Section 4: Digital SignaturesAnchor: #GUGXPEQS
This section establishes how TxDOT manages the risks of using digital signatures, from their creation through their use, modification, storage, and deletion as part of its Information Protection Policy. It provides an individual-based method to address the “Protect” objective of the Texas CyberSecurity Framework.Anchor: #i1039397
TxDOT’s processes using digital signatures must encrypt the transactions to be compliant with Federal Information Processing Standards (FIPS). This encryption verifies that the signature belongs to the individual who signed the document and that the document did not change once it was signed. Additionally, it must perform either one of two functions:
- store a record of how the signature was created or
- create a statement proving the document was approved using a digital signature.
Individuals who do business with TxDOT electronically, must agree to do so beforehand, show agreement in the digital record, and must not have withdrawn the consent.
Information Security Officer must:
- implement security controls to correctly identify and authenticate individuals
- ensure individuals who use TxDOT information resources comply with the digital signature safeguards issued in the Information Protection Policy.
Compliance and Standards
See the “Digital Signatures Standards” in the Information Security Standards manual for a list of the minimum standards necessary to comply with this objective of the Information Protection Policy.