Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

The National Marine Fisheries Service Policy Directive 32-110, "Use and Implementation of Electronic Signatures" outlines the following requirements for an approved electronic signature system:

  1. Technical non-repudiation services
  2. Legally binding the electronic transaction to an entity
  3. Providing chain of custody audit trails
  4. Providing an electronic receipt or acknowledgment of a successful submission
  5. Collecting only necessary information in the electronic signature authentication process
  6. Create a long-term retention and access policy
  7. Periodic review and re-evaluation of the electronic signature process

This sections documents design details that address these requirements.

Binding the Transaction to an Entity and Non-repudiation

Requirements 1 and 2 above are addressed in the design of three component parts of the system:

  • identity assertion, person proofing, and registration
  • terms and conditions and signing ceremony
  • document binding and document integrity

The Hawaii Longline Logbook E-signature Evaluation has concluded that OMB Assurance Level 1 (little or no confidence in the asserted identity) was appropriate for the Hawaii Longline Logbook.  This was a considered decision justified by low likelyhood of occurrence, mostly low impact of harm, and multiple and strong mitigating controls, including: multiple and sometimes counter-balancing sources of information; permitted entities with an ongoing trusted relationship with NMFS; a rigorous certification process for e-logbook applications; and unique identifiers on each e-logbook submission.  Although the evaluation concluded that an OMB Assurance Level 1 was appropriate, registration to submit logbooks electronically and association of e-logbook registration with fishing permits are features of the proposed system. But since the existing permit process does not explicitly verify an individual's identity these features do not qualify the proposed system as OMB level 2.

document the proposed identity assertion, person proofing, and registration, with particular attention to binding and non-repudiation, and reference a broader discussion of Identity Assertion, Person Proofing and Registration alternatives

Terms and conditions and the signing ceremony contribute to binding the transaction to the entity and non-repudiation.
_and reference a broader discussion of terms and conditions and signing ceremony alternatives

Document binding and document integrity aspects contribute to to binding the transaction to the entity and non-repudiation.
_and reference a broader discussion of document binding and integrity alternatives

  • No labels