WSR 98-22-112
EXPEDITED ADOPTION
SECRETARY OF STATE
[Filed November 4, 1998, 11:45 a.m.]
Title of Rule: Washington Electronic Authentication Act, chapter 19.34 RCW.
Purpose: Implementing amendments to chapter 19.34 RCW based on chapter 33, Laws of 1998 and conforming our rule to changes in national standards.
Other Identifying Information: Administrative changes and housekeeping.
Statutory Authority for Adoption: Chapter 19.34 RCW, including RCW 19.34.030, 19.34.040, 19.34.100, 19.34.400, 19.34.500.
Statute Being Implemented: Chapter 19.34 RCW, HB 2931, chapter 33, Laws of 1998.
Summary: Consistent with other sections of chapter 434-180 WAC and chapter 19.34 RCW as recently amended, to provide that operative personnel must not [have] been convicted of a felony within the past seven years. Conformance with new standards adopted by National Institute of Standards and Technology (NIST).
Reasons Supporting Proposal: Administrative changes and technical housekeeping deemed necessary for the implementation of the Electronic Authentication Act.
Name of Agency Personnel Responsible for Drafting: Hans Dettling, 505 East Union, Olympia, (360) 5876-0393; Implementation and Enforcement: David Billeter, 505 East Union, Olympia, (360) 753-2524.
Name of Proponent: Office of the Secretary of State, governmental.
Rule is not necessitated by federal law, federal or state court decision.
Explanation of Rule, its Purpose, and Anticipated Effects: WAC 434-180-215, the proposed changes will ensure consistency with other sections of the WAC and statute.
WAC 434-180-360, reflects the introduction of a new draft, dated July 13, 1998, by the National Institute of Standards and Technology (NIST).
Proposal Changes the Following Existing Rules: WAC 434-180-215(2) was amended to reduce the time for background checks to seven years. Subsequently, this change has to be reflected in subsection (4) also.
The National Institute of Standards and Technology (NIST) introduced a new draft of CCPPCS, dated July 13, 1998. The WAC 434-180-360 should be corrected to reflect the new draft date.
NOTICE
THIS RULE IS BEING PROPOSED TO BE ADOPTED USING AN EXPEDITED RULE-MAKING PROCESS THAT WILL ELIMINATE THE NEED FOR THE AGENCY TO HOLD PUBLIC HEARINGS, PREPARE A SMALL BUSINESS ECONOMIC IMPACT STATEMENT, OR PROVIDE RESPONSES TO THE CRITERIA FOR A SIGNIFICANT LEGISLATIVE RULE. IF YOU OBJECT TO THIS RULE BEING ADOPTED USING THE EXPEDITED RULE-MAKING PROCESS, YOU MUST EXPRESS YOUR OBJECTIONS IN WRITING AND THEY MUST BE SENT TO Hans Dettling, Corporations Division, Office of Secretary of State, 505 East Union, P.O. Box 40234, Olympia, WA 98504-0234, phone 586-0393, fax 664-8781, TDD 753-1485, AND RECEIVED BY December 18, 1998.
November 4, 1998
Tracy Guerin
Deputy Secretary of State
OTS-2608.1
AMENDATORY SECTION (Amending WSR 98-16-031, filed 7/29/98, effective 8/29/98)
WAC 434-180-215 Certification of operative personnel. The secretary shall not issue or renew a license as a certification authority unless the licensee documents that every individual employed or acting as operative personnel qualifies to act as operative personnel. This documentation shall include:
(1) Receipt of a completed form, signed by the individual under penalty of perjury, stating:
(a) The name (including all other names used in the past), date of birth, and business address of the individual;
(b) That the individual has not been convicted within the past seven years of a felony and has never been convicted of a crime involving fraud, false statement, or deception in any jurisdiction; and
(c) If the individual has resided in any nation other than the United States during the previous five years, the name of that nation and the period of residency.
(2) A criminal background check supporting the declaration required by subsection (1) of this section. This requirement is excused as to any individual for whom documentation satisfying this paragraph was submitted within the previous two years, even if the individual has changed employment. This check must include both of the following:
(a) A criminal background check compiled by a private sector provider, documenting a background check reasonably sufficient to disclose any criminal convictions within the previous seven years in any state or federal jurisdiction in the United States, its territories, or possessions, and any other jurisdiction specified pursuant to subsection (1)(c) of this section. This background check must contain information that is current to within thirty days of its date of submission; and
(b) The certified results of a criminal background check performed by the Washington state patrol or law enforcement agency where the operative personnel reside and are employed for the previous seven years, dated not more than thirty days prior to submission or such other jurisdictions as the secretary may reasonably request. Such check shall be performed using the individual's fingerprints.
(3) Satisfactory completion by the individual of a written examination demonstrating knowledge and proficiency in following the requirements of the Washington Electronic Authentication Act and these rules. The secretary shall develop an open book written test covering the subject matter of the act, and provide it upon request, which may include electronic access. The secretary may update or modify the test from time to time. The secretary shall indicate at the top of the test the percentage or number of questions that must be answered correctly in order to constitute satisfactory completion. No individual may take the examination more than once within a period of thirty days. A certification by the secretary that an individual has successfully completed this examination shall be valid for two years, and shall continue to satisfy the requirements of this subsection even if the individual changes employment.
(4) A licensed certification authority must remove a person
from performing the functions of operative personnel immediately
upon learning that the person has been convicted within the past
((fifteen)) seven years of a felony or has ever been convicted of
a crime involving fraud, false statement, or deception, and must
notify the secretary of this action within three business days.
[Statutory Authority: Chapter 19.34 RCW, including RCW 19.34.030, 19.34.040, 19.34.100, 19.34.400, 19.34.500 and 1998 c 33. 98-16-031, § 434-180-215, filed 7/29/98, effective 8/29/98. Statutory Authority: RCW 19.34.030, 19.34.040, 19.34.100, 19.34.111 and 19.34.400. 97-24-053, § 434-180-215, filed 11/26/97, effective 12/27/97.]
AMENDATORY SECTION (Amending WSR 97-24-053, filed 11/26/97, effective 12/27/97)
WAC 434-180-360 Trustworthy system. A system shall be
regarded as trustworthy if it materially satisfies the Common
Criteria (CC) Protection Profile (PP) for Commercial Security 2
(CS2), (CCPPCS), developed by the National Institute of Standards
and Technology (NIST). The determination whether a departure
from CCPPCS is material shall be governed by WAC 434-180-240(2).
For purposes of this chapter, CCPPCS shall be interpreted in a
manner that is reasonable in the context in which a system is
used and is consistent with other state and federal laws. Until
such time as the referenced standard is adopted by NIST, the
standard applicable for purposes of this chapter shall be the
draft of CCPPCS dated ((May 23, 1997)) July 13, 1998.
[Statutory Authority: RCW 19.34.030, 19.34.040, 19.34.100, 19.34.111 and 19.34.400. 97-24-053, § 434-180-360, filed 11/26/97, effective 12/27/97.]