...
- Complying with OMB's guidance for e-authentication, as required by NMFS policyNMFS e-signature policy and procedural directive, requires agencies to work through an analytical process to evaluate e-signature alternatives to match e-signature tools to the e-government application being enabled.
- Neither the OMB policy nor NIST e-authentication technical guidance specifies solutions that agencies must use.
- The first step in the analytical process is to understand the range of e-signature alternatives available to agencies and agree upon criteria for evaluating the e-signature alternatives. (This is the subject of the August 20th meeting)
- The second step is to evaluate a selected set of e-signature alternatives against some agreed-upon alternatives. (This is the subject of the August 27th meeting)
- Subsequent meetings will help complete the analytical steps called for in NMFS policythe NMFS e-signature policy and procedural directive.
Evaluation Criteria
- Usability: ease-of-use consistent with typical commercial online transactions such as consumer banking or personal investor securities trading, portable e-signature capability, not tied to a particular Internet access device or particular type of access device (rules out a signature digitizing pad, fingerprint reader, etc.)
- Ease of Implementation: minimize modifications to agency business rules or technology infrastructure
- Affordability: cost appropriate for business value delivered
- Risk Mitigation: accountability appropriate to mitigate business risk - which is a function of confidence in the original identity assertion (are you sure enough that you have identified a specific individual?), the chain of custody of the identity credentials (did the registrant maintain sole custody of the secret?), the integrity of the signed document (is the document in evidence unaltered from when it was signed?), and the legal framework of the e-signature (is the signature legally binding?).
...