Section 4-4 - Electronic Signatures Technologies The technology or technologies selected by an agency for use of electronic signatures may change over time. Existing technologies shall be implemented in a manner consistent with the requirements of these rules. The types of technologies acceptable for use for electronic signatures include:
(a) Non-Cryptographic technology that employs the use of passwords, personal identification numbers (PIN), smart card or similar technology. - (i) The agency is responsible for establishing adequate guidelines and procedures for the management and administration of non-cryptographic technologies that are consistent with the risks and consequences associated with the compromise of the information or transaction.
(b) Cryptographic technology that employs principles, means and methods for the transformation of data in order to hide its information content, prevent its undetected modification, or prevent its unauthorized use. - (i) The agency is responsible for:
- (A) Establishing adequate guidelines and procedures for the management and administration of cryptographic technologies that are consistent with die risks and consequences associated with the compromise of the information or transaction; or
- (B) Using a qualified cryptographic technology service provider for the management and administration of cryptographic technologies that are consistent with the risks and consequences associated with die compromise of the information or transaction.