Current through 2024-51, December 18, 2024
Section 250-950-3 - AUTHENTICATIONA. Authentication establishes the unique identity of a Signer as the official of the organization using Digital Signatures in transactions involving a State Agency. B. Authentication is determined by three standard factors: 1.Knowledge, meaning something the Signer knows. Examples include, without limitation, user name, password, pass phrase, PIN, and answers to security questionnaire. 2.Possession, meaning something the Signer has. Examples include, without limitation, a key fob, and a smart card. 3.Intrinsic, meaning something the Signer is. Examples include, without limitation, biometrics, such as fingerprint or retina scan. C. The minimum requirement for on-premise Authentication is Knowledge (e.g., a password). The minimum requirements for remote Authentication are a combination of Knowledge and Possession (e.g., a password plus a key fob).29- 250 C.M.R. ch. 950, § 3