Requirement

Category

Subcategory

Allow users to create/register a new user account. This includes information such as name, phone number, physical address and unique login in the form of an email address.

User Management

Profile

The user login must be unique.

User Management

Login

The user login cannot be reused.

User Management

Login

The system must enforce a password strength with the following minimum parameters:
- Must be at least 8 alpha-numeric characters
- Must include at least one lower case letter
- Must include at least one upper case letter
- Must include at least one numeric digit
- Must include at least one special character
- Must not have been used by the user before

User Management

Password

The system must provide the ability to automatically expire passwords.

User Management

Password

The system must maintain a history of all passwords used by the unique user account login in the database, including the date/time the password was created and expired.

User Management

Password

The system can only allow one active password for a unique user account login, at a given time.

User Management

Password

All user passwords must be stored in an encrypted format in the database. The format will be a one way, "salted", hash, using the SHA-512 bit algorithm. If needed, the algorithm can utilize the Bcrypt or SHA-3 algorithm, via configuration setting.

User Management

Password

After a user changes their password, the system will require that the user sign into the system utilizing the new password.

User Management

Password

To overcome forgotten passwords, allow a user to enter their email address to request a change of their password. In order to initiate the password change process, one of their entered challenge questions will be randomly selected and will be presented. The user must answer the challenge question correctly to initiate the password change. If a challenge question is correctly answered, a new password is randomly generated by the system and emailed to the user's email address.

Note: For users who are not Electronic Signatories, they will not be required to enter a challenge question answer to request a password reset.

User Management

Password

After a user attempts to change their password, the system will send a Password Reset confirmation email to the user.

User Management

Password

The system must allow an Administrator or Organization Manager to reset a user's password, as required. When an Administrator or Organization Manager initiates the password reset, a new password is randomly generated by the system and emailed to the user's email address.

After a password is reset, the user will be required to change their password when attempting to login into the system for the first time before proceeding with system use. The user will be required to enter their current password as well as their new compliant password.

User Management

Password

The system must allow a user to change their password, if logged in. When attempting to change the password, the user will be required to enter their current password as well as their new compliant password.

User Management

Password

Upon registration of a new user, the system must send an email to the user with a hyperlink used to confirm their email address.

User Management

Confirmation

Allow a user to be assigned to the Electronic Signature role.

User Management

Role Assignment

Following a successful login to the system, if the user has Electronic Signature rights, the user must be prompted to define their challenge questions and answers. The user is not forced to perform this step immediately; however, the system will not allow the user to certify and submit a form (which requires an electronic signature) until this step is performed.

User Management

Challenge Questions

Once challenge questions are provided, the user will not have the ability to change the answers through their profile, unless their challenge questions have expired.

User Management

Challenge Questions

Allow electronic signatory users to establish challenge questions, if not established.

User Management

Challenge Questions

The system must enforce that challenge questions meet the following parameters:
- Five challenge questions must be answered.
- Each selected challenge question must be unique.
- Answers must be at least five characters in length or longer.
- Answers must be unique across all five questions.

User Management

Challenge Questions

They system will allow users to select from a list of 22 challenge questions.

User Management

Challenge Questions

The date/time a challenge question answer was provided must be tracked.

User Management

Challenge Questions

A history of challenge questions and answers must be maintained in the database, including question, answer, effective dates, and expiration date.

User Management

Challenge Questions

Challenge questions asked and the respective answers should be encrypted, per EPA recommendation.

User Management

Challenge Questions

The system must allow an administrator to expire a user’s challenge questions.

User Management

Challenge Questions

Challenge question answers must be stored in an encrypted format in the database. The format will be a one way, "salted", hash, using the SHA-512 bit algorithm. If needed, the algorithm can utilize the Bcrypt or SHA-3 algorithm, via configuration setting.

User Management

Challenge Questions

The system will automatically lock an account if the user attempts to change their password and incorrectly answers the challenge question on five (configurable) consecutive attempts.

User Management

Challenge Questions

All user session communication must be protected through SSL.

General

Communication

The Signing page consists of agency-defined electronic signature agreement criteria that each submitter must agree to before they can proceed with the form submission process. The user must individually acknowledge each agreement on the screen before they are allowed to continue.

Submission

Certification

Each agency must have the ability to customize their electronic signature agreement criteria to meet their requirements.

Submission

Certification

If all conditions (agreements) are accepted, the user must have the ability to electronically sign the submission, by a randomly selecting one of the five answered challenge question and entering their account password. If a user does not answer the selected challenge question correctly, the system will select the next challenge question, requiring the user to answer the challenge question presented and reentering their password.

Submission

Certification

The system must provide an automatic lockout mechanism based on a configurable maximum number of electronic signature (challenge question + password) attempts, with 5 being the minimum setting.

Submission

Certification

At a minimum, the system must present the following agreements to the user signing the submission:
- I am the owner of the account used to perform the electronic submission and signature.
- I have the authority to submit the data on behalf of the facility I am representing.
- I agree that providing the account credentials to sign the submission document constitutes an electronic signature equivalent to my written signature.
- I have reviewed the electronic form being submitted in its entirety and agree to the validity and accuracy of the information contained within it to the best of my knowledge.

Additional agreements can be added by the (Insert State/Agency System Acronym).

Submission

Certification

The system must allow a custom certification statement to presented to the user for CROMERR certifications.

Submission

Certification

The system must support a digital signature process utilizing X509-compatible certificates. At a minimum, it must support a PKCS#12 (PFK) type.

Submission

Signature

The system must support SSL communication (i.e., strong 256-bit encryption 2048-bit root) for the electronic signature process. Note that the electronic signature certificate is different from that used by the solution to secure its communication (which uses the SSL certificate).

Submission

Signature

During the form submission process, the system will generate a read-only representation of the form submission and present it on the screen for the Submitter can view the form submission before signing. The read-only representation of the form submission includes all data contained within the form submission as well as the ability to download and/or open any related attachments that the Submitter included in their submission. The Submitter must acknowledge that they have reviewed the form submission prior to completing the form submission process.

Submission

Submission

The certification statement presented to the signer, including warning of penalties for false certification, must be incorporated into the copy of record for the signed submission.

Submission

Submission

The system must protect the integrity of the form submission by, not allowing alterations of the form submission content during transmission or after it is received.

Submission

Submission

The system must protect the integrity of the form submission by, utilizing SSL for the entire form submission process, protecting the system and submission against man-in-the-middle attacks.

Submission

Submission

The system must protect the integrity of the form submission by sending an email notification after each form submission. This email contains a unique submission number as well as a link to the submission record where the electronically signed CoR can be downloaded.

Submission

Submission

The information used to populate the read-only representation of the form submission, reviewed by the Submitter during a form submission, must be the exact information used to complete the form submission. No updates to that data previewed can be made after the submission process begins.

Submission

Submission

The CoR must contain the exact data used to populate the read-only view of the form submission, reviewed by the Submitter during a form submission.

Submission

Submission

The system must allow the unique user account login, password, challenge question and challenge question response to be used as the electronic signature device. The application must use its private certificate key to digitally sign the hash of the signature device and the CoR to bind the electronic signature to the submitted form.

Submission

Signature

The electronically signed CoR file created for each submitted form must contain the reported data, header page, related attachments (if applicable), and bound electronic signature. The electronically signed CoR file created for each submitted form will be in the form of a ZIP or PDF file, depending on whether attachments are included in the submission. If no attachments are included in the submission, the submitted form will include one PDF file representing the reported data. This PDF file will include the certificate. If attachments are included in the submission, the submitted form will include one ZIP file which will include one PDF file representing the reported data and all attachments included in the submission. This ZIP file will include the certificate.

Submission

Submission

The CoR must contain a header page with meta-data from the submission process, including date and time of submission, submission number and submitter name. A watermark indicating the certificate authority used and fingerprint (a unique certificate number) for the electronic signature is also displayed. No passwords, challenge questions/answers, or any other sensitive information is displayed on this header page. The header page is included in the CoR strictly as a clear way of visibly indicating to any viewer of the CoR that the CoR has been successfully electronically signed. The meta-data recorded on the header page is retrieved from the database, so it's not the sole source of this information.

Submission

Submission

Upon submission of an electronic signature level form, a copy of record of the submission at submission time must be retained.

Submission

Submission

Following the submission/signature, the system must present the submitter with a confirmation page including a unique Submission Number.

Submission

Submission

The system must send an acknowledgement email to the email address of the Submitter after every submission. The email will contain the Submitter's name, date and time of submission, subject of email, as well as a unique Submission Number so that the Submitter can further identify the form submission in question. This email contains the unique confirmation number and a description of where to download the CoR within the system, if desired.

Submission

Submission

Following the submission/signature, the system must provide the ability for the Submitters to view or download the electronically signed copy of the CoR at any time for any form submission (where they are assigned as a contributor to the form submission) from the Submission View page of the nFORM system.

Submission

Submission

The electronically signed version of the CoR must also be able to be used for verification of signature authenticity, and that no modification to the CoR has been made since initial creation. The system must provide the ability to Verify Authenticity of a COR.

Submission

Submission

The system must store the CoR (i.e., PDF and associated attachments) as a two-way hash, using the SHA-2 512 bit algorithm. If needed, the algorithm can utilize the Bcrypt or SHA-3 algorithms, via confirmation setting. COR's are protected from deletion or alternation through hashing.

Submission

Submission

The unique user account login, password, challenge question and challenge question response are used as the electronic signature device. Forms application will use its private certificate key to digitally sign the hash of the signature device and the CoR to bind the electronic signature to the submitted form. The electronic signature device hash for each signer must be added to the Signature Page Properties. 

Submission

Submission

When providing the human readable CoR to a user for download and access, the CoR must first decrypted, using the decryption key. The decryption key must be stored in the application configuration file.

There can be no separate step required to make the CoR human readable, except that the browser or local user's computer must be capable of opening a ZIP files (if applicable) and rendering PDF documents as well as well as any applicable attachments provided by the Submitter.

Submission

Submission

The system must provide the ability to "Rescind" a submission.

Submission

Submission

The system can provide no function to modify or delete a COR. CORs must be retained indefinitely.

Submission

Submission Management

The system must provide the ability to view all submissions and their status, including any form submissions that were rescinded.

Submission

Submission Management

The system must provide the ability to lock a user account.

User Management

Locking

The system must provide notification to a user, if their account status is changed (e.g., locked and unlocked).

User Management

Locking

The system must provide the ability to print the COR.

Submission

Submission

The CoR must be stored in the database in the Binary Large Objects (BLOB) format or on a relevant file system in an encrypted format.

Submission

Submission

The system must assign each CoR a unique document identifier that is related to the submission.

Submission

Submission

The system must provide the ability to log items in a database audit table as well as the application event logs. The individual entries in these two logs must be identical in information and format to allow comparison.

Each audit log will need to include the following information:
- Submission Number (including revision number), if applicable
- What action was taken
- When the action took place
- Who performed the action (name and user id)
- User impacted (if different from user taking action). For example, if an internal user initiates a password change for another user.
- Link to CoR
- Other pertinent details (e.g., what challenge question(s) was used, etc.)

User Management

Audit Logging

The system must log password change attempt to the audit logs, with a pass/fail indicator.

User Management

Audit Logging

The system must log challenge question change attempt to the audit logs, with a pass/fail indicator.

User Management

Audit Logging

The system must log electronic signature attempts to the audit logs, including success or fail indicator, and source of issue (challenge question response attempt) if failed attempt. This log will include the challenge question selected as well as the acknowledgements agreed upon.

User Management

Audit Logging

The system must log submission status changed (rescinded, revised, issued, etc.) to the audit logs.

Submission

Audit Logging

The system must log email notifications that are sent to the applicant to the audit logs.

Submission

Audit Logging

The system must log submission processing step status changed to the audit logs.

Submission

Audit Logging

The system must log when a submission is created to the audit logs.

Submission

Audit Logging

The system must log when a user changes their login name to the audit logs.

Submission

Audit Logging

The system must log when a user changes their first/last name to the audit logs.

Submission

Audit Logging

The system must log when a user changes their phone number to the audit logs.

Submission

Audit Logging

The system must log when each step of the submission wizard is visited to the audit logs.

Submission

Audit Logging

The system must log when a user account is locked, and the reason for the lock, to the audit logs.

Submission

Audit Logging

The system must log when a user account is unlocked to the audit logs.

Submission

Audit Logging

The system must log when a user account status is changed to the audit logs.

Submission

Audit Logging

The system must log when a CoR is downloaded to the audit logs.

Submission

Audit Logging