8275.0065 Record Keeping


Published: 2015

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$20 per month, or Get a Day Pass for only USD$4.99.
8275.0065 RECORD KEEPING.


§
Subpart 1.

General requirement.

A licensed certification authority shall make, keep, and preserve records that demonstrate compliance with:

§
A.

Minnesota Statutes, section 325K.05, subdivision 1;


§
B.

Minnesota Statutes, section 325K.10, including all notices of suspension of certificates according to Minnesota Statutes, section 325K.10, subdivision 4;


§
C.

Minnesota Statutes, section 325K.14, subdivision 1;


§
D.

Minnesota Statutes, section 325K.15; and


§
E.

Minnesota Statutes, section 325K.18.



§
Subp. 2.

Subscriber identity records.

A licensed certification authority shall maintain a database file that contains:

§
A.

records of the identity of the subscriber named in each certificate issued by the certification authority, including all the facts represented in the certificate other than the extension data referenced in X.509;


§
B.

the date of issuance of the certificate; and


§
C.

the certificate serial number as defined in X.509.



§
Subp. 3.

Time stamp records.

A licensed certification authority shall maintain a database file of certificate-related time-stamps issued by the certification authority, including the name of the subscriber, a reference to the certificate used in the transaction such as a serial number, and a description of the item being time-stamped.


§
Subp. 4.

Retention period.

All records retained under this part must be kept by the licensed certification authority for at least ten years.


§
Subp. 5.

Form and accessibility.

Records may be inscribed on any tangible medium or stored in an electronic or other medium so long as they are retrievable, readable, accurate, complete, and accessible. The records must be indexed, stored, preserved, and reproducible so as to be authentic, reliable, complete, and accessible. Certificate extension data, referenced in X.509, is not required to be part of any publicly accessible record.