|
Here is the application checklist that I have to answer. It is a new EPA rule called "CROMERR" (Cross Media Electronic Reporting Rule).
http://www.epa.gov/cdx/cromerrr/index.html (check out the Federal Register link for exact wording if you want---not for the timid at heart--your government dollars at work)
You can argue all day long about how crazy it is, I'm trying to play along. Looking for a solution, not more of the problem. Here is the checklist I have to fill out:
CROMERR System Checklist
Item Registration (e-signature cases only) 1. Identity-proofing of registrant Business Practices: System Functions:
Supporting Documentation (list attachments):
1a. (priority reports only) Identity-proofing before accepting e-signatures
Business Practices: System Functions:
Supporting Documentation (list attachments): 1b. (priority reports only) Identity-proofing method (See 1bi, 1bii, and 1b-alt)
1bi. (priority reports only) Verification by attestation of disinterested individuals Business Practices: System Functions:
Supporting Documentation (list attachments): CROMERR System Checklist
1bii. (priority reports only) Information or objects of independent origin Business Practices: System Functions:
Supporting Documentation (list attachments):
1b-alt. (priority reports only) Subscriber agreement alternative Business Practices: System Functions:
Supporting Documentation (list attachments): 2. Determination of registrant's signing authority
Business Practices: System Functions:
Supporting Documentation (list attachments): CROMERR System Checklist
3. Issuance (or registration) of a signing credential in a way that protects it from compromise Business Practices: System Functions: Supporting Documentation (list attachments):
4. Electronic signature agreement
Business Practices: System Functions:
Supporting Documentation (list attachments):. CROMERR System Checklist
Signature Process (e-signature cases only) 5. Binding of signatures to document content Business Practices: System Functions: Supporting Documentation (list attachments):
6. Opportunity to review document content
Business Practices: System Functions:
Supporting Documentation (list attachments):
7. Opportunity to review certification statements and warnings
Business Practices: System Functions:
Supporting Documentation (list attachments):
CROMERR System Checklist
Submission Process 8. Transmission error checking and documentation Business Practices: System Functions: Supporting Documentation (list attachments):
9. Opportunity to review copy of record (See 9a through 9c)
9a. Notification that copy of record is available Business Practices: System Functions: Supporting Documentation (list attachments):
9b. Creation of copy of record in a human-readable format
Business Practices: System Functions: Supporting Documentation (list attachments):
CROMERR System Checklist
9c. Providing the copy of record Business Practices: System Functions:
Supporting Documentation (list attachments):
10. Procedures to address submitter/signatory repudiation of a copy of record
Business Practices: System Functions:
Supporting Documentation (list attachments):
11. Procedures to flag accidental submissions
Business Practices: System Functions:
Supporting Documentation (list attachments):
CROMERR System Checklist
12. (e-signature cases only) Automatic acknowledgment of submission Business Practices: System Functions: Supporting Documentation (list attachments):
CROMERR System Checklist
Signature Validation (e-signature cases only) 13. Credential validation (See 13a through 13c) 13a. Determination that credential is authentic Business Practices: System Functions: Supporting Documentation (list attachments): 13b. Determination of credential ownership Business Practices: System Functions: Supporting Documentation (list attachments):
CROMERR System Checklist
13c. Determination that credential is not compromised Business Practices: System Functions: Supporting Documentation (list attachments):
14. Signatory authorization
Business Practices: System Functions: Supporting Documentation (list attachments):
15. Procedures to flag spurious credential use Business Practices: System Functions:
Supporting Documentation (list attachments):
CROMERR System Checklist
16. Procedures to revoke/reject compromised credentials Business Practices: System Functions:
Supporting Documentation (list attachments): 17. Confirmation of signature binding to document content
Business Practices: System Functions: Supporting Documentation (list attachments):
CROMERR System Checklist
Copy of Record 18. Creation of copy of record (See 18a through 18e) 18a. True and correct copy of document received Business Practices: System Functions: Supporting Documentation (list attachments):
18b. Inclusion of electronic signatures
Business Practices: System Functions: Supporting Documentation (list attachments):
18c. Inclusion of date and time of receipt
Business Practices: System Functions: Supporting Documentation (list attachments):
CROMERR System Checklist
18d. Inclusion of other information necessary to record meaning of document Business Practices: System Functions: Supporting Documentation (list attachments):
18e. Ability to be viewed in human-readable format
Business Practices: System Functions: Supporting Documentation (list attachments):
19. Timely availability of copy of record as needed
Business Practices: System Functions: Supporting Documentation (list attachments):
CROMERR System Checklist
20. Maintenance of copy of record Business Practices: System Functions:
Supporting Documentation (list attachments):
>>> "Richard Lynch" <ceo@xxxxxxxxx> 7/27/2007 1:46 PM >>> On Fri, July 27, 2007 3:21 pm, John A DAVIS wrote: > We have various labs that submit coliform sample results in an ASCII > file, quoted/comma delimited. > > We are being asked to encrypt this file for internet transfer. We are > also being asked to create a secure process by which to transfer this > file across the interent. > > Currently: > the lab pushes and button and generates the ASCII file (12 columns) > the lab logs in to a PHP webpage and uses the file upload input to > submit the file. > If data is valid, file is saved on our server in a folder where we can > pull it into the respective tables. > > > Be nice to have some insights on how to encrypt this file at the > source and how to transfer the file securely. We keep hearing the > words, "digital signature". If the concern is about during the TRANSFER of the data, SSL should be enough to satisfy virtually any requirement. The data is encrypted during the transfer. Where they get "digital signature" from, I dunno... Encrypting it at the source and decrypting it at the destination before you transfer it encrypted via SSL is kinda pointless... Unless there is an untrusted individual handling it somewhere between Lab and upload, or between your receipt and stuffing it into your tables? -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php |
