New NARA Bulletin on Digital Identity Authentication Records

We are pleased to announce the issuance of NARA Bulletin 2015-03 Guidance on Managing Digital Identity Authentication Records.

This Bulletin provides guidance to agencies on managing digital identity authentication related transactional records, such as digital certificates and Public Key Infrastructure (PKI) files, created or used in the course of agency business. It supersedes our earlier records management guidance for PKI digital signature authenticated and secured transaction records.

This Bulletin will not interfere with agencies’ ability to use digital identity authentication measures that meet their business needs. Agencies must remove any digital identity authentication measures, such as passwords or encryption, from permanent records before transfer to NARA. NARA will coordinate the secure transfer of records to NARA with encryption that can be removed upon arrival in NARA.