Current through Register Vol. 56, No. 21, November 4, 2024
Section 13:27-8.10 - Digital signatures and seals(a) A digital signature and seal shall possess the same weight, authority, and effect as handwritten signature and pressure seal when the following criteria are met: 1. The digital signing and sealing process satisfies the requirements of the Digital Signature Standard (DSS) established by the National Institute of Standards and Technology, FIPS PUB 186-4 (2013), which is incorporated herein by reference, as amended and supplemented. This standard may be obtained at: http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf*. The digital signature and seal must be:i. Unique to the licensee;ii. Verifiable by a trusted third party or some other approved process as belonging to the licensee;iii. Under the licensee's direct and exclusive control; andiv. Linked to a document in such a manner that the digital signature and seal is invalidated if any data in the document is changed. Once the digital signature and seal are applied to the document, the document shall be available in read-only format if the document is to be digitally transmitted.(b) A licensee who digitally signs and seals a document shall maintain a digital copy of the electronically transmitted document that has also been digitally signed and sealed for future verification purposes.(c) The pictorial representation of the digital signature and seal shall be readily available to the Board upon request and shall be produced in a manner acceptable to the Board. It shall contain the same words and shall have substantially the same graphic appearance and size as when the image of the digitally transmitted document is viewed at the same size as the document in its original form.(d) Licensees are responsible for the use of their private digital keys. A lost or compromised key shall not be used and the licensee shall cause a new key pair to be generated in accordance with the criteria set forth in (a) above. A licensee shall take all reasonable steps to ensure that a compromised key is invalidated, and shall inform all affected clients that the digital key has been compromised.N.J. Admin. Code § 13:27-8.10
Adopted by 49 N.J.R. 1093(a), effective 5/1/2017