Section 4: Digital Signatures



This section establishes how TxDOT manages the risks of using digital signatures, from their creation through their use, modification, storage, and deletion as part of its Information Protection Policy. It provides an individual-based method to address the “Protect” objective of the Texas CyberSecurity Framework.

Anchor: #i1039397


TxDOT’s processes using digital signatures must encrypt the transactions to be compliant with Federal Information Processing Standards (FIPS). This encryption verifies that the signature belongs to the individual who signed the document and that the document did not change once it was signed. Additionally, it must perform either one of two functions:

  • store a record of how the signature was created or
  • create a statement proving the document was approved using a digital signature.

General Responsibilities

Individuals who do business with TxDOT electronically, must agree to do so beforehand, show agreement in the digital record, and must not have withdrawn the consent.

Information Security Officer must:

  • implement security controls to correctly identify and authenticate individuals
  • ensure individuals who use TxDOT information resources comply with the digital signature safeguards issued in the Information Protection Policy.

Compliance and Standards

See the “Digital Signatures Standards” in the Information Security Standards manual for a list of the minimum standards necessary to comply with this objective of the Information Protection Policy.

Previous page  Next page   Title page