Nac: Chapter 720 - Digital Signatures


Published: 2015

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$20 per month, or Get a Day Pass for only USD$4.99.
[Rev. 11/22/2013 10:45:58

AM--2013]



[NAC-720 Revised Date: 4-12]

CHAPTER 720 - DIGITAL SIGNATURES

GENERAL PROVISIONS

720.010            Definitions.

720.015            “Accept a certificate” defined.

720.020            “Certification practice statement”

defined.

720.025            “Certify” defined.

720.030            “Confirm” defined.

720.035            “Disclosure record” defined.

720.040            “Electronic” defined.

720.045            “Electronic message” defined.

720.050            “Foreign license” defined.

720.055            “Hearing officer” defined.

720.060            “Incorporate by reference” defined.

720.065            “Issue a certificate” defined.

720.070            “License” defined.

720.075            “Licensee” defined.

720.080            “Notify” defined.

720.085            “Official public business” defined.

720.090            “Operative personnel” defined.

720.095            “Person” defined.

720.100            “Public agency” defined.

720.105            “Publish” defined.

720.110            “Recipient” defined.

720.115            “Recognized certification

authority” defined.

720.120            “Recognized repository” defined.

720.125            “Recommended limit of reliance”

defined.

720.130            “Repository” defined.

720.135            “Revoke a certificate” defined.

720.140            “Rightfully hold a private key”

defined.

720.145            “State repository” defined.

720.150            “Suitable insurance” defined.

720.155            “Suspend a certificate” defined.

720.160            “Time stamp” defined.

720.165            “Transactional certificate”

defined.

720.170            “Trustworthy system” defined.

720.175            “Valid certificate” defined.

720.180            Purposes of chapter.

720.185            Construction.

720.190            Variation of certain provisions by

agreement; remedies not exclusive.

720.195            Severability of provisions.

720.200            Adoption by reference of standards.

720.205            Confidentiality of information.

LICENSING AND OPERATION OF CERTIFICATION AUTHORITY

720.250            Qualifications for license; period

of validity of license.

720.260            Issuance of license to governmental

entity.

720.270            Prerequisites to issuance and

renewal of license.

720.280            Application for license.

720.290            Insurance: Minimum requirements;

proof.

720.300            Trustworthy system: Minimum

requirements.

720.310            Trustworthy system: Use.

720.320            Compliance audit: Performance;

report to Secretary of State.

720.330            Compliance audit: Qualifications of

auditor.

720.340            Qualifications of operative

personnel.

720.350            Persons convicted of certain crimes

not to act as operative personnel.

720.360            Certification practice statement:

Filing and publication; contents.

720.370            Disclosure records: Publication and

updating by Secretary of State.

720.380            Imposition of restrictions on

operation of licensee.

720.390            Creation and retention of records

by licensee.

720.400            Duties of licensee discontinuing

services as certification authority.

 

 

720.410            Filing of judgments against

licensees; scope of liability of recognized certification authority.

720.420            Recognition of foreign license.

720.430            Licensing fees.

CERTIFICATE: ISSUANCE AND PUBLICATION

720.450            Prerequisites to issuance of

certificate to subscriber.

720.460            Confirmation of identity of

prospective subscriber.

720.470            Contents of certificate.

720.480            Warranties, promises and

certifications by Secretary of State.

720.490            Warranties, promises and

certifications by other certification authorities.

720.500            Certification of authority of

person requesting certificate.

720.510            Certifications by subscriber.

720.520            Indemnification of certification

authority for certain losses or damages.

720.530            Private key: Promises and property

right of subscriber.

720.540            Publication of certificate by

Secretary of State or licensee.

CERTIFICATE: REVOCATION, SUSPENSION AND EXPIRATION

720.550            Revocation of certificate not

issued in accordance with requirements; suspension to conduct investigation;

notification of subscriber.

720.560            Order by Secretary of State to

revoke or suspend certificate; notification; compliance with order.

720.570            Suspension upon request by

appropriate person.

720.580            Termination of requested suspension.

720.590            Revocation of certificate by

certification authority upon receipt of request or certain information.

720.600            Notice of suspension or revocation.

720.610            Discharge of certification

authority or subscriber from responsibility for certain transactions.

RECOGNIZED REPOSITORIES

720.650            Designation.

720.660            Application for designation.

720.670            Operation.

720.680            Revocation of designation; notice

to licensee.

720.690            Cessation of operation.

720.700            State repository.

720.710            Liability of licensee.

USE AND EFFECT OF DIGITAL SIGNATURE

720.750            General provisions.

720.760            Public agency: Acceptance and use

of digital signature; confidentiality of private key.

720.770            Acceptance of digital signature as

acknowledgment; liability of certification authority.

720.780            Reasonable reliance on digital signature

or certificate.

720.790            Good faith of certification

authority, subscriber and recipient of digital signature.

ENFORCEMENT

720.800            Activities of certification

authority that create unreasonable risk prohibited; advisory statement from

Secretary of State.

720.810            Investigation of applicant; payment

of costs of investigation.

720.820            Examination and copying of records

of licensee.

720.830            Investigatory authority of

Secretary of State.

720.840            Payment of costs of investigation

of licensee.

720.850            Issuance of orders for enforcement.

PROCEEDINGS

720.900            Applicability of chapter 233B of NRS; request for

administrative hearing.

720.910            Persons permitted to appear in

representative capacity.

720.920            Rebuttable presumptions.

720.930            Filing of documents in electronic

form; service by electronic transmission.

720.940            Summary proceeding.

720.950            Emergency administrative

proceeding.

 

GENERAL PROVISIONS

      NAC 720.010  Definitions. (NRS 720.150)  As

used in this chapter, unless the context otherwise requires, the words and

terms defined in NRS 720.020 to 720.130, inclusive, and NAC 720.015 to 720.175,

inclusive, have the meanings ascribed to them in those sections.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.015  “Accept a certificate” defined. (NRS 720.150)  “Accept

a certificate” means to manifest approval of a certificate by using the

certificate or otherwise, with knowledge or notice of its contents.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.020  “Certification practice statement” defined. (NRS 720.150)  “Certification

practice statement” means a declaration that complies with the requirements of NAC 720.360.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.025  “Certify” defined. (NRS 720.150)  “Certify”

means, with reference to a certificate, to declare with ample opportunity to

reflect after apprising oneself of all material facts.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.030  “Confirm” defined. (NRS 720.150)  “Confirm”

means to ascertain through appropriate inquiry and investigation.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.035  “Disclosure record” defined. (NRS 720.150)  “Disclosure

record” means a publicly accessible record maintained by the Secretary of State

concerning a licensee that is available on-line through the Internet.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.040  “Electronic” defined. (NRS 720.150)  “Electronic”

means an electrical, digital, magnetic, optical, electromagnetic or similar

form of technology.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.045  “Electronic message” defined. (NRS 720.150)  “Electronic

message” means a record that is generated, communicated, received or stored by

electronic means for use in an information system or transmission between

separate information systems.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.050  “Foreign license” defined. (NRS 720.150)  “Foreign

license” means a license to conduct business as a certification authority

issued by a governmental entity outside of this State.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.055  “Hearing officer” defined. (NRS 720.150)  “Hearing

officer” means the Secretary of State or a hearing officer designated by the

Secretary of State.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.060  “Incorporate by reference” defined. (NRS 720.150)  “Incorporate

by reference” means to make a message a part of another message by identifying

the message to be incorporated and expressing the intention that it be

incorporated.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.065  “Issue a certificate” defined. (NRS 720.150)  “Issue

a certificate” means the creation of a certificate and notification of the

subscriber identified in the certificate of the contents of the certificate.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.070  “License” defined. (NRS 720.150)  “License”

means a license to conduct business as a certification authority issued by the

Secretary of State.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.075  “Licensee” defined. (NRS 720.150)  “Licensee”

means a certification authority who holds a license.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.080  “Notify” defined. (NRS 720.150)  “Notify”

means to communicate a fact to a person in a manner reasonably likely under the

circumstances to impart knowledge of the information to that person.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.085  “Official public business” defined. (NRS 720.150)  “Official

public business” means any legally authorized transaction or communication

between a public agency and any other person.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.090  “Operative personnel” defined. (NRS 720.150)  “Operative

personnel” means one or more natural persons acting as a certification

authority or his or her agent, or in the employment of or under contract with a

certification authority, who have:

     1.  Duties directly involving the issuance of

certificates or the creation of private keys;

     2.  Responsibility for the secure operation

of the system of computer hardware and software used by the certification

authority to conduct business as a certification authority or to operate a recognized

repository;

     3.  Direct responsibility, other than general

supervisory authority, for the establishment or adoption of policies regarding

the operation and security of the certification authority; or

     4.  Such other duties or responsibilities as the

Secretary of State determines to be significant to the operation of a

certification authority.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.095  “Person” defined. (NRS 720.150)  “Person”

means a natural person, any organization that is capable of signing a document,

either legally or as a matter of fact, a government, a governmental agency or a

political subdivision of a government.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.100  “Public agency” defined. (NRS 720.150)  “Public

agency” has the meaning ascribed to it in NRS 720.170.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.105  “Publish” defined. (NRS 720.150)  “Publish”

means to make information publicly available.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.110  “Recipient” defined. (NRS 720.150)  “Recipient”

means a person who:

     1.  Has received a certificate and a digital

signature that is verifiable with reference to the public key set forth in the

certificate; and

     2.  Is in a position to rely on the digital

signature.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.115  “Recognized certification authority” defined. (NRS 720.150)  “Recognized

certification authority” means the Secretary of State, a licensee or a

certification authority whose foreign license is recognized by the Secretary of

State pursuant to NAC 720.420.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.120  “Recognized repository” defined. (NRS 720.150)  “Recognized

repository” means the state repository or a repository designated by the

Secretary of State pursuant to NAC 720.650.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.125  “Recommended limit of reliance” defined. (NRS 720.150)  “Recommended

limit of reliance” means the monetary amount that a certification authority

recommends is the maximum amount upon which a certificate may be relied.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.130  “Repository” defined. (NRS 720.150)  “Repository”

means a system for storing and retrieving certificates and other information

relevant to digital signatures.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.135  “Revoke a certificate” defined. (NRS 720.150)  “Revoke

a certificate” means to make a certificate ineffective permanently from a

specified time forward through means of a notation on the certificate or the

inclusion of the certificate in a set of revoked certificates.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.140  “Rightfully hold a private key” defined. (NRS 720.150)  “Rightfully

hold a private key” means to hold a private key that:

     1.  Has not been disclosed by the holder of

the key or his or her agents to any person who is not authorized to use the

key; and

     2.  Has not been obtained by the holder of

the key through theft, deceit, eavesdropping or other unlawful means.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.145  “State repository” defined. (NRS 720.150)  “State

repository” means a repository operated pursuant to NAC

720.700.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.150  “Suitable insurance” defined. (NRS 720.150)  “Suitable

insurance” means insurance that satisfies the requirements of NAC 720.290.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.155  “Suspend a certificate” defined. (NRS 720.150)  “Suspend

a certificate” means to make a certificate ineffective temporarily for a

specified time forward.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.160  “Time stamp” defined. (NRS 720.150)  “Time

stamp” means:

     1.  A notation that:

     (a) Is digitally signed by a certification

authority;

     (b) Is appended or attached to a message, digital

signature or certificate; and

 

 

 

 

     (c) Indicates at least:

          (1) The date and time the notation was

appended or attached; and

          (2) The identity of the person appending or

attaching the notation; or

     2.  To append or attach such a notation to a

message, digital signature or certificate.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.165  “Transactional certificate” defined. (NRS 720.150)  “Transactional

certificate” means a certificate that is effective only for a specific

transaction or series of transactions specified or incorporated by reference in

the certificate.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.170  “Trustworthy system” defined. (NRS 720.150)  “Trustworthy

system” means a system of computer hardware and software that complies with the

requirements of NAC 720.300.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.175  “Valid certificate” defined. (NRS 720.150)  “Valid

certificate” means a certificate that:

     1.  Has been issued by a recognized

certification authority;

     2.  Has been accepted by the subscriber

identified in the certificate;

     3.  Has not been suspended or revoked; and

     4.  Has not expired.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.180  Purposes of chapter. (NRS 720.150)  The

purposes of this chapter are to:

     1.  Ensure that electronic messages with

digital signatures are not denied legal recognition solely because they are in

electronic form;

     2.  Facilitate commerce by means of reliable

electronic messages;

     3.  Establish procedures for the use of

digital signatures for official public business;

     4.  Provide persons who engage in commerce or

official public business with reasonable assurance of the integrity and

authenticity of electronic messages with digital signatures and that those

messages will not be repudiated;

     5.  Provide a mechanism for the licensing of

certification authorities and the recognition of repositories;

     6.  Minimize the incidence of forged digital

signatures and fraud in electronic commerce;

     7.  Provide for the legal implementation of

technical standards relating to electronic messages with digital signatures;

and

     8.  Coordinate, with other states and jurisdictions,

the establishment of uniform provisions regarding the authentication and

reliability of electronic messages.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.185  Construction. (NRS 720.150)  The

provisions of this chapter:

     1.  Must be construed in a manner that:

     (a) Is commercially reasonable under the

circumstances; and

     (b) Carries out the purposes of this chapter.

     2.  Must not be construed in such a manner as

to:

     (a) Require the Secretary of State to conduct any

business or take any other action as a certification authority;

     (b) Preclude a licensee from conforming to any

standards or requirements that are more stringent than, but nevertheless

consistent with, those provisions; or

     (c) Authorize the award of any punitive or

exemplary damages.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.190  Variation of certain provisions by agreement; remedies not

exclusive. (NRS

720.150)

     1.  Except as otherwise provided by a

specific provision of this chapter, the provisions of this chapter regarding

the issuance, acceptance, publication and use of a certificate may be varied by

agreement between the certification authority who issues the certificate and

the subscriber identified in the certificate.

     2.  The remedies provided pursuant to this

chapter are not exclusive and are in addition to any other remedies provided by

law, including, without limitation, any criminal prosecution pursuant to the

laws of this State or of the United States. Injunctive relief must not be

denied to a person regarding any conduct governed by the provisions of this

chapter solely because the conduct is or may be subject to criminal

prosecution.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.195  Severability of provisions. (NRS 720.150)  The

provisions of this chapter are hereby declared to be severable. If any of the

provisions of this chapter is held invalid, or if the application of any of

those provisions to any person, thing or circumstance is held invalid, that

invalidity does not affect any other provision of this chapter that can be

given effect without the invalid provision or application.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.200  Adoption by reference of standards. (NRS 720.150)  The

Secretary of State hereby adopts by reference:

     1.  The technical standards designated as X.509,

Version 3, as adopted by the International Telecommunication Union. A copy

of those standards may be obtained from the Office of the Secretary of State,

101 North Carson Street, Suite 3, Carson City, Nevada 89701-4786, for the price

of $22.50.

     2.  The provisions of the CSPP - Guidance

for COTS Security Protection Profiles, Version 1.0, as developed by the

National Institute of Standards and Technology of the Technology Administration

of the United States Department of Commerce. A copy of those provisions may be

obtained from the Office of the Secretary of State, 101 North Carson Street,

Suite 3, Carson City, Nevada 89701-4786, for the price of $9.50.

     3.  The provisions of the WebTrust Program

for Certification Authorities, Version 1.0, as developed by the American

Institute of Certified Public Accountants and the Canadian Institute of

Chartered Accountants. A copy of those provisions may be obtained from the

Office of the Secretary of State, 101 North Carson Street, Suite 3, Carson

City, Nevada 89701-4786, for the price of $9.50.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99;

A by R040-03, 12-4-2003)

      NAC 720.205  Confidentiality of information. (NRS 720.150)

     1.  Except as otherwise provided in

subsection 2 or required by a court order, any:

     (a) Trade secret, as that term is defined in NRS 600A.030;

     (b) Information regarding the design, security or

programming of a computer system used for the licensing or operation of a

certification authority or repository pursuant to this chapter; or

     (c) Information that identifies a private key held

by a subscriber,

Ê which is in

the possession of the Secretary of State or Division of Enterprise Information

Technology Services of the Department of Administration for the purposes of

this chapter, or an auditor conducting an audit pursuant to NAC 720.320, shall be deemed confidential and must not

be made available for public disclosure, inspection or copying.

     2.  For the purposes of an audit conducted

pursuant to NAC 720.320, a licensee shall provide

the auditor with any information in his or her possession that is relevant to

the audit, including any information that is deemed confidential pursuant to

subsection 1.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

LICENSING AND OPERATION OF CERTIFICATION AUTHORITY

      NAC 720.250  Qualifications for license; period of validity of license. (NRS 720.150)

     1.  To qualify for a license, a certification

authority must:

     (a) Use a secure method for limiting access to the

private key of the certification authority;

     (b) Maintain an office or registered agent for

service of process in this State; and

     (c) Comply with the provisions of this chapter and chapter 720 of NRS.

     2.  The issuance or renewal of a license is

valid for 1 year unless the license is suspended, revoked or otherwise

terminated at an earlier date. The Secretary of State may notify a licensee

before his or her license is due to expire, but any failure to do so does not

excuse a licensee from failing to renew the license within that period.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.260  Issuance of license to governmental entity. (NRS 720.150)

     1.  Except as otherwise provided in this

section, the Secretary of State will not issue a license to any governmental entity.

     2.  The Secretary of State may issue a

license to the Division of Enterprise Information Technology Services of the

Department of Administration. For the purposes of this chapter, the Division is

not required to:

     (a) Obtain or submit proof that the Division has

suitable insurance; or

     (b) Pay any of the amounts otherwise required

pursuant to NAC 720.430, 720.810

or 720.840.

     3.  If the Division of Enterprise Information

Technology Services obtains a license, the Division may issue a certificate

only:

     (a) For a subscriber who is a public agency; or

     (b) For the conduct of official public business by

any other person.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.270  Prerequisites to issuance and renewal of license. (NRS 720.150)  Except

as otherwise provided in NAC 720.260, the Secretary

of State may issue a license to, or renew the license of, a certification

authority who meets the qualifications for a license set forth in NAC 720.250 and submits to the Secretary of State:

     1.  A completed application that complies

with the requirements of NAC 720.280.

     2.  The amounts required pursuant to NAC 720.430 and 720.810.

     3.  Proof of his or her identity or, if the

certification authority is a business entity, proof of existence and good

standing of the certification authority in the following form:

     (a) If the certification authority is formed,

incorporated, organized, registered, qualified to transact business or

otherwise created in the State of Nevada pursuant to the provisions of title 7

of NRS, a certificate of existence and good standing from the Secretary of

State. To comply with the provisions of this paragraph, the certification

authority must submit a separate application to the Secretary of State to

receive a certificate of existence and good standing.

     (b) If the certification authority is formed,

incorporated, organized, registered, qualified to transact business or

otherwise created in a state or territory other than the State of Nevada, in

the District of Columbia, in a possession of the United States or in a foreign

country, a certificate of existence and good standing if the jurisdiction has

such a certificate, or an equivalent form signifying that the certification

authority has been formed, incorporated, organized, registered, qualified to

transact business or otherwise created in that jurisdiction from the

appropriate governmental agency of each jurisdiction in which the certification

authority is formed, incorporated, organized, registered, qualified to transact

business or otherwise created.

     4.  Proof that he or she has suitable

insurance.

     5.  A report of an audit of the policies,

practices, procedures, facilities and computer hardware and software of the

applicant which:

 

 

     (a) Establishes that the applicant operates a

trustworthy system; and

     (b) Was obtained pursuant to an audit performed in

compliance with the requirements of NAC 720.320 and

720.330, except that the audit and report required

for the initial issuance of a license is not required to include any matters

other than compliance with the requirements of paragraph (a).

     6.  The documentation required pursuant to NAC 720.340.

     7.  A certification practice statement that

complies with the requirements of NAC 720.360.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99;

A by R040-03, 12-4-2003)

      NAC 720.280  Application for license. (NRS 720.150)  An

application for the issuance or renewal of a license must be on a form

prescribed by the Secretary of State and include:

     1.  The name of the applicant;

     2.  The mailing address and, if different,

the physical address of the applicant;

     3.  The telephone number of the applicant;

     4.  The electronic mail address of the

applicant;

     5.  The name and address of the registered

agent in this State for service of process upon the applicant, including the

physical address and, if different, the mailing address; and

     6.  The names of all operative personnel of

the applicant.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.290  Insurance: Minimum requirements; proof. (NRS 720.150)

     1.  Except as otherwise provided in NAC 720.260, a licensee shall maintain a policy of

insurance issued by an insurance company authorized to do business in this

State, which:

     (a) Provides the licensee with coverage for:

          (1) Professional liability in an amount of not

less than $5,000,000; and

          (2) Commercial general liability in an amount

of not less than $10,000,000; and

     (b) Contains a provision that requires the

insurance company to notify the Secretary of State at least 30 days before

cancellation or nonrenewal of the policy.

     2.  For the purposes of this chapter, proof

of the policy of insurance required by subsection 1 must:

     (a) Be in a form that is prescribed or approved by

the Secretary of State;

     (b) Identify the insurance company by name, mailing

address and physical address, and include the number or a copy of the document

authorizing the insurance company to do business in this State; and

     (c) Identify the licensee for whom the policy is

issued.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.300  Trustworthy system: Minimum requirements. (NRS 720.150)  A

licensee shall maintain such policies, practices, procedures and facilities as

are necessary to ensure that his or her system of computer hardware and

software:

     1.  Is reasonably secure from intrusion and

misuse;

     2.  Provides a reasonable level of

availability, reliability and correct operation;

     3.  Is reasonably suited to performing its

intended functions; and

     4.  Is in material compliance with the

provisions of the CSPP - Guidance for COTS Security Protection Profiles,

Version 1.0 and the WebTrust Program for Certification Authorities,

Version 1.0, as adopted by reference pursuant to NAC

720.200. The Secretary of State will determine whether compliance is

material:

     (a) In accordance with the provisions of this

chapter; and

     (b) In a manner that is consistent with state and

federal law and reasonable for the context in which the system is used.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99;

A by R040-03, 12-4-2003)

 

      NAC 720.310  Trustworthy system: Use. (NRS 720.150)  A

licensee shall use only a trustworthy system to:

     1.  Issue, suspend or revoke a certificate;

and

     2.  Publish in a recognized repository or

otherwise give notice of the issuance, suspension or revocation of a

certificate.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.320  Compliance audit: Performance; report to Secretary of State. (NRS 720.150)

     1.  A licensee shall obtain an audit at least

once each year to receive an opinion as to whether the licensee is in material

compliance with the requirements of this chapter. If the Secretary of State has

designated a repository operated by the licensee as a recognized repository,

the audit must include the operation of the recognized repository.

     2.  The auditor shall exercise reasonable

professional judgment in determining whether a condition that is not in strict

compliance with the requirements of this chapter is material, taking into

consideration the particular circumstances and context. In addition to any

other conditions the auditor determines to be material, the auditor shall

consider as material:

     (a) Any condition relating to the validity of a

certificate that does not comply with the requirements of this chapter.

     (b) Noncompliance with the requirements of NAC 720.350.

     (c) Noncompliance with the provisions of this

chapter regarding the use of a trustworthy system.

     3.  The licensee must file a copy of the

audit report with the Secretary of State before his or her license may be

renewed. The report may be filed electronically if the electronic message

complies with the requirements of this chapter. The licensee is not required to

file the complete audit report if he or she files a summary of the report that:

     (a) States the target of evaluation of the audit;

     (b) Describes all audit exceptions and conditions

of noncompliance included in the complete report, including, without

limitation, any conditions described in subsection 2; and

     (c) Bears the signature of the auditor.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.330  Compliance audit: Qualifications of auditor. (NRS 720.150)  Each

audit required pursuant to NAC 720.320 must be

performed by a certified public accountant who:

     1.  Is certified pursuant to chapter 628 of NRS or a similar law of

another jurisdiction; and

     2.  Holds or, for the purpose of the audit,

employs, contracts with or associates with a person who holds a current

certification as:

     (a) A certified information systems auditor issued

by the Information Systems Audit and Control Association; or

     (b) A certified information systems security

professional issued by the International Information Systems Security

Certification Consortium.

Ê The audit

report or a letter accompanying that report must disclose the name of each

person who possesses the certification required pursuant to this section.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.340  Qualifications of operative personnel. (NRS 720.150)

     1.  An applicant for the issuance or renewal

of a license must submit to the Secretary of State such documentation as the Secretary

of State requires to ensure that all operative personnel of the applicant are

qualified to act in that capacity. The documentation must include, for each

person who acts in that capacity:

     (a) A declaration, executed by the person under

penalty of perjury, that:

          (1) Specifies the person’s name, including all

names by which he or she has been known in the past, his or her date of birth

and his or her business address; and

          (2) Specifies each country, other than the

United States, in which the person resided during the past 5 years and states

the period of that residency;

     (b) Two sets of fingerprint cards that have been

completed by a recognized law enforcement agency;

     (c) An executed Law Enforcement Record Form No.

3321-SA or equivalent authorization for the release of information contained in

records of law enforcement;

     (d) Written authorization for the Secretary of

State to submit the fingerprint cards to the Central Repository for Nevada

Records of Criminal History for further submission to the Federal Bureau of

Investigation and to receive reports regarding the criminal histories of the

subjects of the fingerprint cards; and

     (e) The amount of the fees charged by any local

agencies of law enforcement, the Central Repository for Nevada Records of

Criminal History and the Federal Bureau of Investigation for the handling of

the fingerprint cards and issuance of the reports of criminal histories.

     2.  For the issuance or renewal of a license,

the reports received pursuant to subsection 1 must indicate that the applicant

and all operative personnel of the applicant:

     (a) Have not been convicted in any jurisdiction

during the 7 years immediately preceding the date the application for the

issuance or renewal of a license is submitted of any felony; and

     (b) Have never been convicted in any jurisdiction

of a crime involving fraud, deception or a false statement.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99;

A by R040-03, 12-4-2003)

      NAC 720.350  Persons convicted of certain crimes not to act as operative

personnel. (NRS

720.150)

     1.  A licensee shall not allow any person to

undertake any of the responsibilities or duties of his or her operative

personnel if the licensee knows or, based upon the records provided to the

Secretary of State pursuant to NAC 720.340, should

know that the person:

     (a) Has been convicted in any jurisdiction during

the 7 years immediately preceding the date the application for the issuance or

renewal of a license is submitted of any felony; or

     (b) Has ever been convicted in any jurisdiction of

a crime involving fraud, deception or a false statement.

     2.  If a licensee discovers that a person who

has undertaken any of the responsibilities or duties of his or her operative

personnel has been convicted as described in subsection 1, the licensee shall:

     (a) Immediately remove the person from that

position; and

     (b) Within 3 business days after making that

discovery, notify the Secretary of State of his or her action to remove the

person from that position.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99;

A by R040-03, 12-4-2003)

      NAC 720.360  Certification practice statement: Filing and publication;

contents. (NRS

720.150)  A

licensee shall file with the Secretary of State and publish a certification

practice statement that includes, without limitation:

     1.  A description of the policies, practices

and procedures of the licensee for the creation, issuance, distribution,

management, storage, suspension, revocation and renewal of certificates;

     2.  If certificates are issued by class, the

necessary criteria for each class, including the methods for identifying

subscribers applicable to each class;

     3.  A written description of all

representations required by the licensee from a subscriber regarding the

responsibility of the subscriber to protect his or her private key; and

     4.  A disclosure of any:

     (a) Warnings, limitations on liability, disclaimers

of warranty and provisions for indemnity and holding harmless upon which the

licensee intends to rely;

     (b) Disclaimers and limitations on obligations,

losses or damages to be asserted by the licensee; and

 

     (c) Mandatory procedures for the resolution of

disputes, including any provisions regarding the choice of forum or applicable

law.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.370  Disclosure records: Publication and updating by Secretary of

State. (NRS

720.150)

     1.  The Secretary of State will publish a

disclosure record for each licensee that includes, without limitation:

     (a) The name, mailing address, telephone number and

electronic mail address of the insurance company that issued suitable insurance

for the licensee;

     (b) A copy of the most recent certification

practice statement filed with the Secretary of State by the licensee pursuant

to this chapter;

     (c) A copy of the summary or report of the most

recent audit of the licensee filed with the Secretary of State pursuant to this

chapter;

     (d) Information regarding the current status of the

license, including a disclosure of any suspension or revocation and, if a

suspension or revocation is currently pending proceedings for administrative or

judicial review, a statement of that fact;

     (e) A statement of whether a repository operated by

the licensee has been designated as a recognized repository and information

sufficient to locate or identify any repository the licensee operates or

otherwise uses;

     (f) A list of all judgments regarding the licensee

filed with the Secretary of State pursuant to NAC

720.410 within the past 5 years; and

     (g) Any other information required by this chapter.

     2.  The Secretary of State will update a

disclosure record when he or she discovers that any information contained in

the disclosure record has changed or is no longer accurate.

     3.  In carrying out this section, the

Secretary of State will rely on records received by his or her office and is

not obligated to conduct any investigation or other inquiry regarding the

information contained in those records.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.380  Imposition of restrictions on operation of licensee. (NRS 720.150)  The

Secretary of State may:

     1.  As a condition to the issuance and

retention of a license, impose any restrictions on the operation of the

licensee as he or she deems appropriate; and

     2.  Maintain in his or her file for the

licensee a written record of the basis for imposing the restrictions.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.390  Creation and retention of records by licensee. (NRS 720.150)

     1.  A licensee shall:

     (a) Create and retain such records as are necessary

for the licensee to demonstrate compliance with this chapter.

     (b) Retain each notice of the suspension or

revocation of a certificate given by the licensee pursuant to NAC 720.600.

     (c) Create and retain a database that contains a

record of the identity of each subscriber named in a certificate issued by the

licensee, which must include the number and date of issuance of the certificate

and each fact represented in the certificate.

     (d) Create and retain a database that contains a

record of each time stamp the licensee appends or attaches to a message,

digital signature or certificate, which must include sufficient information to

identify the relevant subscriber and message, digital signature or certificate.

     2.  The records required pursuant to:

     (a) Paragraphs (a) and (b) of subsection 1 must be

retained for not less than 5 years.

     (b) Paragraph (c) of subsection 1 must be retained

for not less than 10 years after the date the certificate expires or is

revoked.

     (c) Paragraph (d) of subsection 1 must be retained

for not less than 10 years after the date the time stamp is appended or

attached.

     3.  The records required pursuant to

subsection 1 must be:

     (a) Set forth on paper, retrievable from a computer

or created and retained in any other form authorized by the State Library and

Archives Administrator pursuant to NRS

378.255 or 378.280 for the

retention of records; and

     (b) Indexed, stored, preserved and reproduced in

such a manner as to remain accurate, complete and accessible to an auditor.

     4.  This section does not require the

inclusion of:

     (a) Any of the extensions of data specified in

section 4.2 of the technical standards designated as X.509, Version 3,

as adopted by reference pursuant to NAC 720.200; or

     (b) Any information that would compromise the

security of the licensee, in any record that is publicly accessible.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.400  Duties of licensee discontinuing services as certification

authority. (NRS

720.150)  A

licensee who intends to discontinue providing services as a certification

authority shall:

     1.  Before discontinuing those services,

notify the subscribers identified in all valid certificates issued by the

licensee;

     2.  Take such commercially reasonable efforts

as are necessary to minimize disruption to those subscribers and to persons who

rely on those certificates; and

     3.  Make reasonable arrangements for the

preservation of the records of the licensee relating to his or her services as

a certification authority. If the licensee is unable to make other reasonable

arrangements for the preservation of those records, the licensee shall:

     (a) Revoke all valid certificates the licensee has

issued and return all his or her records regarding those certificates to the

appropriate subscribers; or

     (b) Submit those records to such other licensees as

the Secretary of State designates for that purpose.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.410  Filing of judgments against licensees; scope of liability of

recognized certification authority. (NRS 720.150)

     1.  A licensee shall file with the Secretary

of State a certified copy of each judgment entered against the licensee for

damages resulting from any acts of the licensee within the scope of his or her

activities as a certification authority.

     2.  Except as otherwise provided in this

chapter, a recognized certification authority is not liable for:

     (a) Any damages incurred by a person who relies on

a certificate issued by the certification authority, or on any representation

contained in the certificate which the certification authority is required to

confirm, that exceed any recommended limit of reliance clearly specified in the

certificate and in the last certification practice statement filed by the

certification authority with the Secretary of State pursuant to this chapter

before the reliance occurred.

     (b) Any loss caused by the failure of the

certification authority to comply with any provision of this chapter regarding

the issuance of a certificate, in excess of any recommended limit of reliance

specified in the certificate.

     (c) Any loss caused by the reliance of a person on

a false or forged digital signature of a subscriber identified in a certificate

issued by the certification authority if the certification authority complied

with all the material requirements of this chapter regarding the certificate.

This subsection does not relieve a certification authority from liability for

any failure to act in good faith or for the breach of any promise, warranty or

certification provided pursuant to NAC 720.480 or 720.490.

     (d) Any punitive or exemplary damages resulting

from the reliance of a person on a certificate issued by the certification

authority.

     (e) Any damages for pain and suffering resulting

from the reliance of a person on a certificate issued by the certification

authority.

     3.  A recognized certification authority may

waive any of the provisions of subsection 2.

     4.  A recognized certification authority may

liquidate, limit, alter or exclude liability for any consequential or

incidental damages resulting from the reliance of a person on a certificate

issued by the certification authority by:

     (a) Agreement with the person who incurs the loss;

or

     (b) Notification of the person who incurs the loss,

before he or she relies on the certificate, of the liquidation, limitation,

alteration or exclusion,

Ê if the

liquidation, limitation, alteration or exclusion is not unconscionable.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.420  Recognition of foreign license. (NRS 720.150)

     1.  The Secretary of State may recognize a

foreign license, in whole or in part, if:

     (a) The certification authority who holds the

foreign license, in addition to complying with any other legal requirements for

the transaction of business in this State, submits to the Secretary of State:

          (1) An application for the recognition of his

or her foreign license;

          (2) A certified copy of his or her foreign

license; and

          (3) The amounts required pursuant to NAC 720.430 and 720.810;

and

     (b) The Secretary of State determines that the

governmental entity that issued the foreign license imposes requirements

substantially similar to the requirements of this chapter.

     2.  The Secretary of State will determine

that the requirements of a governmental entity are substantially similar to the

requirements of this chapter if, in addition to any other factors the Secretary

of State deems to be material, the governmental entity requires that a

certification authority must, as a condition to holding the foreign license:

     (a) Issue certificates:

          (1) Based upon an asymmetric cryptosystem; and

          (2) Using a trustworthy system;

     (b) Maintain a policy of insurance which provides

not less than the minimum amounts of coverage required by NAC 720.290;

     (c) Employ as operative personnel only persons who

have not been convicted of a felony within the past 7 years and have never been

convicted of a crime involving fraud, deception or a false statement; and

     (d) Comply with a legally established system for

the enforcement of the requirements of that governmental entity regarding

digital signatures.

     3.  The Secretary of State will:

     (a) Make available, upon request, a list of the

governmental entities that the Secretary of State has determined meet the

requirements of subsection 2; and

     (b) Consider a governmental entity for addition to

that list upon:

          (1) The request of the governmental entity or

a certification authority licensed by the governmental entity; and

          (2) The receipt of a copy of the licensing

requirements of the governmental entity, together with an English translation

if it is in a foreign language.

     4.  The recognition of a foreign license

pursuant to this section is valid:

     (a) Until the foreign license expires or otherwise

becomes invalid; or

     (b) For 1 year,

Ê whichever

period is less.

     5.  The provisions of this section do not

prohibit a certification authority who holds a foreign license from obtaining a

license pursuant to the other provisions of this chapter.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.430  Licensing fees. (NRS 720.150, 720.180)  The

Secretary of State will charge, in addition to any other amounts required

pursuant to this chapter, the following licensing fees:

     1.  For the issuance or renewal of a license,

$1,000.

     2.  For the recognition of a foreign license,

$1,000.

     3.  For the designation of a repository as a

recognized repository, $1,000.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

CERTIFICATE: ISSUANCE AND PUBLICATION

      NAC 720.450  Prerequisites to issuance of certificate to subscriber. (NRS 720.150)

     1.  A certification authority may issue a

certificate to a subscriber only after the certification authority has:

     (a) Received a request for the issuance of a

certificate signed by the prospective subscriber; and

     (b) Confirmed, which must include requiring a

subscriber and the subscriber’s agent or agents to certify the accuracy of

relevant information under penalty of perjury, that:

          (1) The prospective subscriber is the person

to be identified in the requested certificate;

          (2) The prospective subscriber rightfully

holds a private key which:

               (I) Is capable of creating a digital

signature; and

               (II) Corresponds to the public key to be

set forth in the requested certificate;

          (3) The public key to be set forth in the

requested certificate can be used to verify a digital signature affixed by the

private key held by the prospective subscriber;

          (4) The information to be included in the

requested certificate is accurate;

          (5) The requested certificate provides

sufficient information to locate or identify one or more repositories in which

the certificate will be stored and, if the certificate is suspended or revoked,

notice of the suspension or revocation will be published; and

          (6) If the prospective subscriber is acting

through one or more agents, the prospective subscriber has:

               (I) Authorized the agent or agents to

have custody of his or her private key, to request the issuance of a

certificate setting forth the corresponding public key and to sign digitally on

behalf of the prospective subscriber; and

               (II) Ensured that adequate safeguards

exist to prevent the creation of a digital signature that exceeds any

limitations on the authority of the agent or agents.

     2.  A certification authority shall, when

seeking to obtain any other information material to the issuance of a

certificate, require the subscriber and the subscriber’s agent or agents to

certify the accuracy of relevant information under penalty of perjury.

     3.  The provisions of this section may not be

waived, disclaimed or otherwise limited by agreement.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.460  Confirmation of identity of prospective subscriber. (NRS 720.150)

     1.  When carrying out the provisions of NAC 720.450 requiring a certification authority to

confirm that a prospective subscriber is the person to be identified in a

requested certificate, a certification authority shall make such an inquiry

into the identity of the prospective subscriber as is reasonable based upon:

     (a) Any representations the certification authority

will make regarding the reliability of the certificate, including any

recommended limit of reliance;

     (b) Any recommendations the certification authority

will make regarding the use or application of the certificate; and

     (c) Whether the certificate will be a transactional

certificate.

     2.  If the prospective subscriber appears

before the certification authority and presents a current:

     (a) Identifying document issued by or under the

authority of the United States or another country; or

     (b) Driver’s license or other identifying document

issued by a state of the United States,

Ê which is

reviewed and accepted by a notary public or any operative personnel of the

certification authority, there is a rebuttable presumption that the

certification authority has confirmed that the prospective subscriber is the person

to be identified in the requested certificate.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.470  Contents of certificate. (NRS 720.150)  A

certificate:

     1.  Must indicate the date upon which the

certificate expires.

     2.  May include, without limitation, any

disclaimers and limitations on obligations, losses or damages to be asserted by

the certification authority who issues the certificate.

     3.  Must comply with the standards for basic

certificate fields specified in section 4.1 of the technical standards

designated as X.509, Version 3, as adopted by reference pursuant to NAC 720.200, except that fields are not required for

extensions of data. If fields are used for extensions of data:

     (a) The use must conform to the guidelines

specified in sections 4.1.2.1 and 4.2 of the technical standards designated as X.509,

Version 3, as adopted by reference pursuant to NAC

720.200; and

     (b) The fields may be displayed on the certificate.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.480  Warranties, promises and certifications by Secretary of State. (NRS 720.150)  Except

as otherwise provided in NAC 720.610, if the

Secretary of State:

     1.  Issues a certificate, the Secretary of

State:

     (a) Warrants to the subscriber named in the

certificate that the certificate:

          (1) Contains no information known by the

Secretary of State to be false; and

          (2) Satisfies all material requirements of

this chapter.

     (b) Promises to the subscriber named in the

certificate:

          (1) To act promptly to suspend or revoke a

certificate in accordance with this chapter; and

          (2) To notify the subscriber within a

reasonable time of any facts known to the Secretary of State that significantly

affect the validity or reliability of the certificate after issuance.

     2.  Issues and publishes a certificate, the

Secretary of State certifies to all persons who reasonably rely on the

information contained in the certificate or on a digital signature verifiable

by the public key set forth in the certificate that:

     (a) The Secretary of State has issued the

certificate to the subscriber;

     (b) The subscriber has accepted the certificate;

     (c) The information in the certificate identified

as confirmed by the Secretary of State was accurate when the certificate was

issued; and

     (d) All information foreseeably material to the

reliability of the certificate is stated or incorporated by reference in the

certificate.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.490  Warranties, promises and certifications by other certification

authorities. (NRS

720.150)

     1.  Except as otherwise provided in NAC 720.480 and 720.610, a

certification authority:

     (a) By issuing a certificate:

          (1) Warrants to the subscriber named in the

certificate that:

               (I) The certificate contains no

information known by the certification authority to be false;

               (II) The certificate satisfies all

material requirements of this chapter; and

               (III) The certification authority has not

exceeded any limitations on his or her authority in issuing the certificate.

          (2) Promises to the subscriber named in the

certificate, unless the certification authority and subscriber agree otherwise:

               (I) To act promptly to suspend or revoke

a certificate in accordance with this chapter; and

               (II) To notify the subscriber within a

reasonable time of any facts known to the certification authority that

significantly affect the validity or reliability of the certificate after

issuance.

          (3) Certifies to all persons who reasonably

rely on the information contained in the certificate or on a digital signature

verifiable by the public key set forth in the certificate that:

               (I) The subscriber has accepted the

certificate;

               (II) The information in the certificate

identified as confirmed by the certification authority was accurate when the

certificate was issued;

               (III) All information foreseeably

material to the reliability of the certificate is stated or incorporated by

reference in the certificate; and

               (IV) The certification authority has

complied with all applicable laws and regulations of this State governing the

issuance of the certificate.

     (b) By publishing a certificate, certifies to the

repository where the certificate is published and to all persons who reasonably

rely on the information contained in the certificate that the certification

authority has issued the certificate to the subscriber.

     2.  Except as otherwise provided in this

section, the provisions of this section may not be waived, disclaimed or

otherwise limited by agreement.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.500  Certification of authority of person requesting certificate. (NRS 720.150)

     1.  Except as otherwise provided in NAC 720.610, by requesting the issuance of a

certificate as an agent of the subscriber to be identified in the certificate,

the person requesting the certificate certifies to all persons who reasonably

rely on the information contained in the certificate that he or she has the

legal authority to:

     (a) Apply for the issuance of the certificate; and

     (b) Sign digitally on behalf of the subscriber and

that, if this authority is limited in any way, adequate safeguards exist to

prevent the creation of a digital signature that exceeds the limitations on his

or her authority.

     2.  No person may waive, disclaim or

otherwise limit by agreement or obtain indemnity from the provisions of this

section in such a manner as to limit his or her liability for any

misrepresentation of fact to any person who reasonably relies on a certificate.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.510  Certifications by subscriber. (NRS 720.150)

     1.  Except as otherwise provided in NAC 720.610, by accepting a certificate, the

subscriber identified in the certificate certifies to all persons who

reasonably rely on the information contained in the certificate that:

     (a) The subscriber rightfully holds the private key

that corresponds to the public key set forth in the certificate;

     (b) All representations made by the subscriber to

the certification authority who issued the certificate which are material to

the information set forth in the certificate are true; and

     (c) All material representations included in the

certificate and not confirmed by the certification authority are true.

     2.  No person may waive, disclaim or

otherwise limit by agreement or obtain indemnity from the provisions of this

section in such a manner as to limit his or her liability for any

misrepresentation of fact to any person who reasonably relies on a certificate.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.520  Indemnification of certification authority for certain losses or

damages. (NRS

720.150)

     1.  Except as otherwise provided in NAC 720.610, by accepting a certificate, the

subscriber identified in the certificate and any agent of the subscriber who

requested the issuance of the certificate promise to indemnify the

certification authority who issued the certificate for any loss or other damage

resulting from the issuance or publication of the certificate in reliance upon

any:

     (a) Misrepresentation of a material fact by the

subscriber or an agent of the subscriber; or

     (b) Failure by the subscriber or an agent of the

subscriber to disclose a material fact,

Ê if the

misrepresentation or failure to disclose was negligent or intended to deceive

the certification authority or a person relying on the certificate.

     2.  The provisions of this section may not be

waived, disclaimed or otherwise limited by agreement, but consistent,

additional terms may be provided by agreement.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.530  Private key: Promises and property right of subscriber. (NRS 720.150)

     1.  Except as otherwise provided in

subsection 2, by accepting a certificate, the subscriber identified in the

certificate promises to exercise reasonable care to retain control of the

corresponding private key and prevent its disclosure to any person who is not

authorized to create the digital signature of the subscriber until:

     (a) The expiration of the certificate;

     (b) Notice of the revocation of the certificate is

published pursuant to NAC 720.600; or

     (c) One business day after the subscriber has

submitted to the certification authority who issued the certificate a written

request for the revocation of the certificate and such evidence as is

reasonably sufficient to confirm that the person requesting the revocation is

the subscriber or an agent of the subscriber who is authorized to make the

request,

Ê whichever

occurs first.

     2.  By accepting a transactional certificate,

the subscriber identified in the certificate promises to exercise reasonable

care to retain control of the corresponding private key and prevent its

disclosure to any person who is not authorized to create the digital signature

of the subscriber until:

     (a) The expiration of the certificate; or

     (b) Notice of the revocation of the certificate is

published pursuant to NAC 720.600,

Ê whichever

occurs first.

     3.  The provisions of subsections 1 and 2 may

not be waived, disclaimed or otherwise limited by agreement.

     4.  A private key is the personal property of

the subscriber who rightfully holds the private key.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.540  Publication of certificate by Secretary of State or licensee. (NRS 720.150)

     1.  If the Secretary of State issues a

certificate and:

     (a) The subscriber accepts the certificate, the

Secretary of State will publish a signed copy of the certificate in a

recognized repository.

     (b) The subscriber does not accept the certificate,

the Secretary of State will not publish the certificate or, if the Secretary of

State has already published the certificate, will cancel that publication.

     2.  If a licensee issues a certificate and:

     (a) The subscriber accepts the certificate, the

licensee shall, except as otherwise provided by agreement between the licensee

and subscriber:

          (1) Publish the certificate in compliance with

any applicable policies for the publication of certificates contained in the

certification practice statement of the licensee; or

          (2) If the licensee has not included in his or

her certification practice statement any applicable policies for the

publication of certificates, publish a signed copy of the certificate in a

recognized repository agreed upon by the licensee and subscriber.

     (b) The subscriber does not accept the certificate,

the licensee shall not publish the certificate or, if the licensee has already

published the certificate, shall cancel that publication.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

CERTIFICATE: REVOCATION, SUSPENSION AND EXPIRATION

      NAC 720.550  Revocation of certificate not issued in accordance with

requirements; suspension to conduct investigation; notification of subscriber. (NRS 720.150)

     1.  If a certification authority confirms

that a certificate he or she has issued was not issued in accordance with the

requirements of NAC 720.450, the certification

authority shall immediately revoke the certificate.

     2.  A certification authority may suspend a

certificate he or she has issued for such a period, not to exceed 5 business

days, as is necessary for the certification authority to conduct an

investigation to confirm any grounds for revocation of the certificate pursuant

to subsection 1.

     3.  A certification authority shall notify

the subscriber as soon as practicable after the certification authority

determines to suspend or revoke a certificate pursuant to this section.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.560  Order by Secretary of State to revoke or suspend certificate;

notification; compliance with order. (NRS 720.150)

     1.  The Secretary of State may:

     (a) Order a certification authority to revoke a

certificate the certification authority has issued if, after providing the

certification authority and subscriber with notice of the proposed order and an

opportunity to be heard on the matter, the Secretary of State determines that:

          (1) The certificate was issued without

substantial compliance with the provisions of this chapter; and

          (2) The noncompliance poses a significant risk

to persons who may reasonably rely on the certificate.

     (b) Without a prior hearing, order a certification

authority to suspend, for not more than 5 business days, a certificate the

certification authority has issued if the Secretary of State determines that an

emergency requires an immediate remedy. If the certification authority:

          (1) Is a licensee, the Secretary of State will

mail a copy of the order, together with a summary of the facts upon which he or

she based his or her determination, to the licensee at the mailing address or

electronic mail address of the licensee specified on the application for the

license; or

          (2) Is not a licensee, the Secretary of State

will provide the certification authority with notice of the order in such a

manner as is reasonable under the circumstances.

Ê After issuing

an order pursuant to this paragraph, the Secretary of State will proceed as

quickly as feasible to complete the proceedings in the manner otherwise

provided pursuant to the provisions of chapter

233B of NRS.

     2.  A certification authority shall comply

with any order issued by the Secretary of State pursuant to this section within

24 hours after the certification authority receives the order.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.570  Suspension upon request by appropriate person. (NRS 720.150)

     1.  Except as otherwise provided in this

section, a certification authority shall, within 24 hours after the receipt of

all information he or she requires pursuant to this subsection, suspend a

certificate the certification authority has issued, for not more than 5

business days, if the suspension is requested by a person whom the

certification authority reasonably believes to be an appropriate person. The

certification authority is not required to confirm that the person requesting

the suspension is an appropriate person, but may require the person to provide

evidence, which may include a statement given under oath or affirmation, that

the person is an appropriate person.

     2.  A person who requests the suspension of a

certificate pursuant to subsection 1 shall not misrepresent his or her identity

or authority to request the suspension.

     3.  The subscriber identified in a

certificate may agree with the certification authority who issues the

certificate to limit or preclude the suspension of the certificate pursuant to

subsection 1, except that such an agreement is effective only if notice of the

agreement is published in the certificate or in the certification practice

statement of the certification authority.

     4.  A certification authority may not suspend

a transactional certificate pursuant to this section.

     5.  As used in this section, “appropriate

person” means the subscriber named in a certificate or a person authorized to

act on his or her behalf.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.580  Termination of requested suspension. (NRS 720.150)  Except

as otherwise agreed by a subscriber and certification authority, the

certification authority shall terminate the suspension of a certificate

pursuant to NAC 720.570 if:

     1.  The termination is requested by a person

who the certification authority confirms is the subscriber named in the

suspended certificate or an agent of the subscriber who is authorized to

request the termination; or

     2.  The certification authority discovers and

confirms that the request for suspension was made without the authorization of

the subscriber. This subsection does not require a certification authority to

confirm a request for the suspension of a certificate pursuant to NAC 720.570.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.590  Revocation of certificate by certification authority upon receipt

of request or certain information. (NRS 720.150)

     1.  Except as otherwise provided in

subsection 2, a certification authority shall revoke a certificate he or she

has issued:

     (a) Within 1 business day after the certification

authority receives:

          (1) A written request for the revocation from

the subscriber named in the certificate or an agent of the subscriber who is

authorized to request the revocation; and

          (2) Such evidence as is reasonably sufficient

to confirm that the person requesting the revocation is the subscriber or an

agent of the subscriber who is authorized to make the request;

     (b) Upon receiving a certified copy of the death

certificate of the subscriber or confirming by other evidence that the

subscriber is dead; or

     (c) Upon receiving documents effecting the

dissolution of the subscriber or confirming by other evidence that the

subscriber has been dissolved or otherwise ceases to exist, except that the

certification authority is not required to revoke the certificate if he or she

ascertains, before completing the revocation of the certificate, that the

dissolution has been rescinded or that the existence of the subscriber has

otherwise been restored.

     2.  A certification authority may not revoke

a transactional certificate pursuant to subsection 1.

     3.  A certification authority may revoke a

certificate he or she has issued if the certificate is or becomes unreliable,

regardless of whether the subscriber consents to the revocation and

notwithstanding any agreement to the contrary between the certification

authority and subscriber.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.600  Notice of suspension or revocation. (NRS 720.150)

     1.  Immediately upon the suspension or

revocation of a certificate pursuant to this chapter, the certification

authority who issued the certificate shall, except as otherwise provided in

subsection 2, give notice of the suspension or revocation in such a manner as

is specified in the certificate. If the certificate specifies that the notice

must be given in one or more repositories, the certification authority shall

publish a signed notice of the suspension or revocation:

     (a) In each of the specified repositories that will

accept publication; and

     (b) In a recognized repository if:

          (1) Any of the specified repositories refuse

to accept publication or have ceased to exist; or

          (2) None of the specified repositories is a

recognized repository.

     2.  The Secretary of State will not give

notice of a suspension requested pursuant to NAC

720.570 unless the person requesting the suspension pays in advance any fee

for publication required by each repository where the notice is to be

published.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.610  Discharge of certification authority or subscriber from

responsibility for certain transactions. (NRS 720.150)

     1.  Upon giving notice of the revocation of a

certificate as required pursuant to NAC 720.600,

the certification authority who issued the certificate is discharged from any

liability or other responsibility, with regard to any transactions occurring

after the notice is given, for any promise, warranty or certification provided

pursuant to NAC 720.480 or 720.490

regarding the certificate.

     2.  When a certificate expires, the

certification authority who issued the certificate, the subscriber identified

in the certificate and the agents of that subscriber are discharged from any

liability or other responsibility, with regard to any transactions occurring

after the expiration occurs, for any promise, warranty or certification

provided pursuant to NAC 720.480, 720.490, 720.500, 720.510 or 720.520

regarding the certificate.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

RECOGNIZED REPOSITORIES

      NAC 720.650  Designation. (NRS 720.150)

     1.  The Secretary of State may designate a

repository as a recognized repository after he or she:

     (a) Receives:

          (1) An application for such a designation

submitted by a licensee;

          (2) Such evidence as he or she deems

sufficient to determine that the licensee and repository meet the requirements

of this chapter; and

          (3) Except as otherwise provided in NAC 720.260, the amounts required pursuant to NAC 720.430 and 720.810;

and

     (b) Determines, if the repository will publish

certificates that are not issued by recognized certification authorities, that

the certification authorities issuing those certificates conform to legally

binding requirements that the Secretary of State determines to be substantially

similar to or more stringent than the requirements of this chapter.

     2.  The designation of a repository as a

recognized repository is valid for 1 year unless the designation is revoked or

otherwise terminated at an earlier date.

     3.  The operator of a recognized repository

may discontinue its designation as such by:

     (a) Filing a notice of discontinuance with the

Secretary of State at least 30 days before the date of discontinuance; and

     (b) Complying with NAC

720.690.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.660  Application for designation. (NRS 720.150)  An

application for designation as a recognized repository must be on a form

prescribed by the Secretary of State and include:

 

     1.  The name of the licensee or applicant for

a license who will operate the repository;

     2.  The mailing address and, if different,

the physical address of the applicant;

     3.  The telephone number of the applicant;

     4.  The electronic mail address of the

applicant;

     5.  The electronic mail address of the

repository; and

     6.  A description of the computer hardware,

software and database of the repository that demonstrates compliance with the

requirements of this chapter.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.670  Operation. (NRS 720.150)  A

recognized repository:

     1.  Must be operated by a licensee;

     2.  Must operate by means of a trustworthy

system that:

     (a) Provides access to the repository on-line

through the Internet on a continuous basis, except for such periods as are

reasonably required for scheduled maintenance;

     (b) Has the capacity to process transactions in a

reasonably adequate manner for the anticipated volume of transactions; and

     (c) Provides for the periodic reproduction and

secure storage of data, in accordance with NRS 239.051, in a location other

than the location of the principal system of the repository;

     3.  Must include a database that contains:

     (a) Certificates that are published in the

repository;

     (b) Notices of suspended or revoked certificates

that are published by recognized certification authorities;

     (c) A record of certificates that have expired or

been suspended or revoked pursuant to this chapter; and

     (d) Any other information required by the Secretary

of State; and

     4.  Must not contain a significant amount of

information that is known or reasonably likely to be untrue, inaccurate or

unreliable.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.680  Revocation of designation; notice to licensee. (NRS 720.150)

     1.  The designation of a repository as a

recognized repository shall be deemed revoked immediately upon the expiration

or revocation of the license of the licensee who operates the repository.

     2.  The Secretary of State may, in accordance

with subsection 3 and without revoking the license of the licensee who operates

a recognized repository, revoke the designation of the repository as a

recognized repository if the Secretary of State determines that the licensee or

repository is not in compliance with all the provisions of this chapter.

     3.  The Secretary of State will inform a

licensee who operates a recognized repository of his or her determination to

revoke that designation by mailing a written notice to the mailing address and

electronic mail address of the licensee specified on the application for the

designation of the repository as a recognized repository. The notice must state

the date when the revocation becomes effective, which must not occur until at

least 30 days after the mailing of the notice. If the licensee files an

application for a hearing on the matter before the effective date specified in

the notice, the revocation does not become effective until so ordered by the

hearing officer.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.690  Cessation of operation. (NRS 720.150)  If

a repository of a licensee ceases to operate as a recognized repository, the

licensee shall publish the information maintained in the repository in another

recognized repository.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.700  State repository. (NRS 720.150)

     1.  The Secretary of State may operate or

contract for the operation of a state repository. If the Secretary of State

contracts for the operation of the repository by an entity other than the

Division of Enterprise Information Technology Services of the Department of

Administration, the contractor must be a licensee and agree to operate the

repository in compliance with the provisions of this chapter. The Secretary of

State may rescind a contract for the operation of the state repository for:

     (a) Any ground that would be sufficient for the

revocation of the designation of the repository as a recognized repository; or

     (b) Any other legally recognized ground for

rescission.

     2.  If a state repository is operated

pursuant to subsection 1, the repository must include:

     (a) A disclosure record for each licensee;

     (b) A list of all judgments filed with the

Secretary of State pursuant to NAC 720.410 within

the past 5 years;

     (c) Each advisory statement published by the

Secretary of State pursuant to NAC 720.800; and

     (d) Any other information the Secretary of State deems

appropriate for inclusion in the state repository.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.710  Liability of licensee. (NRS 720.150)

     1.  Except as otherwise provided in this

section, a licensee who operates a recognized repository shall agree to pay for

any loss incurred by a person who reasonably relies on a digital signature that

is verified by the public key set forth in a suspended or revoked certificate,

if the reliance occurs:

     (a) More than 1 business day after the licensee

receives from a recognized certification authority a request to publish notice

of the suspension or revocation; and

     (b) Before the licensee has published the notice in

the recognized repository it operates.

     2.  Subsection 1 does not require a licensee

to agree to pay any:

     (a) Punitive or exemplary damages or damages for

pain or suffering; or

     (b) Amount in excess of any limitations on

obligations, losses or damages listed in the suspended or revoked certificate.

     3.  A licensee may liquidate, limit, alter or

exclude liability for any consequential or incidental damages resulting from

the requirements of subsection 1 by:

     (a) Agreement with the person who incurs the loss;

or

     (b) Notification of the person who incurs the loss,

before he or she relies on the digital signature, of the liquidation,

limitation, alteration or exclusion,

Ê if the

liquidation, limitation, alteration or exclusion is not unconscionable.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

USE AND EFFECT OF DIGITAL SIGNATURE

      NAC 720.750  General provisions. (NRS 720.150)

     1.  Except as otherwise provided by a

specific statute, regulation or contract:

     (a) An electronic message that bears in its

entirety a digital signature which is verified by the public key set forth in a

certificate that was a valid certificate when the digital signature was

created, is as valid, enforceable and effective as a record set forth on paper.

     (b) An electronic message that is digitally signed

shall be deemed to be an original of the message.

     (c) A digital signature may be accepted in any

manner that is reasonable under the circumstances.

     2.  Except as otherwise provided by a

specific statute or regulation:

     (a) An electronic message that bears a digital

signature does not constitute an instrument pursuant to chapter 104 of NRS unless all the parties

to the transaction agree, including any financial institutions affected by the

transaction.

     (b) In any action for the adjudication of a dispute

involving a digital signature, issues regarding jurisdiction, venue and choice

of law must be determined in the same manner as if all transactions had been

effected through documents set forth on paper.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.760  Public agency: Acceptance and use of digital signature;

confidentiality of private key. (NRS 720.150)

     1.  Except as otherwise provided by a

specific statute or regulation, a public agency shall not accept a digital

signature as a substitute for a handwritten or facsimile signature unless the

digital signature is verified by a valid certificate.

     2.  Except as otherwise provided in

subsection 3 or by a specific statute or regulation, a public agency shall not

use a digital signature to conduct official public business unless the digital

signature is verifiable with reference to a public key set forth in a valid

certificate that identifies the public agency as the subscriber. A public

agency may become the subscriber of a certificate issued by a recognized

certification authority to conduct through electronic messages any official

public business for which any statute or regulation requires the signature of

an officer, employee or other agent of the public agency.

     3.  Subsection 2 does not apply to the use of

a digital signature for internal procedures of a public agency unless otherwise

required by a specific statute, regulation or court rule, or by the office of

financial management, training and controls of the Department of

Administration.

     4.  A private key held by a public agency or

any person on behalf of a public agency, and any information that identifies

such a private key are confidential.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.770  Acceptance of digital signature as acknowledgment; liability of certification

authority. (NRS

720.150)

     1.  Except as otherwise provided by a

specific statute, regulation or contract, a digital signature that is

verifiable with reference to the public key set forth in a valid certificate

shall be deemed to satisfy the requirements for an acknowledgment, regardless

of whether the person who executed the digital signature appeared before the

certification authority or a person who is authorized to take acknowledgments

in this State, if:

     (a) The digitally signed message includes a

statement that the digital signature is intended as an acknowledgment;

     (b) The digital signature is verified by the public

key set forth in the certificate;

     (c) The certificate was a valid certificate when

the digital signature was affixed; and

     (d) The certificate provides that the digital

signature satisfies the requirements for an acknowledgment.

     2.  If a certificate provides that a digital

signature satisfies the requirements for an acknowledgment, the certification

authority who issued the certificate is liable for the digital signature to the

same extent as if the certification authority was a notary public who had

acknowledged the signature, except that his or her liability must not exceed

any recommended limit of reliance set forth in the certificate. No

certification authority may waive, disclaim or otherwise limit by agreement the

provisions of this subsection.

     3.  As used in this section, “acknowledgment”

has the meaning ascribed to it in NRS

240.002.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.780  Reasonable reliance on digital signature or certificate. (NRS 720.150)

     1.  Except as otherwise provided by a

specific statute, regulation or contract, if reliance on a digital signature is

not reasonable under the circumstances, the recipient of the digital signature

assumes the risk that the digital signature was forged.

     2.  Any determination of whether it is

reasonable to rely upon a certificate or a digital signature verifiable with

reference to the public key set forth in a certificate must include, without

limitation, an evaluation of:

     (a) The facts known to the relying person or of

which he or she has notice, including all the facts stated or incorporated by

reference in the certificate;

     (b) The value or relative importance of the

digitally signed message, if known;

     (c) The course of dealing between the relying

person and the subscriber, and any available indicia of reliability or

unreliability other than the digital signature; and

     (d) The usage of the trade, particularly trade

conducted by trustworthy systems or other computer systems.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.790  Good faith of certification authority, subscriber and recipient

of digital signature. (NRS 720.150)

     1.  A certification authority, a subscriber

and a recipient of a digital signature shall use good faith in the use of a

digital signature and in conducting any activities governed by the provisions

of this chapter.

     2.  The provisions of subsection 1 may not be

waived, disclaimed or otherwise limited by agreement, except that the parties

to an agreement may establish the standards by which their good faith with

regard to one another will be measured if those standards are not manifestly

unreasonable.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

ENFORCEMENT

      NAC 720.800  Activities of certification authority that create unreasonable

risk prohibited; advisory statement from Secretary of State. (NRS 720.150)

     1.  A certification authority shall not

conduct any activities as a certification authority in any manner that creates

an unreasonable risk of loss to any subscriber of the certification authority,

any person relying on a certificate issued by the certification authority or

any repository.

     2.  If the Secretary of State determines that

the activities of a certification authority create a risk of loss to any

subscriber of the certification authority, any person relying on a certificate

issued by the certification authority or any repository, the Secretary of State

may publish a brief statement generally advising subscribers, persons who rely

on digital signatures and repositories about those activities.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.810  Investigation of applicant; payment of costs of investigation. (NRS 720.150, 720.180)

     1.  The Secretary of State may conduct such

an investigation of an applicant as he or she determines is necessary to

determine the qualifications of the applicant and whether the applicant is in

compliance with the provisions of this chapter and chapter 720 of NRS. Except as otherwise

provided in NAC 720.260 or unless waived by the

Secretary of State, all fees and other costs incurred by the Secretary of State

to conduct the investigation must be paid by the applicant.

     2.  Before commencing the investigation of an

applicant, the Secretary of State may require the applicant to deposit such an

amount as the Secretary of State estimates will be necessary to pay the fees

and other costs of that investigation. Upon taking final action on the

application, the Secretary of State will provide the applicant with an itemized

statement of the fees and other costs incurred and refund any unexpended

portion of the amount deposited.

     3.  As used in this section, “applicant”

means a person who submits an application pursuant to NAC

720.270, 720.420 or 720.650.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

 

      NAC 720.820  Examination and copying of records of licensee. (NRS 720.150)  To

determine compliance with this chapter and chapter

720 of NRS, the Secretary of State may:

     1.  Without prior notice, examine in any

manner that is reasonable under the circumstances the records of a licensee,

whether maintained within or outside of this State. The licensee shall make his

or her records available to the Secretary of State in legible form.

     2.  Copy any records of a licensee or require

the licensee to provide the Secretary of State with copies of any of his or her

records, to such an extent and in such a manner as is reasonable under the

circumstances.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.830  Investigatory authority of Secretary of State. (NRS 720.150)

     1.  The Secretary of State may conduct any

investigation, whether within or outside of this State, as he or she determines

is necessary to ascertain whether a person has violated or is about to violate

this chapter or chapter 720 of NRS, or

to aid in the enforcement of this chapter or chapter 720 of NRS.

     2.  To carry out subsection 1, the Secretary

of State or any employee designated by the Secretary of State may conduct

hearings, administer oaths and affirmations, render findings of fact and

conclusions of law, subpoena witnesses, compel their attendance, take evidence

and require the production, by subpoena or otherwise, of books, papers,

correspondence, memoranda, agreements or other documents or records which the

Secretary of State determines to be relevant or material to the investigation.

A person whom the Secretary of State does not consider to be the subject of an

investigation is entitled to reimbursement at the rate of 25 cents per page for

copies of documents which he or she is required by subpoena to produce. The

Secretary of State may require or permit a person to file a statement, under

oath or otherwise as the Secretary of State determines, as to the facts and

circumstances concerning the matter to be investigated.

     3.  If the activities constituting an alleged

violation for which the information is sought would be a violation of this

chapter or chapter 720 of NRS had the

activities occurred in this State, the Secretary of State may issue and apply

to enforce subpoenas in this State at the request of a comparable licensing

agency of another state.

     4.  If a person does not testify or produce

any documents as required by a subpoena issued pursuant to this section, the

Secretary of State may apply to the court for an order compelling compliance. A

request for such an order may be addressed to:

     (a) The district court in and for the county where

service may be obtained on the person refusing to testify or produce, if the

person is subject to service of process in this State; or

     (b) A court of another state having jurisdiction

over the person refusing to testify or produce, if the person is not subject to

service of process in this State.

     5.  Not later than the time the Secretary of

State requests an order for compliance, he or she shall:

     (a) Send notice of the request by certified mail,

return receipt requested, to the respondent at the last known address of the

respondent; or

     (b) Take other steps reasonably calculated to give

the respondent actual notice.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.840  Payment of costs of investigation of licensee. (NRS 720.150, 720.180)

     1.  Except as otherwise provided in NAC 720.260, a licensee shall pay all proper costs

incurred by the Secretary of State to conduct an investigation of the licensee

pursuant to NAC 720.830.

     2.  The Secretary of State may require the

licensee to deposit such an amount as the Secretary of State estimates will be

necessary to pay those costs. The licensee shall remit:

     (a) The deposit within 15 days after the Secretary

of State provides the licensee with a statement of that estimate; and

     (b) Any other balance due for the investigation

within 45 days after the Secretary of State provides the licensee with a bill

for that amount.

Ê The Secretary

of State may issue an order for the denial, suspension or revocation of the

license of a licensee who fails to comply with the provisions of this

subsection.

     3.  For the purposes of this section, “proper

costs” includes, without limitation:

     (a) Not less than $500 for the compensation of

employees of the Secretary of State for time spent:

          (1) Traveling to and from the site of the

investigation;

          (2) Conducting the investigation; and

          (3) Preparing a report of the investigation,

Ê at a rate of

$50 per hour for each employee;

     (b) The per diem allowance and travel expenses of

the employees of the Secretary of State conducting the investigation, as

provided for state officers and employees generally; and

     (c) The cost of supplies, materials, photocopying

and postage incurred in conducting the investigation.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.850  Issuance of orders for enforcement. (NRS 720.150, 720.190)

     1.  Except as otherwise provided in this

section, the Secretary of State may, as appropriate, issue an order denying,

suspending or revoking a license, limiting any of the activities as a

certification authority in this State of a licensee or an applicant for a

license or imposing a civil penalty on a licensee if the Secretary of State

determines that the order is in the public interest and that the licensee or

applicant for a license has:

     (a) Filed with the Secretary of State an

application for a license which, on the effective date of the application or,

in the case of an order denying a license any date after the filing of the

application, was incomplete in a material respect or contained a statement that

was, in light of the circumstances under which the statement was made, false or

misleading with regard to a material fact;

     (b) Violated or failed to comply with a provision

of this chapter or chapter 720 of NRS;

     (c) Within the last 10 years been convicted of a

felony or misdemeanor that the Secretary of State determines to have:

          (1) Arisen out of the conduct of business as a

certification authority or repository; or

          (2) Involved larceny, theft, robbery,

extortion, forgery, counterfeiting, fraudulent concealment, embezzlement,

fraudulent conversion, misappropriation of money, or any similar offense or

conspiracy to commit such an offense;

     (d) Been temporarily or permanently enjoined by any

court of competent jurisdiction, from:

          (1) Performing any activity as a certification

authority or repository;

          (2) Performing any activity as an affiliated

person or employee of a certification authority or repository; or

          (3) Engaging in or continuing any conduct or

practice in connection with an activity described in subparagraph (1) or (2),

Ê unless the

order has been vacated;

     (e) Been or is the subject of an order of the

Secretary of State for the denial, suspension or revocation of a license,

unless the order has been vacated;

     (f) Been or is the subject of an order issued

within the last 5 years under the authority of another country or state or a

Canadian province or territory, after the provision of notice and an

opportunity for a hearing:

          (1) For the denial, suspension or revocation

of a license as a certification authority; or

          (2) To cease and desist any activity as a

certification authority,

Ê unless the

order has been vacated; or

     (g) Become insolvent. For the purposes of this

paragraph, “insolvent” means that:

          (1) The liabilities of a person exceed his or

her assets; or

          (2) A person is unable to meet his or her

obligations as they mature.

 

 

     2.  If the Secretary of State, when a license

becomes effective, has knowledge of any fact or transaction for which he or she

may issue an order pursuant to subsection 1, the Secretary of State must

commence proceedings for the issuance of the order within 90 days after the

issuance of the license.

     3.  If the Secretary of State determines that

a licensee or an applicant for a license has ceased to exist or to do business

as a certification authority, the Secretary of State may issue an order

revoking the license or denying the application for a license.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

PROCEEDINGS

      NAC 720.900  Applicability of chapter 233B

of NRS; request for administrative hearing. (NRS 720.150)

     1.  Except as otherwise provided in this

chapter, the provisions of this chapter must be carried out in accordance with

the provisions of chapter 233B of

NRS.

     2.  A person affected by a determination or

action of the Secretary of State made pursuant to this chapter may request an

administrative hearing on the matter before a hearing officer by submitting an

application for such a hearing to the Secretary of State. The application:

     (a) May be submitted on a form provided by the

Secretary of State, or on another document or in an electronic message signed

by the applicant or his or her representative; and

     (b) Must specify each issue to be considered at the

hearing.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.910  Persons permitted to appear in representative capacity. (NRS 720.150)  No person

may appear in a representative capacity in an administrative hearing conducted

pursuant to this chapter except:

     1.  An attorney who is admitted to practice

law in this State.

     2.  An authorized officer, manager, partner

or full-time employee of an organization or governmental entity who appears on

behalf of the organization or governmental entity.

     3.  A natural person who represents himself

or herself.

     4.  An interpreter for a person who:

     (a) Speaks a language other than English and does

not know the English language; or

     (b) Is a person with a disability, as that term is

defined in NRS 50.050.

     5.  Such other persons as the hearing officer

allows, based upon his or her determination that it would be unduly burdensome

to require a person to use one of the representatives identified in subsections

1 and 2.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.920  Rebuttable presumptions. (NRS 720.150)  For the

purposes of an administrative hearing conducted pursuant to this chapter or any

other adjudication of a dispute involving a digital signature, there is a

rebuttable presumption that:

     1.  A certificate that has been:

     (a) Digitally signed by a recognized certification

authority; and

     (b) Published in a recognized repository or

otherwise made available by the certification authority who issued the

certificate or the subscriber identified in the certificate,

Ê has been

issued by that certification authority and accepted by that subscriber.

     2.  The information set forth in a valid

certificate and confirmed by the certification authority who issued the

certificate is accurate.

     3.  If a digital signature is verified by the

public key set forth in a valid certificate:

     (a) The digital signature is the digital signature

of the subscriber identified in that certificate;

     (b) The digital signature was affixed by that

subscriber with the intention of signing the message;

     (c) The message associated with the digital

signature has not been altered since the signature was affixed; and

     (d) The recipient of that digital signature has no

notice or knowledge that:

          (1) The subscriber has breached any term of

his or her promise pursuant to NAC 720.530; or

          (2) The signer does not rightfully hold the

private key used to create the digital signature.

     4.  A digital signature was created before it

was time stamped by a disinterested person using a trustworthy system.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.930  Filing of documents in electronic form; service by electronic

transmission. (NRS

720.150)  In an administrative hearing conducted

pursuant to this chapter:

     1.  A party to the hearing may, unless the

hearing officer directs otherwise, file any pleading or other document in

electronic form.

     2.  If a pleading or other document that is

filed electronically must be signed, it must be signed with a digital signature

that is verifiable by a valid certificate issued by a certification authority

who is not a party to the hearing.

     3.  The service of a pleading or other document

by electronic transmission shall be deemed effective upon receipt, except that

such an electronic transmission which is sent after 5 p.m. on a business day or

at any time on a weekend or state holiday shall be deemed effective at 8 a.m.

on the next business day.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.940  Summary proceeding. (NRS 720.150)

     1.  As an alternative to any other authorized

procedure, the Secretary of State may commence a proceeding under this chapter

or chapter 720 of NRS by entering a

summary order pursuant to this section. The order must be in writing and may be

entered without providing any prior notice or opportunity for a hearing, and

need not be supported by findings of fact or conclusions of law.

     2.  Upon the entry of a summary order

pursuant to subsection 1, the Secretary of State will promptly notify in

writing all persons against whom action is taken or contemplated that the

summary order has been entered and the reasons therefor. The Secretary of State

will send all persons against whom action is taken a notice of an opportunity

for a hearing on the matters set forth in the order. The notice must state that

the persons have 15 calendar days after receipt of the notice to mail a written

request for a hearing to the Secretary of State.

     3.  The Secretary of State will set the

matter for a hearing on a date not more than 60 or less than 15 calendar days

after the receipt of the request for a hearing, and will promptly notify the

parties of the time and place for the hearing. The time of the hearing may be

continued upon the written request of a party for good cause shown.

     4.  The Secretary of State may issue an order

that makes a summary order final:

     (a) Fifteen days after a person against whom action

is taken or contemplated receives notice of the right to request a hearing, if

that person fails to request a hearing; or

     (b) If a party fails to appear at a hearing, on the

date set for the hearing.

     5.  If a hearing is requested, the Secretary

of State may:

     (a) Extend the summary order until final

determination of the matter; or

     (b) After providing further notice of an opportunity

for a prior hearing to all parties against whom action is taken or

contemplated, modify or vacate the summary order.

     6.  For the purposes of this section, notice

is complete:

     (a) Upon delivery personally to a person;

     (b) By mailing by certified mail to the last known

address of a person; or

     (c) By mailing by electronic mail to the address of

a person specified on an application submitted by the person pursuant to this

chapter to the Secretary of State.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

      NAC 720.950  Emergency administrative proceeding. (NRS 720.150)

     1.  To carry out the provisions of this

chapter or chapter 720 of NRS and as

an alternative to any other authorized procedure, the Secretary of State may

use an emergency administrative proceeding pursuant to this section if there is

an immediate danger to the public welfare requiring immediate action.

     2.  The Secretary of State may take only such

action pursuant to this section as is necessary to prevent or avoid the

immediate danger to the public welfare that justifies the use of an emergency

administrative proceeding.

     3.  An order issued pursuant to this section

will include a brief statement of:

     (a) Findings of fact;

     (b) Conclusions of law; and

     (c) The reasons for:

          (1) Determining that there is an immediate

danger to the public welfare; and

          (2) The decision of the Secretary of State to

take the specific action ordered.

     4.  The Secretary of State will give such

notice as is practicable to persons who are required to comply with the order.

The order is effective when issued.

     5.  After issuing an order pursuant to this

section, the Secretary of State will proceed as quickly as feasible to complete

the proceedings in the manner otherwise provided pursuant to the provisions of chapter 233B of NRS.

     6.  The record of the Secretary of State consists

of the documents regarding the matter that were considered or prepared by him

or her. The Secretary of State will maintain these documents as the official

record.

     7.  Except as otherwise required by law, the

official record need not constitute the exclusive basis for his or her action

in an emergency administrative proceeding or for judicial review of the action.

     8.  An order issued pursuant to this section

is subject to judicial review in the manner provided in chapter 233B of NRS for the final

decision in a contested case.

     (Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)

Related Laws