Lesson 6: Signature Validation
Checklist items 13 through 17 are grouped under the Signature Validation Process, and represent CROMERR requirements that the system must satisfy as part of ensuring that electronic signatures it receives are valid.
Select each item under the Submission Process to learn more.
13. Credential Validation
For each electronic signature received, CROMERR requires that the system verify that the identified signer is actually authorized to sign the submittal.
Reference:
14. Signatory Authorization
Under the Submission Process, CROMERR requires that the system be able to flag counterfeit submittals. Under the Signature Validation Process, CROMERR also requires that the system be able to flag counterfeit credential use, which would indicate that the credential has been compromised.
Reference:
15. Procedures to Flag Counterfeit Credential Use
CROMERR requires that the system include procedures to follow up on evidence and reports of credential compromise, including procedures to revoke a credential when compromise is indicated. Correspondingly, the system must be able to reject submissions that include e-signatures executed with revoked credentials.
Reference:
16. Procedures to Revoke or Reject Compromised Credentials
CROMERR requires that the system include procedures to follow up on evidence and reports of credential compromise, including procedures to revoke a credential when compromise is indicated. Correspondingly, the system must be able to reject submissions that include e-signatures executed with revoked credentials.
Reference:
17. Confirmation of Signature Binding to Document Content
Related to item 5—requiring signature binding—CROMERR requires that the system be able to determine whether the content of an electronically-signed submittal matches the content at the time the signature was executed.