Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    • Environmental Topics
    • Air
    • Bed Bugs
    • Cancer
    • Chemicals, Toxics, and Pesticide
    • Emergency Response
    • Environmental Information by Location
    • Health
    • Land, Waste, and Cleanup
    • Lead
    • Mold
    • Radon
    • Research
    • Science Topics
    • Water Topics
    • A-Z Topic Index
    • Laws & Regulations
    • By Business Sector
    • By Topic
    • Compliance
    • Enforcement
    • Laws and Executive Orders
    • Regulations
    • Report a Violation
    • Environmental Violations
    • Fraud, Waste or Abuse
    • About EPA
    • Our Mission and What We Do
    • Headquarters Offices
    • Regional Offices
    • Labs and Research Centers
    • Planning, Budget, and Results
    • Organization Chart
    • EPA History

Breadcrumb

  1. Home
  2. Cross-Media Electronic Reporting Rule
  3. CROMERR 101 Training
  4. Lesson 6: Using the Checklist to Work through System Requirements

Lesson 6: Signature Validation

Back | Next

Checklist items 13 through 17 are grouped under the Signature Validation Process, and represent CROMERR requirements that the system must satisfy as part of ensuring that electronic signatures it receives are valid.

Select each item under the Submission Process to learn more.

  1. Credential Validation
  2. Signatory Authorization
  3. Procedures to Flag Counterfeit Credential Use
  4. Procedures to Revoke or Reject Compromised Credentials
  5. Confirmation of Signature Binding to Document Content

13. Credential Validation

For each electronic signature As defined in § 3.3 of CROMERR, any information in digital form that is included in or logically associated with an electronic document for the purpose of expressing the same meaning and intention as would a handwritten signature if affixed to an equivalent paper document with the same reference to the same content. The electronic document bears or has on it an electronic signature where it includes or has logically associated with it such information. received, CROMERR requires that the system verify that the identified signer is actually authorized to sign the submittal.

Reference:

  • Review the Regulation Language: § 3.2000(b)(5)(i)
  • Definition of Valid Electronic Signature As defined in § 3.3 of CROMERR, an electronic signature on an electronic document that has been created with an electronic signature device that the identified signatory is uniquely entitled to use for signing that document, where this device has not been compromised, and where the signatory is an individual who is authorized to sign the document by virtue of his or her legal status and/or his or her relationship to the entity on whose behalf the signature is executed.
  • Definition of Electronic Signature Device As defined in § 3.3 of CROMERR, a code or other mechanism that is used to create electronic signatures. Where the device is used to create an individual's electronic signature, then the code or mechanism must be unique to that individual at the time the signature is created and he or she must be uniquely entitled to use it. The device is compromised if the code or mechanism is available for use by any other person.

14. Signatory Authorization

Under the Submission Process, CROMERR requires that the system be able to flag counterfeit submittals. Under the Signature Validation Process, CROMERR also requires that the system be able to flag counterfeit credential use, which would indicate that the credential has been compromised.

Reference:

  • Review the Regulation Language: § 3.2000(b)(5)(i)
  • Definition of Valid Electronic Signature As defined in § 3.3 of CROMERR, an electronic signature on an electronic document that has been created with an electronic signature device that the identified signatory is uniquely entitled to use for signing that document, where this device has not been compromised, and where the signatory is an individual who is authorized to sign the document by virtue of his or her legal status and/or his or her relationship to the entity on whose behalf the signature is executed.
  • Definition of

15. Procedures to Flag Counterfeit Credential Use

CROMERR requires that the system include procedures to follow up on evidence and reports of credential compromise In relationship to an electronic signature device, refers to when the device's code or mechanism is available for use by any other person., including procedures to revoke a credential when compromise is indicated. Correspondingly, the system must be able to reject submissions that include e-signatures executed with revoked credentials.

Reference:

  • Review the Regulation Language: § 3.2000(b)(5)(i)
  • Definition of Valid Electronic Signature As defined in § 3.3 of CROMERR, an electronic signature on an electronic document that has been created with an electronic signature device that the identified signatory is uniquely entitled to use for signing that document, where this device has not been compromised, and where the signatory is an individual who is authorized to sign the document by virtue of his or her legal status and/or his or her relationship to the entity on whose behalf the signature is executed.
  • Definition of

16. Procedures to Revoke or Reject Compromised Credentials

CROMERR requires that the system include procedures to follow up on evidence and reports of credential compromise, including procedures to revoke a credential when compromise is indicated. Correspondingly, the system must be able to reject submissions that include e-signatures executed with revoked credentials.

Reference:

  • Review the Regulation Language: § 3.2000(b)(5)(ii)
  • Definition of Valid Electronic Signature As defined in § 3.3 of CROMERR, an electronic signature on an electronic document that has been created with an electronic signature device that the identified signatory is uniquely entitled to use for signing that document, where this device has not been compromised, and where the signatory is an individual who is authorized to sign the document by virtue of his or her legal status and/or his or her relationship to the entity on whose behalf the signature is executed.
  • Definition of

17. Confirmation of Signature Binding to Document Content

Related to item 5—requiring signature binding—CROMERR requires that the system be able to determine whether the content of an electronically-signed submittal matches the content at the time the signature was executed.

Reference:

  • Review the Regulation Language: § 3.2000(b)(5)(ii)
  • Definition of Valid Electronic Signature As defined in § 3.3 of CROMERR, an electronic signature on an electronic document that has been created with an electronic signature device that the identified signatory is uniquely entitled to use for signing that document, where this device has not been compromised, and where the signatory is an individual who is authorized to sign the document by virtue of his or her legal status and/or his or her relationship to the entity on whose behalf the signature is executed.
  • Definition of

Back | Next

Review the Regulation Language: § 3.2000(b)(5)(i)

(b) An electronic document receiving system As defined in § 3.3 of CROMERR, any set of apparatus, procedures, software, records, or documentation used to receive electronic documents. that receives electronic documents submitted in lieu of paper When an electronic report takes the place of a paper report submitted to satisfy the requirements under another part of 40 CFR. In some states, the electronic reporting is done to make data collection and management easier, but the state requires that each report submitted electronically also be submitted as a signed paper copy. In this case, the electronic submission would not be in lieu of paper and CROMERR does not apply to the state. Some electronic reporting systems use a combined approach, where part or all of the data are submitted only electronically, but a wet ink signature on paper is also required. In these cases, the e-report (or at least the portions of it that are not also submitted on paper) is considered to be submitted "in lieu of paper" and CROMERR applies. In addition, there are special CROMERR rules under 40 CFR 3.2000(a) that govern the use of a wet ink signature on paper in conjunction with an e-report. (Additional detail on this combined approach is provided in Lesson 6.) documents to satisfy requirements under an authorized program As defined in § 3.3 of CROMERR, a federal program that EPA has delegated, authorized, or approved a state, tribe, or local government to administer, or a program that EPA has delegated, authorized, or approved a state, tribe or local government to administer in lieu of a federal program, under other provisions of Title 40 and such delegation, authorization, or approval has not been withdrawn or expired. must be able to generate data with respect to any such electronic document, as needed and in a timely manner, including a copy of record As defined in § 3.3 of CROMERR, a true and correct copy of an electronic document received by an electronic document receiving system, which copy can be viewed in a human-readable format that clearly and accurately associates all the information provided in the electronic document with descriptions or labeling of the information. A copy of record includes: 1) All electronic signatures contained in or logically associated with that document; 2) The date and time of receipt; and 3) Any other information used to record the meaning of the document or the circumstances of its receipt. for the electronic document, sufficient to prove, in private litigation, civil enforcement proceedings, and criminal proceedings, that... (5) In the case of an electronic document that must bear electronic signatures of individuals as provided under paragraph (a)(2) of this section, that: (i) Each electronic signature was a valid electronic signature at the time of signing

Review the Regulation Language: § 3.2000(b)(5)(ii)

(b) An electronic document receiving system that receives electronic documents submitted in lieu of paper documents to satisfy requirements under an authorized program must be able to generate data with respect to any such electronic document, as needed and in a timely manner, including a copy of record for the electronic document, sufficient to prove, in private litigation, civil enforcement proceedings, and criminal proceedings, that... (5) In the case of an electronic document that must bear electronic signatures of individuals as provided under paragraph (a)(2) of this section, that: (ii) The electronic document cannot be altered without detection at any time after being signed

Cross-Media Electronic Reporting Rule

  • Learn about the Cross-Media Electronic Reporting Rule (CROMERR)
  • CROMERR 101 Training
    • Lesson 1: Overview of the Final Rule
      • Lesson 1: What Does the Rule Do?
      • Lesson 1: What Does the Rule NOT Do?
      • Lesson 1: Who is Affected?
      • Lesson 1: When Does the Rule NOT Apply?
      • Lesson 1: End of Lesson
    • Lesson 2: Quick Tour of the Final Rule
      • Lesson 2: End of Lesson
    • Lesson 3: Application Requirements
      • Lesson 3: Required Elements of a CROMERR Application
      • Lesson 3: Typical Application Components
      • Lesson 3: Cover Sheet
      • Lesson 3: Attorney General (AG) Certification
      • Lesson 3: System Description(s)
      • Lesson 3: Submitting the Application
      • Lesson 3: End of Lesson
    • Lesson 4: The EPA Review and Approval Process under Part 3
      • Lesson 4: Technical Review Committee (TRC)
      • Lesson 4: End of Lesson
    • Lesson 5: CROMERR-Compliant Electronic Reporting
      • Lesson 5: Overview of CROMERR Requirements for Electronic Reporting
      • Lesson 5: Requirements for Authorized Program e-Reporting
      • Lesson 5: Standards for an Acceptable Electronic Document Receiving System
      • Lesson 5: Defining "Valid Electronic Signatures"
      • Lesson 5: System Requirements for Receiving e-Signatures
      • Lesson 5: Priority vs. Non-Priority Reports
      • Lesson 5: Title: Enforceability Provisions
      • Lesson 5: Title: End of Lesson
    • Lesson 6: Using the Checklist to Work through System Requirements
      • Lesson 6: Registration
      • Lesson 6: Signature Process
      • Lesson 6: Submission Process
      • Lesson 6: Signature Validation
      • Lesson 6: Copy of Record (COR)
      • Lesson 6: The CROMERR Requirements and the Checklist Items
      • Lesson 6: End of Lesson
    • Lesson 7: From Requirements to Solutions
      • Lesson 7: From Requirements to Specific Solutions
      • Lesson 7: From Requirements to Specific Solutions Two Key Decisions
      • Lesson 7: Key Decision 1 - Type of Credential Used
      • Lesson 7: Key Decision 1 - Type of Credential Used (continued)
      • Lesson 7: Key Decision 2 - Defining the Copy of Record (COR)
      • Lesson 7: From Key Decisions to CROMERR-Compliant Solutions
      • Lesson 7: End of Lesson
    • Lesson 8: Four Critical Checklist Items
      • Lesson 8: CROMERR System Checklist Items
      • Lesson 8: Additional Sample Solutions
      • Lesson 8: End of Lesson
  • Overview for CROMERR
  • Program Announcements & Initiatives
  • Approved CROMERR Applications
  • CROMERR Federal Register Notices
  • Application Tools & Templates
  • Sample Applications & Checklists
  • Glossary
  • Frequently Asked Questions
  • Help Desk
Contact Us about Cross-Media Electronic Reporting Rule
Contact Us to ask a question, provide feedback, or report a problem.
Last updated on November 13, 2024
  • Assistance
  • Spanish
  • Arabic
  • Chinese (simplified)
  • Chinese (traditional)
  • French
  • Haitian Creole
  • Korean
  • Portuguese
  • Russian
  • Tagalog
  • Vietnamese
United States Environmental Protection Agency

Discover.

  • Accessibility Statement
  • Budget & Performance
  • Contracting
  • EPA www Web Snapshot
  • Grants
  • No FEAR Act Data
  • Plain Writing
  • Privacy
  • Privacy and Security Notice

Connect.

  • Data
  • Inspector General
  • Jobs
  • Newsroom
  • Regulations.gov
  • Subscribe
  • USA.gov
  • White House

Ask.

  • Contact EPA
  • EPA Disclaimers
  • Hotlines
  • FOIA Requests
  • Frequent Questions
  • Site Feedback

Follow.