Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    • Environmental Topics
    • Air
    • Bed Bugs
    • Chemicals and Toxics
    • Climate Change
    • Emergency Response
    • Environmental Information by Location
    • Environmental Justice
    • Greener Living
    • Health
    • Land, Waste, and Cleanup
    • Lead
    • Mold
    • Pesticides
    • Radon
    • Science Topics
    • Water Topics
    • A-Z Topic Index
    • Laws & Regulations
    • By Business Sector
    • By Topic
    • Compliance
    • Enforcement
    • Guidance
    • Laws and Executive Orders
    • Regulations
    • Report a Violation
    • Environmental Violations
    • Fraud, Waste or Abuse
    • About EPA
    • EPA Administrator
    • Organization Chart
    • Staff Directory
    • Planning, Budget, and Results
    • Jobs and Internships
    • Headquarters Offices
    • Regional Offices
    • Lab and Research Centers
Cross-Media Electronic Reporting Rule
Contact Us

Lesson 6: Signature Validation

Back | Next

Checklist items 13 through 17 are grouped under the Signature Validation Process, and represent CROMERR requirements that the system must satisfy as part of ensuring that electronic signatures it receives are valid.

Select each item under the Submission Process to learn more.

13. Credential Validation

For each electronic signature received, CROMERR requires that the system verify that the identified signer is actually authorized to sign the submittal.

Reference:

  • Review the Regulation Language: § 3.2000(b)(5)(i)
  • Definition of Valid Electronic Signature
  • Definition of Electronic Signature Device

14. Signatory Authorization

Under the Submission Process, CROMERR requires that the system be able to flag counterfeit submittals. Under the Signature Validation Process, CROMERR also requires that the system be able to flag counterfeit credential use, which would indicate that the credential has been compromised.

Reference:

  • Review the Regulation Language: § 3.2000(b)(5)(i)
  • Definition of Valid Electronic Signature
  • Definition of Electronic Signature Device

15. Procedures to Flag Counterfeit Credential Use

CROMERR requires that the system include procedures to follow up on evidence and reports of credential compromise, including procedures to revoke a credential when compromise is indicated. Correspondingly, the system must be able to reject submissions that include e-signatures executed with revoked credentials.

Reference:

  • Review the Regulation Language: § 3.2000(b)(5)(i)
  • Definition of Valid Electronic Signature
  • Definition of Electronic Signature Device

16. Procedures to Revoke or Reject Compromised Credentials

CROMERR requires that the system include procedures to follow up on evidence and reports of credential compromise, including procedures to revoke a credential when compromise is indicated. Correspondingly, the system must be able to reject submissions that include e-signatures executed with revoked credentials.

Reference:

  • Review the Regulation Language: § 3.2000(b)(5)(ii)
  • Definition of Valid Electronic Signature
  • Definition of Electronic Signature Device

17. Confirmation of Signature Binding to Document Content

Related to item 5—requiring signature binding—CROMERR requires that the system be able to determine whether the content of an electronically-signed submittal matches the content at the time the signature was executed.

Reference:

  • Review the Regulation Language: § 3.2000(b)(5)(ii)

Back | Next

Valid Electronic Signature

Valid electronic signature refers to an electronic signature on an electronic document that has been created with an electronic signature device. The identified signatory is uniquely entitled to use the signature device for signing that document provided that this device has not been compromised, and where the signatory is an individual who is authorized to sign the document by virtue of his or her legal status or his or her relationship to the entity on whose behalf the signature is executed.

Electronic Signature Device

Electronic signature device refers to a code or other mechanism that is used to create electronic signatures. Where the device is used to create an individual's electronic signature, then the code or mechanism must be unique to that individual at the time the signature is created and he or she must be uniquely entitled to use it. The device is compromised if the code or mechanism is available for use by any other person.

Review the Regulation Language: § 3.2000(b)(5)(i)

(b) An electronic document receiving system that receives electronic documents submitted in lieu of paper documents to satisfy requirements under an authorized program must be able to generate data with respect to any such electronic document, as needed and in a timely manner, including a copy of record for the electronic document, sufficient to prove, in private litigation, civil enforcement proceedings, and criminal proceedings, that... (5) In the case of an electronic document that must bear electronic signatures of individuals as provided under paragraph (a)(2) of this section, that: (i) Each electronic signature was a valid electronic signature at the time of signing

Review the Regulation Language: § 3.2000(b)(5)(ii)

(b) An electronic document receiving system that receives electronic documents submitted in lieu of paper documents to satisfy requirements under an authorized program must be able to generate data with respect to any such electronic document, as needed and in a timely manner, including a copy of record for the electronic document, sufficient to prove, in private litigation, civil enforcement proceedings, and criminal proceedings, that... (5) In the case of an electronic document that must bear electronic signatures of individuals as provided under paragraph (a)(2) of this section, that: (ii) The electronic document cannot be altered without detection at any time after being signed

  • CROMERR Home
  • Learn about the Cross-Media Electronic Reporting Rule (CROMERR)
  • Overview for State, Tribal, and Local Governments
  • Overview for EPA Programs and Regions
  • CROMERR 101 Training
    • Lesson 1: Overview of the Final Rule
    • Lesson 2: Quick Tour of the Final Rule
    • Lesson 3: Application Requirements
    • Lesson 4: The EPA Review and Approval Process under Part 3
    • Lesson 5: CROMERR-Compliant Electronic Reporting
    • Lesson 6: Using the Checklist to Work through System Requirements
      • Lesson 6: Registration
      • Lesson 6: Signature Process
      • Lesson 6: Submission Process
      • Lesson 6: Signature Validation
      • Lesson 6: Copy of Record (COR)
      • Lesson 6: The CROMERR Requirements and the Checklist Items
      • Lesson 6: End of Lesson
    • Lesson 7: From Requirements to Solutions
    • Lesson 8: Four Critical Roadmap Items
  • Program Announcements & Initiatives
  • Status of CROMERR Applications from States
  • CROMERR Federal Register Notices
  • Application Tools & Templates
  • Sample Applications & Checklists
  • Glossary
  • Frequently Asked Questions
  • Help Desk
Contact Us to ask a question, provide feedback, or report a problem.
Last updated on June 7, 2022
United States Environmental Protection Agency

Discover.

  • Accessibility
  • Budget & Performance
  • Contracting
  • EPA www Web Snapshot
  • Grants
  • No FEAR Act Data
  • Plain Writing
  • Privacy
  • Privacy and Security Notice

Connect.

  • Data.gov
  • Inspector General
  • Jobs
  • Newsroom
  • Open Government
  • Regulations.gov
  • Subscribe
  • USA.gov
  • White House

Ask.

  • Contact EPA
  • EPA Disclaimers
  • Hotlines
  • FOIA Requests
  • Frequent Questions

Follow.