N.J. Admin. Code § 13:40-8.1A - Digital signatures and seals

(a) A digital signature and seal shall carry the same weight, authority, and effect as a handwritten signature and impression-type seal, when the following criteria are met:

1. The digital signing and sealing process satisfies the requirements of the Digital Signature Standard (DSS) established by the National Institute of Standards and Technology, FIPS PUB 186-4, Digital Signature Algorithm Validation System, (2013), which is incorporated herein by reference, as amended and supplemented. This standard may be obtained at the following website: http://www.NIST.gov/. The digital signature and seal must be:

i. Unique to the licensee;

ii. Verifiable by a trusted third party or some other approved process as belonging to the licensee; and

iii. Under the licensee's direct and exclusive control; or

iv. Linked to a document in such a manner that the digital signature and seal is invalidated if any data in the document is changed. Once the digital signature and seal are applied to the document, the document shall be available in read-only format if the document is to be digitally transmitted.

2. A digital signature and seal must be linked to a document in such a manner that it is evident if the document has been modified after the digital signature and seal have been applied.

(b) A licensee who digitally signs and seals a document shall maintain an electronic copy of the electronically transmitted document that has also been digitally signed and sealed for future verification purposes in accordance with N.J.A.C. 13:40-3.4(b).

(c) The pictorial representation of the digital signature and seal shall be readily available to the Board upon Board request and shall be produced in a manner acceptable to the Board. It shall contain the same words and shall have substantially the same graphic appearance and size as when the image of the digitally transmitted document is viewed at the same size as the document in its original form.

(d) Licensees are responsible for the use of their private digital keys. A lost or compromised key shall not be used and the licensee shall cause a new key pair to be generated in accordance with the criteria described in (a) above. A licensee shall take all reasonable steps to ensure that a compromised key is invalidated, and shall inform all affected clients that the digital key has been compromised.

Notes

N.J. Admin. Code § 13:40-8.1A

Adopted by 47 N.J.R. 2874(a), effective 11/16/2015 Amended by 52 N.J.R. 46(a), effective 1/6/2020