Section 999.136 - Security Requirements for Data Integrity(a) All ERDS shall assure submitted documents do not contain content that draws data or images from sources external to the digital and/or digitized record, including, but not limited to malware (such as viruses, worms, Trojan Horses, spyware, or adware) and executable software (such as ActiveX components, JavaScript, Java components, or HTML-encoded hyperlinks).(b) Active content detected by anti-malware software shall be removed, or if it cannot be removed, disabled as soon as it is detected. Active content that cannot be removed shall be disabled.(c) All ERDS shall use hashing to protect the Integrity of ERDS payloads. Hashing message digest size shall be a minimum of 224 bits. Hashing shall comply with FIPS 180-4, Secure Hash Standard (SHS) (publication date, August 2015) or FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions (publication date, August 2015).Cal. Code Regs. Tit. 11, § 999.136
1. New section filed 7-31-2007; operative 8-30-2007 (Register 2007, No. 31).
2. Amendment filed 10-7-2019; operative 1-1-2020 (Register 2019, No. 41). Note: Authority cited: Section 27393, Government Code. Reference: Sections 27392(b), 27393(b)(2) and 27397.5(a), Government Code.
1. New section filed 7-31-2007; operative 8-30-2007 (Register 2007, No. 31).
2. Amendment filed 10-7-2019; operative 1/1/2020 (Register 2019, No. 41).