ML17283A173

From kanterella
Jump to navigation Jump to search
Management Directive 2.9, Use and Acceptance of Electronic Signature.
ML17283A173
Person / Time
Issue date: 01/30/2018
From: Sulser D
NRC/OCIO
To:
References
DT-18-03, MD 2.9 MD 2.9
Download: ML17283A173 (8)
v  d  e


Text

U.S. NUCLEAR REGULATORY COMMISSION MANAGEMENT DIRECTIVE (MD)

MD 2.9 USE AND ACCEPTANCE OF DT-18-03 ELECTRONIC SIGNATURES Volume 2: Information Technology Approved By: Victor M. McCree Executive Director for Operations Date Approved: January 30, 2018 Cert. Date: N/A, for the latest version of any NRC directive or handbook, see the online MD Catalog Issuing Office: Office of the Chief Information Officer IT Services Development and Operations Division Contact Name: J. David Sulser EXECUTIVE

SUMMARY

New Management Directive 2.9, Use and Acceptance of Electronic Signatures, is issued at the direction of the Executive Director for Operations. The agency will expand its use and acceptance of electronic signature through the following actions:

  • Enhance the fulfillment of its obligations under the Government Paperwork Elimination Act.
  • Promote digital signature using existing agency technology.
  • Increase opportunities for converting paper processes to electronic.
  • Guide the staff on the acceptability and use of electronic signatures.
  • Introduce Web guidance, Electronic Signature Implementation Assessment Guide, (ML17053A536) on signature technology and implementation.

TABLE OF CONTENTS I. POLICY..............................................................................................................................2 II. OBJECTIVES ....................................................................................................................3 III. ORGANIZATIONAL RESPONSIBILITIES AND DELEGATIONS OF AUTHORITY ........... 3 A. Executive Director for Operations (EDO) ......................................................................3 B. General Counsel (GC) ..................................................................................................3 C. Chief Financial Officer (CFO)........................................................................................4 D. Chief Administrative Judge, Atomic Safety and Licensing Board Panel (ASLBP) .....................................................4 For updates or revisions to policies contained in this MD that were issued after the MD was signed, please see the Yellow Announcement to Management Directive index (YA-to-MD index).

MD 2.9 USE AND ACCEPTANCE OF ELECTRONIC Date Approved: 1/30/2018 SIGNATURES E. Director, Office of International Programs (OIP)............................................................4 F. Secretary of the Commission (SECY) ...........................................................................4 G. Chief Information Officer (CIO) .....................................................................................4 H. Director, Office of Nuclear Security and Incident Response (NSIR) ..............................5 I. Office Directors and Regional Administrators ...............................................................5 IV. APPLICABILITY ................................................................................................................5 V. DIRECTIVE HANDBOOK ..................................................................................................6 VI. DEFINITIONS ....................................................................................................................6 VII. ELECTRONIC SIGNATURE AS PART OF A SIGNING PROCESS ..................................7 VIII. REFERENCES ...................................................................................................................8 I. POLICY A. It is the policy of the U.S. Nuclear Regulatory Commission to use and accept electronic signatures wherever appropriate to facilitate paperless processes in fulfillment of its obligations under the Government Paperwork Elimination Act (GPEA) and the Office of Management and Budget (OMB) Circular A-130, Managing Information as a Strategic Resource.

B. Appropriate uses of electronic signature shall include internal and external agency processes, as well as acceptance of externally generated material that is electronically signed.

C. In determining the appropriateness of any use of electronic signatures, the NRC recognizes that electronic records and their related electronic signatures are not to be denied legal effect, validity, or enforceability merely because they are in electronic form, in keeping with GPEA and OMB Memorandum M-00-10, Implementation of GPEA.

D. Publication of this management directive (MD) supports the NRCs policy to ensure compatibility with current electronic signature standards and technology, and compliance with the Privacy Act, Federal Records Act, Electronic Signatures in Global and National Commerce Act, and Uniform Electronic Transactions Act, as applicable.

For the latest version of any NRC directive or handbook, see the online MD Catalog. 2

MD 2.9 USE AND ACCEPTANCE OF ELECTRONIC Date Approved: 1/30/2018 SIGNATURES II. OBJECTIVES Through expanding its use and acceptance of electronic signatures, the agency will accomplish the following:

Enhance the fulfillment of its obligations under GPEA. When practicable, GPEA requires Federal agencies to provide individuals or entities the option to submit information or transact with the agency electronically and to maintain records electronically. GPEA also encourages Federal Government use of a range of electronic signature alternatives. In addition to digital signature, alternatives may include digitized signature (e.g., electronic image) and others.

Increase the use of its investment in Personal Identity Verification (PIV) cards and related Identity, Credential, and Access Management (ICAM) information technology infrastructure to improve business efficiency and reduce operating costs through adoption of digital signature.

Encourage the use of digital signatures to modernize processes and eliminate paper.

Ensure that electronic signatures are used in ways that establish the necessary legal sufficiency and protect the agency and its mission.

Address agency and Federal records management requirements under the Federal Records Act when implementing GPEA and designing or augmenting an electronic information system.

III. ORGANIZATIONAL RESPONSIBILITIES AND DELEGATIONS OF AUTHORITY A. Executive Director for Operations (EDO)

1. May call for an analysis of a signature process using the electronic signature assessment methodology described in the Office of the Chief Information Officer (OCIO) Web guidance, Electronic Signature Implementation Assessment Guide (ML17053A536) (referred to as Web guidance in this MD), with the intent to modernize the process to benefit agency operations.
2. May review any decision not to implement electronic signature.

B. General Counsel (GC)

1. Advises on adopting electronic signatures to ensure that transactions using electronic signatures are created and maintained in accordance with all applicable laws and regulations.

For the latest version of any NRC directive or handbook, see the online MD Catalog. 3

MD 2.9 USE AND ACCEPTANCE OF ELECTRONIC Date Approved: 1/30/2018 SIGNATURES

2. Assesses the legal sufficiency for agency purposes of electronic signatures, including when used for internal purposes and on outgoing and incoming transactions, as well as the acceptability of externally generated material that is electronically signed.
3. Reviews and concurs on policy and guidance for electronic signature.

C. Chief Financial Officer (CFO)

Approves new or modified uses of electronic signature involving financial transactions.

D. Chief Administrative Judge, Atomic Safety and Licensing Board Panel (ASLBP)

1. Advises on new or modified uses of electronic signature in all adjudicatory matters.
2. Approves new or modified uses of electronic signature in matters before ASLBP presiding officers or Boards.

E. Director, Office of International Programs (OIP)

Advises on acceptance of electronic signatures made using foreign and international signing processes.

F. Secretary of the Commission (SECY)

Approves new or modified uses of electronic signature on communications, procedures, and other matters of the Commission.

G. Chief Information Officer (CIO)

1. Ensures that agency methods for use and acceptance of electronic signatures are compatible with the relevant policies and procedures issued by the Director of the Office of Management and Budget (OMB), including the Federal Bridge certification authority for digital signature compatibility, as required by the E-Government Act.
2. Determines the appropriate mix of standard electronic signature technologies that are supported by the agency.
3. Develops, issues, updates, and communicates electronic signature Web guidance to supplement this MD, in coordination with the Office of the General Counsel.
4. Advises on and approves new or modified uses of electronic signature with significant records management obligations, as identified by the signature assessment process described in the Web guidance.

For the latest version of any NRC directive or handbook, see the online MD Catalog. 4

MD 2.9 USE AND ACCEPTANCE OF ELECTRONIC Date Approved: 1/30/2018 SIGNATURES

5. Provides training and support on electronic signature technologies that are maintained by OCIO and on associated records management practices.
6. Tracks and promotes continual improvement of electronic signature processes and performance.

H. Director, Office of Nuclear Security and Incident Response (NSIR)

Reviews, recommends, and approves the use of electronic signature for material with classified and safeguards information (SGI).

I. Office Directors and Regional Administrators

1. Approve the use and acceptance of electronic signature within the area of responsibility for their office or region in coordination with OCIO.
2. Consider the effects of both traditional handwritten signatures and electronic signatures on efficiency and productivity in their office or region.
3. Conduct analyses, as needed, of the costs, benefits, and risks of accepting electronic signatures following the assessment process described in the Web guidance, and ensure adherence to electronic signature standards and methods.
4. Adopt new procedures and technologies for using electronic signatures as appropriate and consistent with this directive.
5. Provide guidance, training, and support on electronic signature processes specific to their office or region.
6. Provide training and support for any signature technology not maintained by OCIO that they approve for use specific to their office or region.
7. Perform the above responsibilities in accordance with Web guidance issued by the CIO.

IV. APPLICABILITY A. This MD applies to all NRC employees and contractors engaging in internal and external transactions involving signature that they conduct or in which they participate to perform the work of the agency.

B. NRC offices and regions implementing electronic signature must follow the policies, procedures, and assessment methodologies described in the Web guidance. For For the latest version of any NRC directive or handbook, see the online MD Catalog. 5

MD 2.9 USE AND ACCEPTANCE OF ELECTRONIC Date Approved: 1/30/2018 SIGNATURES accepting incoming electronically signed material, and for processes where an organization outside the NRC holds the electronic signature policy, NRC employees and contractors must follow the Web guidance to ensure agency requirements are met.

C. When implementing an electronic signing process, NRC employees and contractors must consider the needs of remote users, mobile users, cloud-based services, and users with disabilities. Where appropriate, electronic acknowledgement of electronically signed transactions must be provided. Transactions that include a handwritten signature must offer electronic processing, to the extent practicable.

D. This MD applies to the use and acceptance of legally binding electronic signatures and to the technical implementation of electronic signatures that are not legally binding.

E. This MD applies to electronic signatures made by a person and to electronic signatures made by an automatic process.

V. DIRECTIVE HANDBOOK This MD is issued without a handbook. In place of a handbook, the OCIO Identity, Credential, and Access Management (ICAM) Program maintains Web guidance, Electronic Signature Implementation Assessment Guide (ML17053A536), for use by NRC employees and contractors. The guidance provides information about the electronic signature assessment process, procedures, and standards to be followed when designing or evaluating an electronic signing process. The guidance also provides links to other user guides from the ICAM Program that address current technologies and implementation techniques and are updated to reflect changes in technology and practice.

VI. DEFINITIONS Digital signature A mathematical process applied to an electronic record using public key cryptography in a way that allows a recipient of the signed record to accurately verify the integrity of the record and information about the signer. Digital signature is the form of electronic signature preferred by the NRC, wherever feasible, due to its inherent security features.

Digitized signature A digital image of a handwritten signature. The image can be as simple as a scanned image of an ink-based signature handwritten on paper. In some cases the image is created by the signer using a special computer input device, such as a digital pen and For the latest version of any NRC directive or handbook, see the online MD Catalog. 6

MD 2.9 USE AND ACCEPTANCE OF ELECTRONIC Date Approved: 1/30/2018 SIGNATURES pad, to write out his or her name in a manner that is captured and stored digitally. A digital image of a handwritten signature is sometimes used as an electronic signature.

Electronic signature An electronic sound, symbol, or process that can be interpreted as a signature. The legal definition requires that the sound, symbol, or process be attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record (e.g., E-Sign, UETA). Various forms of electronic signature can have appropriate uses. GPEA encourages Federal Government use of a range of electronic signature alternatives. The NRC supports a set of electronic signature alternatives.

Signing process The overall set of means, processes, and procedures whereby

1. A person applies an electronic form of signature to an electronic record,
2. The persons intent to sign the record is made manifest,
3. The electronic form of signature is attached to or logically associated with the record being signed,
4. The signer is identified and authenticated, and
5. The integrity of the signed record is assured (from UESFOT).

Web Guidance (on Electronic Signature Implementation)

OCIO Web guidance, Electronic Signature Implementation Assessment Guide, (ML17053A536) on signature technology and implementation assists staff in understanding and implementing electronic signature and complying with the Government Paperwork Elimination Act (GPEA) and associated OMB guidance.

VII. ELECTRONIC SIGNATURE AS PART OF A SIGNING PROCESS This MD provides guidance on the use and acceptance of electronic signature as part of a signing process. A signing process includes all of the elements that make a signature valid for the intended purpose. A signing process often supports a larger business process, such as a contract award or regulatory action. The standards and definitions used in this MD and Web guidance for the elements of a signing process align with the Federal CIO Council document, Use of Electronic Signatures in Federal Organization Transactions (UESFOT). This MD addresses only the signing process, not other aspects of a business For the latest version of any NRC directive or handbook, see the online MD Catalog. 7

MD 2.9 USE AND ACCEPTANCE OF ELECTRONIC Date Approved: 1/30/2018 SIGNATURES process. Once a signing process has been established, individual signers simply execute the established process.

VIII. REFERENCES Federal Chief Information Officers Council Guidance Use of Electronic Signatures in Federal Organization Transactions (UESFOT),

Version 1.0, January 25, 2013.

Nuclear Regulatory Commission Documents Electronic Signature Implementation Assessment Guide (ML17053A536).

Office of Management and Budget Documents Circular A-130, Managing Information as a Strategic Resource.

Memorandum M-00-10, Implementation of the Government Paperwork Elimination Act (OMB M-00-10).

State Law Uniform Electronic Transactions Act (UETA) (National Conference of Commissioners on Uniform State Laws).

United States Code E-Government Act (E-Gov) (44 U.S.C. 101).

Electronic Signatures in Global and National Commerce Act (E-Sign)

(15 U.S.C. 7001-7006).

Federal Records Act (FRA) (44 U.S.C. 3301).

Government Paperwork Elimination Act (GPEA) (44 U.S.C. 3504).

Privacy Act of 1974 (5 U.S.C. 552a).

For the latest version of any NRC directive or handbook, see the online MD Catalog. 8

Retrieved from "https://kanterella.com/w/index.php?title=ML17283A173&oldid=1994113"