Preproposal statement of inquiry was filed as WSR 12-05-015.
Title of Rule and Other Identifying Information: Electronic authentication.
Hearing Location(s): 801 Capitol Way South, 2nd Floor Conference Room, Olympia, WA 98504, on May 28, 2012, at 9:00 a.m.
Date of Intended Adoption: May 23, 2012.
Submit Written Comments to: Pamela Floyd, P.O. Box 40234, Olympia, WA 98504-0234, e-mail Pam.Floyd@sos.wa.gov, fax (360) 586-4989, by May 22, 2012.
Assistance for Persons with Disabilities: Contact Sharon Baker by May 22, 2012, TTY (800) 422-8683 or (360) 725-0312.
Purpose of the Proposal and Its Anticipated Effects, Including Any Changes in Existing Rules: Updating references and creating consistency between state and federal standards.
Reasons Supporting Proposal: Current rules reference NIST (National Institute of Standards and Technology) standards that are no longer applicable. Language is changed to reflect new standards.
Statutory Authority for Adoption: RCW 19.34.030.
Statute Being Implemented: RCW 19.34.030 (2)(c).
Rule is not necessitated by federal law, federal or state court decision.
Name of Proponent: Division of corporations, office of the secretary of state, governmental.
Name of Agency Personnel Responsible for Drafting and Implementation: Pamela Floyd, 801 Capitol Way South, Olympia, WA 98504, (360) 725-0310.
No small business economic impact statement has been prepared under chapter 19.85 RCW. No additional costs are imposed on businesses.
A cost-benefit analysis is not required under RCW 34.05.328. These rules are adopting by reference without material change, Washington state statutes and are not required to do a cost-benefit analysis per RCW 34.05.328 (5)[(b)](iii).
April 6, 2012
Assistant Secretary of State
AMENDATORY SECTION(Amending WSR 99-02-047, filed 1/4/99, effective 2/4/99)
WAC 434-180-360 Trustworthy system. A system shall be regarded as trustworthy if it materially satisfies ((
Common Criteria (CC) Protection Profile (PP) for Commercial
Security 2 (CS2), (CCPPCS),)) current information security
standards and guidelines, including minimum requirements for
federal information systems, developed by the National
Institute of Standards and Technology (NIST). (( The
determination whether a departure from CCPPCS is material
shall be governed by WAC 434-180-240(2).)) For purposes of
this chapter, (( CCPPCS)) compliance shall be interpreted in a
manner that is reasonable in the context in which a system is
used and is consistent with other state and federal laws. (( Until such time as the referenced standard is adopted by
NIST, the standard applicable for purposes of this chapter
shall be the draft of CCPPCS dated July 13, 1998.))
[Statutory Authority: Chapter 19.34 RCW and 1998 c 33. 99-02-047, § 434-180-360, filed 1/4/99, effective 2/4/99. Statutory Authority: RCW 19.34.030, 19.34.040, 19.34.100, 19.34.111 and 19.34.400. 97-24-053, § 434-180-360, filed 11/26/97, effective 12/27/97.]