We are requesting comments on a draft NARA Bulletin entitled “Guidance on Managing Digital Identity Authentication Records.” The draft is available here (.pdf).
This draft Bulletin will provide guidance on the records management requirements related to digital identification records. Specifically, this guidance will provide guidance on managing digital identity authentication-related transactional records, such as digital certificates and Public Key Infrastructure (PKI) files created or used in the course of agency business. This Bulletin will also supersede several of NARA’s records management guidance for PKI digital signature authenticated and secured transaction records.
Agencies use digital identity authentication to protect sensitive records, authenticate employee sign-ins, identify ownership of websites, and many other purposes. They use a wide variety of software. Because of the wide variety of uses and software, the Bulletin provides agencies flexibility in using digital identity authentication technology to manage temporary records. However, when agencies transfer permanent electronic records to NARA, the records must be free of encryption or other forms of security (unless permanent records must be encrypted during transfer to NARA).
Please make your comments about the draft Bulletin by June 12, 2015. Please comment below or email comments to Lisa Haralampus at Lisa.Haralampus@nara.gov. We will review all the comments we receive. Thank you.