not DBA), Email Address, and (optional) Zip Code then click Search. A list of Search Results appears. Your company name will appear if you have previously used IdenTrust. In this case, click the radio button associated with your company then proceed to the Application (Your Info) step below. If your company name does not appear, click Enter New to add your organization and complete the fields on the Headquarters Information page. At the Confirm Your Organization Information modal, verify your entries and click Yes to proceed.
– For Application (Your Info), complete the Personal Information section and establish an Account Password and Security Questions. You can use these login credentials to access the IdenTrust portal, going forward, to view forms.
– For Application (Payment), enter the payment information.
4. You might be prompted to re-enter a valid email address. You will receive an email and forms which you need to review – following the instructions as noted. The forms require a signature from your company official, such as a Chief Executive Officer, Chief Operating Officer, or a Facility Security Officer. Second Front Systems and the government sponsors are NOT affiliated with this process. You must notarize these forms, which also requires that you present I9 identification.
5. IdenTrust processes forms, and applicants receive tokens via mail. You may expedite shipping.
Access IdenTrust ECA Program for current information, as requirements might change. As a reminder, you must notarize forms and present I9 identification. If you have more than one citizenship, additional documentation will be required. Also, if necessary, IdenTrust might contact you for additional forms of identification.
|Card Type||Process to Acquire PIV|
|PIV||You must work directly with your government sponsor to obtain PIV cards. Customers with PIV cards will have access to the Game Warden IL4+ environments, given that their cards are associated with one of the required Certificate Policies. The Game Warden team encourages card holders to contact the Game Warden Platform for proactive guidance, as our team can perform testing to ensure IL4+ access.|
Initial Setup and Configuration¶
Once you have obtained your Government Access Card, reference this article about Government Access Cards and P1 SSO Configuration for your initial setup.