WSR 12-09-029



[ Filed April 10, 2012, 10:42 a.m. ]

Original Notice.

Preproposal statement of inquiry was filed as WSR 12-05-015.

Title of Rule and Other Identifying Information: Electronic authentication.

Hearing Location(s): 801 Capitol Way South, 2nd Floor Conference Room, Olympia, WA 98504, on May 28, 2012, at 9:00 a.m.

Date of Intended Adoption: May 23, 2012.

Submit Written Comments to: Pamela Floyd, P.O. Box 40234, Olympia, WA 98504-0234, e-mail, fax (360) 586-4989, by May 22, 2012.

Assistance for Persons with Disabilities: Contact Sharon Baker by May 22, 2012, TTY (800) 422-8683 or (360) 725-0312.

Purpose of the Proposal and Its Anticipated Effects, Including Any Changes in Existing Rules: Updating references and creating consistency between state and federal standards.

Reasons Supporting Proposal: Current rules reference NIST (National Institute of Standards and Technology) standards that are no longer applicable. Language is changed to reflect new standards.

Statutory Authority for Adoption: RCW 19.34.030.

Statute Being Implemented: RCW 19.34.030 (2)(c).

Rule is not necessitated by federal law, federal or state court decision.

Name of Proponent: Division of corporations, office of the secretary of state, governmental.

Name of Agency Personnel Responsible for Drafting and Implementation: Pamela Floyd, 801 Capitol Way South, Olympia, WA 98504, (360) 725-0310.

No small business economic impact statement has been prepared under chapter 19.85 RCW. No additional costs are imposed on businesses.

A cost-benefit analysis is not required under RCW 34.05.328. These rules are adopting by reference without material change, Washington state statutes and are not required to do a cost-benefit analysis per RCW 34.05.328 (5)[(b)](iii).

April 6, 2012

Steve Excell

Assistant Secretary of State


AMENDATORY SECTION(Amending WSR 99-02-047, filed 1/4/99, effective 2/4/99)

WAC 434-180-360   Trustworthy system.   A system shall be regarded as trustworthy if it materially satisfies ((the Common Criteria (CC) Protection Profile (PP) for Commercial Security 2 (CS2), (CCPPCS),)) current information security standards and guidelines, including minimum requirements for federal information systems, developed by the National Institute of Standards and Technology (NIST). ((The determination whether a departure from CCPPCS is material shall be governed by WAC 434-180-240(2).)) For purposes of this chapter, ((CCPPCS)) compliance shall be interpreted in a manner that is reasonable in the context in which a system is used and is consistent with other state and federal laws. ((Until such time as the referenced standard is adopted by NIST, the standard applicable for purposes of this chapter shall be the draft of CCPPCS dated July 13, 1998.))

[Statutory Authority: Chapter 19.34 RCW and 1998 c 33. 99-02-047, 434-180-360, filed 1/4/99, effective 2/4/99. Statutory Authority: RCW 19.34.030, 19.34.040, 19.34.100, 19.34.111 and 19.34.400. 97-24-053, 434-180-360, filed 11/26/97, effective 12/27/97.]

Washington State Code Reviser's Office