Published: 2015
Key Benefits:
[Rev. 6/8/2018 4:10:55 PM--2017]
[NAC-720 Revised Date: 4-12]
CHAPTER 720 - DIGITAL SIGNATURES
GENERAL PROVISIONS
720.010 Definitions.
720.015 “Accept a certificate” defined.
720.020 “Certification practice statement” defined.
720.025 “Certify” defined.
720.030 “Confirm” defined.
720.035 “Disclosure record” defined.
720.040 “Electronic” defined.
720.045 “Electronic message” defined.
720.050 “Foreign license” defined.
720.055 “Hearing officer” defined.
720.060 “Incorporate by reference” defined.
720.065 “Issue a certificate” defined.
720.070 “License” defined.
720.075 “Licensee” defined.
720.080 “Notify” defined.
720.085 “Official public business” defined.
720.090 “Operative personnel” defined.
720.095 “Person” defined.
720.100 “Public agency” defined.
720.105 “Publish” defined.
720.110 “Recipient” defined.
720.115 “Recognized certification authority” defined.
720.120 “Recognized repository” defined.
720.125 “Recommended limit of reliance” defined.
720.130 “Repository” defined.
720.135 “Revoke a certificate” defined.
720.140 “Rightfully hold a private key” defined.
720.145 “State repository” defined.
720.150 “Suitable insurance” defined.
720.155 “Suspend a certificate” defined.
720.160 “Time stamp” defined.
720.165 “Transactional certificate” defined.
720.170 “Trustworthy system” defined.
720.175 “Valid certificate” defined.
720.180 Purposes of chapter.
720.185 Construction.
720.190 Variation of certain provisions by agreement; remedies not exclusive.
720.195 Severability of provisions.
720.200 Adoption by reference of standards.
720.205 Confidentiality of information.
LICENSING AND OPERATION OF CERTIFICATION AUTHORITY
720.250 Qualifications for license; period of validity of license.
720.260 Issuance of license to governmental entity.
720.270 Prerequisites to issuance and renewal of license.
720.280 Application for license.
720.290 Insurance: Minimum requirements; proof.
720.300 Trustworthy system: Minimum requirements.
720.310 Trustworthy system: Use.
720.320 Compliance audit: Performance; report to Secretary of State.
720.330 Compliance audit: Qualifications of auditor.
720.340 Qualifications of operative personnel.
720.350 Persons convicted of certain crimes not to act as operative personnel.
720.360 Certification practice statement: Filing and publication; contents.
720.370 Disclosure records: Publication and updating by Secretary of State.
720.380 Imposition of restrictions on operation of licensee.
720.390 Creation and retention of records by licensee.
720.400 Duties of licensee discontinuing services as certification authority.
720.410 Filing of judgments against licensees; scope of liability of recognized certification authority.
720.420 Recognition of foreign license.
720.430 Licensing fees.
CERTIFICATE: ISSUANCE AND PUBLICATION
720.450 Prerequisites to issuance of certificate to subscriber.
720.460 Confirmation of identity of prospective subscriber.
720.470 Contents of certificate.
720.480 Warranties, promises and certifications by Secretary of State.
720.490 Warranties, promises and certifications by other certification authorities.
720.500 Certification of authority of person requesting certificate.
720.510 Certifications by subscriber.
720.520 Indemnification of certification authority for certain losses or damages.
720.530 Private key: Promises and property right of subscriber.
720.540 Publication of certificate by Secretary of State or licensee.
CERTIFICATE: REVOCATION, SUSPENSION AND EXPIRATION
720.550 Revocation of certificate not issued in accordance with requirements; suspension to conduct investigation; notification of subscriber.
720.560 Order by Secretary of State to revoke or suspend certificate; notification; compliance with order.
720.570 Suspension upon request by appropriate person.
720.580 Termination of requested suspension.
720.590 Revocation of certificate by certification authority upon receipt of request or certain information.
720.600 Notice of suspension or revocation.
720.610 Discharge of certification authority or subscriber from responsibility for certain transactions.
RECOGNIZED REPOSITORIES
720.650 Designation.
720.660 Application for designation.
720.670 Operation.
720.680 Revocation of designation; notice to licensee.
720.690 Cessation of operation.
720.700 State repository.
720.710 Liability of licensee.
USE AND EFFECT OF DIGITAL SIGNATURE
720.750 General provisions.
720.760 Public agency: Acceptance and use of digital signature; confidentiality of private key.
720.770 Acceptance of digital signature as acknowledgment; liability of certification authority.
720.780 Reasonable reliance on digital signature or certificate.
720.790 Good faith of certification authority, subscriber and recipient of digital signature.
ENFORCEMENT
720.800 Activities of certification authority that create unreasonable risk prohibited; advisory statement from Secretary of State.
720.810 Investigation of applicant; payment of costs of investigation.
720.820 Examination and copying of records of licensee.
720.830 Investigatory authority of Secretary of State.
720.840 Payment of costs of investigation of licensee.
720.850 Issuance of orders for enforcement.
PROCEEDINGS
720.900 Applicability of chapter 233B of NRS; request for administrative hearing.
720.910 Persons permitted to appear in representative capacity.
720.920 Rebuttable presumptions.
720.930 Filing of documents in electronic form; service by electronic transmission.
720.940 Summary proceeding.
720.950 Emergency administrative proceeding.
GENERAL PROVISIONS
NAC 720.010 Definitions. (NRS 720.150) As used in this chapter, unless the context otherwise requires, the words and terms defined in NRS 720.020 to 720.130, inclusive, and NAC 720.015 to 720.175, inclusive, have the meanings ascribed to them in those sections.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.015 “Accept a certificate” defined. (NRS 720.150) “Accept a certificate” means to manifest approval of a certificate by using the certificate or otherwise, with knowledge or notice of its contents.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.020 “Certification practice statement” defined. (NRS 720.150) “Certification practice statement” means a declaration that complies with the requirements of NAC 720.360.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.025 “Certify” defined. (NRS 720.150) “Certify” means, with reference to a certificate, to declare with ample opportunity to reflect after apprising oneself of all material facts.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.030 “Confirm” defined. (NRS 720.150) “Confirm” means to ascertain through appropriate inquiry and investigation.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.035 “Disclosure record” defined. (NRS 720.150) “Disclosure record” means a publicly accessible record maintained by the Secretary of State concerning a licensee that is available on-line through the Internet.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.040 “Electronic” defined. (NRS 720.150) “Electronic” means an electrical, digital, magnetic, optical, electromagnetic or similar form of technology.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.045 “Electronic message” defined. (NRS 720.150) “Electronic message” means a record that is generated, communicated, received or stored by electronic means for use in an information system or transmission between separate information systems.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.050 “Foreign license” defined. (NRS 720.150) “Foreign license” means a license to conduct business as a certification authority issued by a governmental entity outside of this State.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.055 “Hearing officer” defined. (NRS 720.150) “Hearing officer” means the Secretary of State or a hearing officer designated by the Secretary of State.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.060 “Incorporate by reference” defined. (NRS 720.150) “Incorporate by reference” means to make a message a part of another message by identifying the message to be incorporated and expressing the intention that it be incorporated.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.065 “Issue a certificate” defined. (NRS 720.150) “Issue a certificate” means the creation of a certificate and notification of the subscriber identified in the certificate of the contents of the certificate.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.070 “License” defined. (NRS 720.150) “License” means a license to conduct business as a certification authority issued by the Secretary of State.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.075 “Licensee” defined. (NRS 720.150) “Licensee” means a certification authority who holds a license.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.080 “Notify” defined. (NRS 720.150) “Notify” means to communicate a fact to a person in a manner reasonably likely under the circumstances to impart knowledge of the information to that person.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.085 “Official public business” defined. (NRS 720.150) “Official public business” means any legally authorized transaction or communication between a public agency and any other person.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.090 “Operative personnel” defined. (NRS 720.150) “Operative personnel” means one or more natural persons acting as a certification authority or his or her agent, or in the employment of or under contract with a certification authority, who have:
1. Duties directly involving the issuance of certificates or the creation of private keys;
2. Responsibility for the secure operation of the system of computer hardware and software used by the certification authority to conduct business as a certification authority or to operate a recognized repository;
3. Direct responsibility, other than general supervisory authority, for the establishment or adoption of policies regarding the operation and security of the certification authority; or
4. Such other duties or responsibilities as the Secretary of State determines to be significant to the operation of a certification authority.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.095 “Person” defined. (NRS 720.150) “Person” means a natural person, any organization that is capable of signing a document, either legally or as a matter of fact, a government, a governmental agency or a political subdivision of a government.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.100 “Public agency” defined. (NRS 720.150) “Public agency” has the meaning ascribed to it in NRS 720.170.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.105 “Publish” defined. (NRS 720.150) “Publish” means to make information publicly available.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.110 “Recipient” defined. (NRS 720.150) “Recipient” means a person who:
1. Has received a certificate and a digital signature that is verifiable with reference to the public key set forth in the certificate; and
2. Is in a position to rely on the digital signature.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.115 “Recognized certification authority” defined. (NRS 720.150) “Recognized certification authority” means the Secretary of State, a licensee or a certification authority whose foreign license is recognized by the Secretary of State pursuant to NAC 720.420.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.120 “Recognized repository” defined. (NRS 720.150) “Recognized repository” means the state repository or a repository designated by the Secretary of State pursuant to NAC 720.650.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.125 “Recommended limit of reliance” defined. (NRS 720.150) “Recommended limit of reliance” means the monetary amount that a certification authority recommends is the maximum amount upon which a certificate may be relied.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.130 “Repository” defined. (NRS 720.150) “Repository” means a system for storing and retrieving certificates and other information relevant to digital signatures.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.135 “Revoke a certificate” defined. (NRS 720.150) “Revoke a certificate” means to make a certificate ineffective permanently from a specified time forward through means of a notation on the certificate or the inclusion of the certificate in a set of revoked certificates.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.140 “Rightfully hold a private key” defined. (NRS 720.150) “Rightfully hold a private key” means to hold a private key that:
1. Has not been disclosed by the holder of the key or his or her agents to any person who is not authorized to use the key; and
2. Has not been obtained by the holder of the key through theft, deceit, eavesdropping or other unlawful means.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.145 “State repository” defined. (NRS 720.150) “State repository” means a repository operated pursuant to NAC 720.700.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.150 “Suitable insurance” defined. (NRS 720.150) “Suitable insurance” means insurance that satisfies the requirements of NAC 720.290.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.155 “Suspend a certificate” defined. (NRS 720.150) “Suspend a certificate” means to make a certificate ineffective temporarily for a specified time forward.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.160 “Time stamp” defined. (NRS 720.150) “Time stamp” means:
1. A notation that:
(a) Is digitally signed by a certification authority;
(b) Is appended or attached to a message, digital signature or certificate; and
(c) Indicates at least:
(1) The date and time the notation was appended or attached; and
(2) The identity of the person appending or attaching the notation; or
2. To append or attach such a notation to a message, digital signature or certificate.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.165 “Transactional certificate” defined. (NRS 720.150) “Transactional certificate” means a certificate that is effective only for a specific transaction or series of transactions specified or incorporated by reference in the certificate.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.170 “Trustworthy system” defined. (NRS 720.150) “Trustworthy system” means a system of computer hardware and software that complies with the requirements of NAC 720.300.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.175 “Valid certificate” defined. (NRS 720.150) “Valid certificate” means a certificate that:
1. Has been issued by a recognized certification authority;
2. Has been accepted by the subscriber identified in the certificate;
3. Has not been suspended or revoked; and
4. Has not expired.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.180 Purposes of chapter. (NRS 720.150) The purposes of this chapter are to:
1. Ensure that electronic messages with digital signatures are not denied legal recognition solely because they are in electronic form;
2. Facilitate commerce by means of reliable electronic messages;
3. Establish procedures for the use of digital signatures for official public business;
4. Provide persons who engage in commerce or official public business with reasonable assurance of the integrity and authenticity of electronic messages with digital signatures and that those messages will not be repudiated;
5. Provide a mechanism for the licensing of certification authorities and the recognition of repositories;
6. Minimize the incidence of forged digital signatures and fraud in electronic commerce;
7. Provide for the legal implementation of technical standards relating to electronic messages with digital signatures; and
8. Coordinate, with other states and jurisdictions, the establishment of uniform provisions regarding the authentication and reliability of electronic messages.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.185 Construction. (NRS 720.150) The provisions of this chapter:
1. Must be construed in a manner that:
(a) Is commercially reasonable under the circumstances; and
(b) Carries out the purposes of this chapter.
2. Must not be construed in such a manner as to:
(a) Require the Secretary of State to conduct any business or take any other action as a certification authority;
(b) Preclude a licensee from conforming to any standards or requirements that are more stringent than, but nevertheless consistent with, those provisions; or
(c) Authorize the award of any punitive or exemplary damages.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.190 Variation of certain provisions by agreement; remedies not exclusive. (NRS 720.150)
1. Except as otherwise provided by a specific provision of this chapter, the provisions of this chapter regarding the issuance, acceptance, publication and use of a certificate may be varied by agreement between the certification authority who issues the certificate and the subscriber identified in the certificate.
2. The remedies provided pursuant to this chapter are not exclusive and are in addition to any other remedies provided by law, including, without limitation, any criminal prosecution pursuant to the laws of this State or of the United States. Injunctive relief must not be denied to a person regarding any conduct governed by the provisions of this chapter solely because the conduct is or may be subject to criminal prosecution.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.195 Severability of provisions. (NRS 720.150) The provisions of this chapter are hereby declared to be severable. If any of the provisions of this chapter is held invalid, or if the application of any of those provisions to any person, thing or circumstance is held invalid, that invalidity does not affect any other provision of this chapter that can be given effect without the invalid provision or application.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.200 Adoption by reference of standards. (NRS 720.150) The Secretary of State hereby adopts by reference:
1. The technical standards designated as X.509, Version 3, as adopted by the International Telecommunication Union. A copy of those standards may be obtained from the Office of the Secretary of State, 101 North Carson Street, Suite 3, Carson City, Nevada 89701-4786, for the price of $22.50.
2. The provisions of the CSPP - Guidance for COTS Security Protection Profiles, Version 1.0, as developed by the National Institute of Standards and Technology of the Technology Administration of the United States Department of Commerce. A copy of those provisions may be obtained from the Office of the Secretary of State, 101 North Carson Street, Suite 3, Carson City, Nevada 89701-4786, for the price of $9.50.
3. The provisions of the WebTrust Program for Certification Authorities, Version 1.0, as developed by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants. A copy of those provisions may be obtained from the Office of the Secretary of State, 101 North Carson Street, Suite 3, Carson City, Nevada 89701-4786, for the price of $9.50.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99; A by R040-03, 12-4-2003)
NAC 720.205 Confidentiality of information. (NRS 720.150)
1. Except as otherwise provided in subsection 2 or required by a court order, any:
(a) Trade secret, as that term is defined in NRS 600A.030;
(b) Information regarding the design, security or programming of a computer system used for the licensing or operation of a certification authority or repository pursuant to this chapter; or
(c) Information that identifies a private key held by a subscriber,
Ê which is in the possession of the Secretary of State or Division of Enterprise Information Technology Services of the Department of Administration for the purposes of this chapter, or an auditor conducting an audit pursuant to NAC 720.320, shall be deemed confidential and must not be made available for public disclosure, inspection or copying.
2. For the purposes of an audit conducted pursuant to NAC 720.320, a licensee shall provide the auditor with any information in his or her possession that is relevant to the audit, including any information that is deemed confidential pursuant to subsection 1.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
LICENSING AND OPERATION OF CERTIFICATION AUTHORITY
NAC 720.250 Qualifications for license; period of validity of license. (NRS 720.150)
1. To qualify for a license, a certification authority must:
(a) Use a secure method for limiting access to the private key of the certification authority;
(b) Maintain an office or registered agent for service of process in this State; and
(c) Comply with the provisions of this chapter and chapter 720 of NRS.
2. The issuance or renewal of a license is valid for 1 year unless the license is suspended, revoked or otherwise terminated at an earlier date. The Secretary of State may notify a licensee before his or her license is due to expire, but any failure to do so does not excuse a licensee from failing to renew the license within that period.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.260 Issuance of license to governmental entity. (NRS 720.150)
1. Except as otherwise provided in this section, the Secretary of State will not issue a license to any governmental entity.
2. The Secretary of State may issue a license to the Division of Enterprise Information Technology Services of the Department of Administration. For the purposes of this chapter, the Division is not required to:
(a) Obtain or submit proof that the Division has suitable insurance; or
(b) Pay any of the amounts otherwise required pursuant to NAC 720.430, 720.810 or 720.840.
3. If the Division of Enterprise Information Technology Services obtains a license, the Division may issue a certificate only:
(a) For a subscriber who is a public agency; or
(b) For the conduct of official public business by any other person.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.270 Prerequisites to issuance and renewal of license. (NRS 720.150) Except as otherwise provided in NAC 720.260, the Secretary of State may issue a license to, or renew the license of, a certification authority who meets the qualifications for a license set forth in NAC 720.250 and submits to the Secretary of State:
1. A completed application that complies with the requirements of NAC 720.280.
2. The amounts required pursuant to NAC 720.430 and 720.810.
3. Proof of his or her identity or, if the certification authority is a business entity, proof of existence and good standing of the certification authority in the following form:
(a) If the certification authority is formed, incorporated, organized, registered, qualified to transact business or otherwise created in the State of Nevada pursuant to the provisions of title 7 of NRS, a certificate of existence and good standing from the Secretary of State. To comply with the provisions of this paragraph, the certification authority must submit a separate application to the Secretary of State to receive a certificate of existence and good standing.
(b) If the certification authority is formed, incorporated, organized, registered, qualified to transact business or otherwise created in a state or territory other than the State of Nevada, in the District of Columbia, in a possession of the United States or in a foreign country, a certificate of existence and good standing if the jurisdiction has such a certificate, or an equivalent form signifying that the certification authority has been formed, incorporated, organized, registered, qualified to transact business or otherwise created in that jurisdiction from the appropriate governmental agency of each jurisdiction in which the certification authority is formed, incorporated, organized, registered, qualified to transact business or otherwise created.
4. Proof that he or she has suitable insurance.
5. A report of an audit of the policies, practices, procedures, facilities and computer hardware and software of the applicant which:
(a) Establishes that the applicant operates a trustworthy system; and
(b) Was obtained pursuant to an audit performed in compliance with the requirements of NAC 720.320 and 720.330, except that the audit and report required for the initial issuance of a license is not required to include any matters other than compliance with the requirements of paragraph (a).
6. The documentation required pursuant to NAC 720.340.
7. A certification practice statement that complies with the requirements of NAC 720.360.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99; A by R040-03, 12-4-2003)
NAC 720.280 Application for license. (NRS 720.150) An application for the issuance or renewal of a license must be on a form prescribed by the Secretary of State and include:
1. The name of the applicant;
2. The mailing address and, if different, the physical address of the applicant;
3. The telephone number of the applicant;
4. The electronic mail address of the applicant;
5. The name and address of the registered agent in this State for service of process upon the applicant, including the physical address and, if different, the mailing address; and
6. The names of all operative personnel of the applicant.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.290 Insurance: Minimum requirements; proof. (NRS 720.150)
1. Except as otherwise provided in NAC 720.260, a licensee shall maintain a policy of insurance issued by an insurance company authorized to do business in this State, which:
(a) Provides the licensee with coverage for:
(1) Professional liability in an amount of not less than $5,000,000; and
(2) Commercial general liability in an amount of not less than $10,000,000; and
(b) Contains a provision that requires the insurance company to notify the Secretary of State at least 30 days before cancellation or nonrenewal of the policy.
2. For the purposes of this chapter, proof of the policy of insurance required by subsection 1 must:
(a) Be in a form that is prescribed or approved by the Secretary of State;
(b) Identify the insurance company by name, mailing address and physical address, and include the number or a copy of the document authorizing the insurance company to do business in this State; and
(c) Identify the licensee for whom the policy is issued.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.300 Trustworthy system: Minimum requirements. (NRS 720.150) A licensee shall maintain such policies, practices, procedures and facilities as are necessary to ensure that his or her system of computer hardware and software:
1. Is reasonably secure from intrusion and misuse;
2. Provides a reasonable level of availability, reliability and correct operation;
3. Is reasonably suited to performing its intended functions; and
4. Is in material compliance with the provisions of the CSPP - Guidance for COTS Security Protection Profiles, Version 1.0 and the WebTrust Program for Certification Authorities, Version 1.0, as adopted by reference pursuant to NAC 720.200. The Secretary of State will determine whether compliance is material:
(a) In accordance with the provisions of this chapter; and
(b) In a manner that is consistent with state and federal law and reasonable for the context in which the system is used.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99; A by R040-03, 12-4-2003)
NAC 720.310 Trustworthy system: Use. (NRS 720.150) A licensee shall use only a trustworthy system to:
1. Issue, suspend or revoke a certificate; and
2. Publish in a recognized repository or otherwise give notice of the issuance, suspension or revocation of a certificate.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.320 Compliance audit: Performance; report to Secretary of State. (NRS 720.150)
1. A licensee shall obtain an audit at least once each year to receive an opinion as to whether the licensee is in material compliance with the requirements of this chapter. If the Secretary of State has designated a repository operated by the licensee as a recognized repository, the audit must include the operation of the recognized repository.
2. The auditor shall exercise reasonable professional judgment in determining whether a condition that is not in strict compliance with the requirements of this chapter is material, taking into consideration the particular circumstances and context. In addition to any other conditions the auditor determines to be material, the auditor shall consider as material:
(a) Any condition relating to the validity of a certificate that does not comply with the requirements of this chapter.
(b) Noncompliance with the requirements of NAC 720.350.
(c) Noncompliance with the provisions of this chapter regarding the use of a trustworthy system.
3. The licensee must file a copy of the audit report with the Secretary of State before his or her license may be renewed. The report may be filed electronically if the electronic message complies with the requirements of this chapter. The licensee is not required to file the complete audit report if he or she files a summary of the report that:
(a) States the target of evaluation of the audit;
(b) Describes all audit exceptions and conditions of noncompliance included in the complete report, including, without limitation, any conditions described in subsection 2; and
(c) Bears the signature of the auditor.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.330 Compliance audit: Qualifications of auditor. (NRS 720.150) Each audit required pursuant to NAC 720.320 must be performed by a certified public accountant who:
1. Is certified pursuant to chapter 628 of NRS or a similar law of another jurisdiction; and
2. Holds or, for the purpose of the audit, employs, contracts with or associates with a person who holds a current certification as:
(a) A certified information systems auditor issued by the Information Systems Audit and Control Association; or
(b) A certified information systems security professional issued by the International Information Systems Security Certification Consortium.
Ê The audit report or a letter accompanying that report must disclose the name of each person who possesses the certification required pursuant to this section.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.340 Qualifications of operative personnel. (NRS 720.150)
1. An applicant for the issuance or renewal of a license must submit to the Secretary of State such documentation as the Secretary of State requires to ensure that all operative personnel of the applicant are qualified to act in that capacity. The documentation must include, for each person who acts in that capacity:
(a) A declaration, executed by the person under penalty of perjury, that:
(1) Specifies the person’s name, including all names by which he or she has been known in the past, his or her date of birth and his or her business address; and
(2) Specifies each country, other than the United States, in which the person resided during the past 5 years and states the period of that residency;
(b) Two sets of fingerprint cards that have been completed by a recognized law enforcement agency;
(c) An executed Law Enforcement Record Form No. 3321-SA or equivalent authorization for the release of information contained in records of law enforcement;
(d) Written authorization for the Secretary of State to submit the fingerprint cards to the Central Repository for Nevada Records of Criminal History for further submission to the Federal Bureau of Investigation and to receive reports regarding the criminal histories of the subjects of the fingerprint cards; and
(e) The amount of the fees charged by any local agencies of law enforcement, the Central Repository for Nevada Records of Criminal History and the Federal Bureau of Investigation for the handling of the fingerprint cards and issuance of the reports of criminal histories.
2. For the issuance or renewal of a license, the reports received pursuant to subsection 1 must indicate that the applicant and all operative personnel of the applicant:
(a) Have not been convicted in any jurisdiction during the 7 years immediately preceding the date the application for the issuance or renewal of a license is submitted of any felony; and
(b) Have never been convicted in any jurisdiction of a crime involving fraud, deception or a false statement.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99; A by R040-03, 12-4-2003)
NAC 720.350 Persons convicted of certain crimes not to act as operative personnel. (NRS 720.150)
1. A licensee shall not allow any person to undertake any of the responsibilities or duties of his or her operative personnel if the licensee knows or, based upon the records provided to the Secretary of State pursuant to NAC 720.340, should know that the person:
(a) Has been convicted in any jurisdiction during the 7 years immediately preceding the date the application for the issuance or renewal of a license is submitted of any felony; or
(b) Has ever been convicted in any jurisdiction of a crime involving fraud, deception or a false statement.
2. If a licensee discovers that a person who has undertaken any of the responsibilities or duties of his or her operative personnel has been convicted as described in subsection 1, the licensee shall:
(a) Immediately remove the person from that position; and
(b) Within 3 business days after making that discovery, notify the Secretary of State of his or her action to remove the person from that position.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99; A by R040-03, 12-4-2003)
NAC 720.360 Certification practice statement: Filing and publication; contents. (NRS 720.150) A licensee shall file with the Secretary of State and publish a certification practice statement that includes, without limitation:
1. A description of the policies, practices and procedures of the licensee for the creation, issuance, distribution, management, storage, suspension, revocation and renewal of certificates;
2. If certificates are issued by class, the necessary criteria for each class, including the methods for identifying subscribers applicable to each class;
3. A written description of all representations required by the licensee from a subscriber regarding the responsibility of the subscriber to protect his or her private key; and
4. A disclosure of any:
(a) Warnings, limitations on liability, disclaimers of warranty and provisions for indemnity and holding harmless upon which the licensee intends to rely;
(b) Disclaimers and limitations on obligations, losses or damages to be asserted by the licensee; and
(c) Mandatory procedures for the resolution of disputes, including any provisions regarding the choice of forum or applicable law.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.370 Disclosure records: Publication and updating by Secretary of State. (NRS 720.150)
1. The Secretary of State will publish a disclosure record for each licensee that includes, without limitation:
(a) The name, mailing address, telephone number and electronic mail address of the insurance company that issued suitable insurance for the licensee;
(b) A copy of the most recent certification practice statement filed with the Secretary of State by the licensee pursuant to this chapter;
(c) A copy of the summary or report of the most recent audit of the licensee filed with the Secretary of State pursuant to this chapter;
(d) Information regarding the current status of the license, including a disclosure of any suspension or revocation and, if a suspension or revocation is currently pending proceedings for administrative or judicial review, a statement of that fact;
(e) A statement of whether a repository operated by the licensee has been designated as a recognized repository and information sufficient to locate or identify any repository the licensee operates or otherwise uses;
(f) A list of all judgments regarding the licensee filed with the Secretary of State pursuant to NAC 720.410 within the past 5 years; and
(g) Any other information required by this chapter.
2. The Secretary of State will update a disclosure record when he or she discovers that any information contained in the disclosure record has changed or is no longer accurate.
3. In carrying out this section, the Secretary of State will rely on records received by his or her office and is not obligated to conduct any investigation or other inquiry regarding the information contained in those records.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.380 Imposition of restrictions on operation of licensee. (NRS 720.150) The Secretary of State may:
1. As a condition to the issuance and retention of a license, impose any restrictions on the operation of the licensee as he or she deems appropriate; and
2. Maintain in his or her file for the licensee a written record of the basis for imposing the restrictions.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.390 Creation and retention of records by licensee. (NRS 720.150)
1. A licensee shall:
(a) Create and retain such records as are necessary for the licensee to demonstrate compliance with this chapter.
(b) Retain each notice of the suspension or revocation of a certificate given by the licensee pursuant to NAC 720.600.
(c) Create and retain a database that contains a record of the identity of each subscriber named in a certificate issued by the licensee, which must include the number and date of issuance of the certificate and each fact represented in the certificate.
(d) Create and retain a database that contains a record of each time stamp the licensee appends or attaches to a message, digital signature or certificate, which must include sufficient information to identify the relevant subscriber and message, digital signature or certificate.
2. The records required pursuant to:
(a) Paragraphs (a) and (b) of subsection 1 must be retained for not less than 5 years.
(b) Paragraph (c) of subsection 1 must be retained for not less than 10 years after the date the certificate expires or is revoked.
(c) Paragraph (d) of subsection 1 must be retained for not less than 10 years after the date the time stamp is appended or attached.
3. The records required pursuant to subsection 1 must be:
(a) Set forth on paper, retrievable from a computer or created and retained in any other form authorized by the State Library and Archives Administrator pursuant to NRS 378.255 or 378.280 for the retention of records; and
(b) Indexed, stored, preserved and reproduced in such a manner as to remain accurate, complete and accessible to an auditor.
4. This section does not require the inclusion of:
(a) Any of the extensions of data specified in section 4.2 of the technical standards designated as X.509, Version 3, as adopted by reference pursuant to NAC 720.200; or
(b) Any information that would compromise the security of the licensee, in any record that is publicly accessible.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.400 Duties of licensee discontinuing services as certification authority. (NRS 720.150) A licensee who intends to discontinue providing services as a certification authority shall:
1. Before discontinuing those services, notify the subscribers identified in all valid certificates issued by the licensee;
2. Take such commercially reasonable efforts as are necessary to minimize disruption to those subscribers and to persons who rely on those certificates; and
3. Make reasonable arrangements for the preservation of the records of the licensee relating to his or her services as a certification authority. If the licensee is unable to make other reasonable arrangements for the preservation of those records, the licensee shall:
(a) Revoke all valid certificates the licensee has issued and return all his or her records regarding those certificates to the appropriate subscribers; or
(b) Submit those records to such other licensees as the Secretary of State designates for that purpose.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.410 Filing of judgments against licensees; scope of liability of recognized certification authority. (NRS 720.150)
1. A licensee shall file with the Secretary of State a certified copy of each judgment entered against the licensee for damages resulting from any acts of the licensee within the scope of his or her activities as a certification authority.
2. Except as otherwise provided in this chapter, a recognized certification authority is not liable for:
(a) Any damages incurred by a person who relies on a certificate issued by the certification authority, or on any representation contained in the certificate which the certification authority is required to confirm, that exceed any recommended limit of reliance clearly specified in the certificate and in the last certification practice statement filed by the certification authority with the Secretary of State pursuant to this chapter before the reliance occurred.
(b) Any loss caused by the failure of the certification authority to comply with any provision of this chapter regarding the issuance of a certificate, in excess of any recommended limit of reliance specified in the certificate.
(c) Any loss caused by the reliance of a person on a false or forged digital signature of a subscriber identified in a certificate issued by the certification authority if the certification authority complied with all the material requirements of this chapter regarding the certificate. This subsection does not relieve a certification authority from liability for any failure to act in good faith or for the breach of any promise, warranty or certification provided pursuant to NAC 720.480 or 720.490.
(d) Any punitive or exemplary damages resulting from the reliance of a person on a certificate issued by the certification authority.
(e) Any damages for pain and suffering resulting from the reliance of a person on a certificate issued by the certification authority.
3. A recognized certification authority may waive any of the provisions of subsection 2.
4. A recognized certification authority may liquidate, limit, alter or exclude liability for any consequential or incidental damages resulting from the reliance of a person on a certificate issued by the certification authority by:
(a) Agreement with the person who incurs the loss; or
(b) Notification of the person who incurs the loss, before he or she relies on the certificate, of the liquidation, limitation, alteration or exclusion,
Ê if the liquidation, limitation, alteration or exclusion is not unconscionable.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.420 Recognition of foreign license. (NRS 720.150)
1. The Secretary of State may recognize a foreign license, in whole or in part, if:
(a) The certification authority who holds the foreign license, in addition to complying with any other legal requirements for the transaction of business in this State, submits to the Secretary of State:
(1) An application for the recognition of his or her foreign license;
(2) A certified copy of his or her foreign license; and
(3) The amounts required pursuant to NAC 720.430 and 720.810; and
(b) The Secretary of State determines that the governmental entity that issued the foreign license imposes requirements substantially similar to the requirements of this chapter.
2. The Secretary of State will determine that the requirements of a governmental entity are substantially similar to the requirements of this chapter if, in addition to any other factors the Secretary of State deems to be material, the governmental entity requires that a certification authority must, as a condition to holding the foreign license:
(a) Issue certificates:
(1) Based upon an asymmetric cryptosystem; and
(2) Using a trustworthy system;
(b) Maintain a policy of insurance which provides not less than the minimum amounts of coverage required by NAC 720.290;
(c) Employ as operative personnel only persons who have not been convicted of a felony within the past 7 years and have never been convicted of a crime involving fraud, deception or a false statement; and
(d) Comply with a legally established system for the enforcement of the requirements of that governmental entity regarding digital signatures.
3. The Secretary of State will:
(a) Make available, upon request, a list of the governmental entities that the Secretary of State has determined meet the requirements of subsection 2; and
(b) Consider a governmental entity for addition to that list upon:
(1) The request of the governmental entity or a certification authority licensed by the governmental entity; and
(2) The receipt of a copy of the licensing requirements of the governmental entity, together with an English translation if it is in a foreign language.
4. The recognition of a foreign license pursuant to this section is valid:
(a) Until the foreign license expires or otherwise becomes invalid; or
(b) For 1 year,
Ê whichever period is less.
5. The provisions of this section do not prohibit a certification authority who holds a foreign license from obtaining a license pursuant to the other provisions of this chapter.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.430 Licensing fees. (NRS 720.150, 720.180) The Secretary of State will charge, in addition to any other amounts required pursuant to this chapter, the following licensing fees:
1. For the issuance or renewal of a license, $1,000.
2. For the recognition of a foreign license, $1,000.
3. For the designation of a repository as a recognized repository, $1,000.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
CERTIFICATE: ISSUANCE AND PUBLICATION
NAC 720.450 Prerequisites to issuance of certificate to subscriber. (NRS 720.150)
1. A certification authority may issue a certificate to a subscriber only after the certification authority has:
(a) Received a request for the issuance of a certificate signed by the prospective subscriber; and
(b) Confirmed, which must include requiring a subscriber and the subscriber’s agent or agents to certify the accuracy of relevant information under penalty of perjury, that:
(1) The prospective subscriber is the person to be identified in the requested certificate;
(2) The prospective subscriber rightfully holds a private key which:
(I) Is capable of creating a digital signature; and
(II) Corresponds to the public key to be set forth in the requested certificate;
(3) The public key to be set forth in the requested certificate can be used to verify a digital signature affixed by the private key held by the prospective subscriber;
(4) The information to be included in the requested certificate is accurate;
(5) The requested certificate provides sufficient information to locate or identify one or more repositories in which the certificate will be stored and, if the certificate is suspended or revoked, notice of the suspension or revocation will be published; and
(6) If the prospective subscriber is acting through one or more agents, the prospective subscriber has:
(I) Authorized the agent or agents to have custody of his or her private key, to request the issuance of a certificate setting forth the corresponding public key and to sign digitally on behalf of the prospective subscriber; and
(II) Ensured that adequate safeguards exist to prevent the creation of a digital signature that exceeds any limitations on the authority of the agent or agents.
2. A certification authority shall, when seeking to obtain any other information material to the issuance of a certificate, require the subscriber and the subscriber’s agent or agents to certify the accuracy of relevant information under penalty of perjury.
3. The provisions of this section may not be waived, disclaimed or otherwise limited by agreement.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.460 Confirmation of identity of prospective subscriber. (NRS 720.150)
1. When carrying out the provisions of NAC 720.450 requiring a certification authority to confirm that a prospective subscriber is the person to be identified in a requested certificate, a certification authority shall make such an inquiry into the identity of the prospective subscriber as is reasonable based upon:
(a) Any representations the certification authority will make regarding the reliability of the certificate, including any recommended limit of reliance;
(b) Any recommendations the certification authority will make regarding the use or application of the certificate; and
(c) Whether the certificate will be a transactional certificate.
2. If the prospective subscriber appears before the certification authority and presents a current:
(a) Identifying document issued by or under the authority of the United States or another country; or
(b) Driver’s license or other identifying document issued by a state of the United States,
Ê which is reviewed and accepted by a notary public or any operative personnel of the certification authority, there is a rebuttable presumption that the certification authority has confirmed that the prospective subscriber is the person to be identified in the requested certificate.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.470 Contents of certificate. (NRS 720.150) A certificate:
1. Must indicate the date upon which the certificate expires.
2. May include, without limitation, any disclaimers and limitations on obligations, losses or damages to be asserted by the certification authority who issues the certificate.
3. Must comply with the standards for basic certificate fields specified in section 4.1 of the technical standards designated as X.509, Version 3, as adopted by reference pursuant to NAC 720.200, except that fields are not required for extensions of data. If fields are used for extensions of data:
(a) The use must conform to the guidelines specified in sections 4.1.2.1 and 4.2 of the technical standards designated as X.509, Version 3, as adopted by reference pursuant to NAC 720.200; and
(b) The fields may be displayed on the certificate.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.480 Warranties, promises and certifications by Secretary of State. (NRS 720.150) Except as otherwise provided in NAC 720.610, if the Secretary of State:
1. Issues a certificate, the Secretary of State:
(a) Warrants to the subscriber named in the certificate that the certificate:
(1) Contains no information known by the Secretary of State to be false; and
(2) Satisfies all material requirements of this chapter.
(b) Promises to the subscriber named in the certificate:
(1) To act promptly to suspend or revoke a certificate in accordance with this chapter; and
(2) To notify the subscriber within a reasonable time of any facts known to the Secretary of State that significantly affect the validity or reliability of the certificate after issuance.
2. Issues and publishes a certificate, the Secretary of State certifies to all persons who reasonably rely on the information contained in the certificate or on a digital signature verifiable by the public key set forth in the certificate that:
(a) The Secretary of State has issued the certificate to the subscriber;
(b) The subscriber has accepted the certificate;
(c) The information in the certificate identified as confirmed by the Secretary of State was accurate when the certificate was issued; and
(d) All information foreseeably material to the reliability of the certificate is stated or incorporated by reference in the certificate.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.490 Warranties, promises and certifications by other certification authorities. (NRS 720.150)
1. Except as otherwise provided in NAC 720.480 and 720.610, a certification authority:
(a) By issuing a certificate:
(1) Warrants to the subscriber named in the certificate that:
(I) The certificate contains no information known by the certification authority to be false;
(II) The certificate satisfies all material requirements of this chapter; and
(III) The certification authority has not exceeded any limitations on his or her authority in issuing the certificate.
(2) Promises to the subscriber named in the certificate, unless the certification authority and subscriber agree otherwise:
(I) To act promptly to suspend or revoke a certificate in accordance with this chapter; and
(II) To notify the subscriber within a reasonable time of any facts known to the certification authority that significantly affect the validity or reliability of the certificate after issuance.
(3) Certifies to all persons who reasonably rely on the information contained in the certificate or on a digital signature verifiable by the public key set forth in the certificate that:
(I) The subscriber has accepted the certificate;
(II) The information in the certificate identified as confirmed by the certification authority was accurate when the certificate was issued;
(III) All information foreseeably material to the reliability of the certificate is stated or incorporated by reference in the certificate; and
(IV) The certification authority has complied with all applicable laws and regulations of this State governing the issuance of the certificate.
(b) By publishing a certificate, certifies to the repository where the certificate is published and to all persons who reasonably rely on the information contained in the certificate that the certification authority has issued the certificate to the subscriber.
2. Except as otherwise provided in this section, the provisions of this section may not be waived, disclaimed or otherwise limited by agreement.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.500 Certification of authority of person requesting certificate. (NRS 720.150)
1. Except as otherwise provided in NAC 720.610, by requesting the issuance of a certificate as an agent of the subscriber to be identified in the certificate, the person requesting the certificate certifies to all persons who reasonably rely on the information contained in the certificate that he or she has the legal authority to:
(a) Apply for the issuance of the certificate; and
(b) Sign digitally on behalf of the subscriber and that, if this authority is limited in any way, adequate safeguards exist to prevent the creation of a digital signature that exceeds the limitations on his or her authority.
2. No person may waive, disclaim or otherwise limit by agreement or obtain indemnity from the provisions of this section in such a manner as to limit his or her liability for any misrepresentation of fact to any person who reasonably relies on a certificate.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.510 Certifications by subscriber. (NRS 720.150)
1. Except as otherwise provided in NAC 720.610, by accepting a certificate, the subscriber identified in the certificate certifies to all persons who reasonably rely on the information contained in the certificate that:
(a) The subscriber rightfully holds the private key that corresponds to the public key set forth in the certificate;
(b) All representations made by the subscriber to the certification authority who issued the certificate which are material to the information set forth in the certificate are true; and
(c) All material representations included in the certificate and not confirmed by the certification authority are true.
2. No person may waive, disclaim or otherwise limit by agreement or obtain indemnity from the provisions of this section in such a manner as to limit his or her liability for any misrepresentation of fact to any person who reasonably relies on a certificate.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.520 Indemnification of certification authority for certain losses or damages. (NRS 720.150)
1. Except as otherwise provided in NAC 720.610, by accepting a certificate, the subscriber identified in the certificate and any agent of the subscriber who requested the issuance of the certificate promise to indemnify the certification authority who issued the certificate for any loss or other damage resulting from the issuance or publication of the certificate in reliance upon any:
(a) Misrepresentation of a material fact by the subscriber or an agent of the subscriber; or
(b) Failure by the subscriber or an agent of the subscriber to disclose a material fact,
Ê if the misrepresentation or failure to disclose was negligent or intended to deceive the certification authority or a person relying on the certificate.
2. The provisions of this section may not be waived, disclaimed or otherwise limited by agreement, but consistent, additional terms may be provided by agreement.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.530 Private key: Promises and property right of subscriber. (NRS 720.150)
1. Except as otherwise provided in subsection 2, by accepting a certificate, the subscriber identified in the certificate promises to exercise reasonable care to retain control of the corresponding private key and prevent its disclosure to any person who is not authorized to create the digital signature of the subscriber until:
(a) The expiration of the certificate;
(b) Notice of the revocation of the certificate is published pursuant to NAC 720.600; or
(c) One business day after the subscriber has submitted to the certification authority who issued the certificate a written request for the revocation of the certificate and such evidence as is reasonably sufficient to confirm that the person requesting the revocation is the subscriber or an agent of the subscriber who is authorized to make the request,
Ê whichever occurs first.
2. By accepting a transactional certificate, the subscriber identified in the certificate promises to exercise reasonable care to retain control of the corresponding private key and prevent its disclosure to any person who is not authorized to create the digital signature of the subscriber until:
(a) The expiration of the certificate; or
(b) Notice of the revocation of the certificate is published pursuant to NAC 720.600,
Ê whichever occurs first.
3. The provisions of subsections 1 and 2 may not be waived, disclaimed or otherwise limited by agreement.
4. A private key is the personal property of the subscriber who rightfully holds the private key.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.540 Publication of certificate by Secretary of State or licensee. (NRS 720.150)
1. If the Secretary of State issues a certificate and:
(a) The subscriber accepts the certificate, the Secretary of State will publish a signed copy of the certificate in a recognized repository.
(b) The subscriber does not accept the certificate, the Secretary of State will not publish the certificate or, if the Secretary of State has already published the certificate, will cancel that publication.
2. If a licensee issues a certificate and:
(a) The subscriber accepts the certificate, the licensee shall, except as otherwise provided by agreement between the licensee and subscriber:
(1) Publish the certificate in compliance with any applicable policies for the publication of certificates contained in the certification practice statement of the licensee; or
(2) If the licensee has not included in his or her certification practice statement any applicable policies for the publication of certificates, publish a signed copy of the certificate in a recognized repository agreed upon by the licensee and subscriber.
(b) The subscriber does not accept the certificate, the licensee shall not publish the certificate or, if the licensee has already published the certificate, shall cancel that publication.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
CERTIFICATE: REVOCATION, SUSPENSION AND EXPIRATION
NAC 720.550 Revocation of certificate not issued in accordance with requirements; suspension to conduct investigation; notification of subscriber. (NRS 720.150)
1. If a certification authority confirms that a certificate he or she has issued was not issued in accordance with the requirements of NAC 720.450, the certification authority shall immediately revoke the certificate.
2. A certification authority may suspend a certificate he or she has issued for such a period, not to exceed 5 business days, as is necessary for the certification authority to conduct an investigation to confirm any grounds for revocation of the certificate pursuant to subsection 1.
3. A certification authority shall notify the subscriber as soon as practicable after the certification authority determines to suspend or revoke a certificate pursuant to this section.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.560 Order by Secretary of State to revoke or suspend certificate; notification; compliance with order. (NRS 720.150)
1. The Secretary of State may:
(a) Order a certification authority to revoke a certificate the certification authority has issued if, after providing the certification authority and subscriber with notice of the proposed order and an opportunity to be heard on the matter, the Secretary of State determines that:
(1) The certificate was issued without substantial compliance with the provisions of this chapter; and
(2) The noncompliance poses a significant risk to persons who may reasonably rely on the certificate.
(b) Without a prior hearing, order a certification authority to suspend, for not more than 5 business days, a certificate the certification authority has issued if the Secretary of State determines that an emergency requires an immediate remedy. If the certification authority:
(1) Is a licensee, the Secretary of State will mail a copy of the order, together with a summary of the facts upon which he or she based his or her determination, to the licensee at the mailing address or electronic mail address of the licensee specified on the application for the license; or
(2) Is not a licensee, the Secretary of State will provide the certification authority with notice of the order in such a manner as is reasonable under the circumstances.
Ê After issuing an order pursuant to this paragraph, the Secretary of State will proceed as quickly as feasible to complete the proceedings in the manner otherwise provided pursuant to the provisions of chapter 233B of NRS.
2. A certification authority shall comply with any order issued by the Secretary of State pursuant to this section within 24 hours after the certification authority receives the order.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.570 Suspension upon request by appropriate person. (NRS 720.150)
1. Except as otherwise provided in this section, a certification authority shall, within 24 hours after the receipt of all information he or she requires pursuant to this subsection, suspend a certificate the certification authority has issued, for not more than 5 business days, if the suspension is requested by a person whom the certification authority reasonably believes to be an appropriate person. The certification authority is not required to confirm that the person requesting the suspension is an appropriate person, but may require the person to provide evidence, which may include a statement given under oath or affirmation, that the person is an appropriate person.
2. A person who requests the suspension of a certificate pursuant to subsection 1 shall not misrepresent his or her identity or authority to request the suspension.
3. The subscriber identified in a certificate may agree with the certification authority who issues the certificate to limit or preclude the suspension of the certificate pursuant to subsection 1, except that such an agreement is effective only if notice of the agreement is published in the certificate or in the certification practice statement of the certification authority.
4. A certification authority may not suspend a transactional certificate pursuant to this section.
5. As used in this section, “appropriate person” means the subscriber named in a certificate or a person authorized to act on his or her behalf.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.580 Termination of requested suspension. (NRS 720.150) Except as otherwise agreed by a subscriber and certification authority, the certification authority shall terminate the suspension of a certificate pursuant to NAC 720.570 if:
1. The termination is requested by a person who the certification authority confirms is the subscriber named in the suspended certificate or an agent of the subscriber who is authorized to request the termination; or
2. The certification authority discovers and confirms that the request for suspension was made without the authorization of the subscriber. This subsection does not require a certification authority to confirm a request for the suspension of a certificate pursuant to NAC 720.570.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.590 Revocation of certificate by certification authority upon receipt of request or certain information. (NRS 720.150)
1. Except as otherwise provided in subsection 2, a certification authority shall revoke a certificate he or she has issued:
(a) Within 1 business day after the certification authority receives:
(1) A written request for the revocation from the subscriber named in the certificate or an agent of the subscriber who is authorized to request the revocation; and
(2) Such evidence as is reasonably sufficient to confirm that the person requesting the revocation is the subscriber or an agent of the subscriber who is authorized to make the request;
(b) Upon receiving a certified copy of the death certificate of the subscriber or confirming by other evidence that the subscriber is dead; or
(c) Upon receiving documents effecting the dissolution of the subscriber or confirming by other evidence that the subscriber has been dissolved or otherwise ceases to exist, except that the certification authority is not required to revoke the certificate if he or she ascertains, before completing the revocation of the certificate, that the dissolution has been rescinded or that the existence of the subscriber has otherwise been restored.
2. A certification authority may not revoke a transactional certificate pursuant to subsection 1.
3. A certification authority may revoke a certificate he or she has issued if the certificate is or becomes unreliable, regardless of whether the subscriber consents to the revocation and notwithstanding any agreement to the contrary between the certification authority and subscriber.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.600 Notice of suspension or revocation. (NRS 720.150)
1. Immediately upon the suspension or revocation of a certificate pursuant to this chapter, the certification authority who issued the certificate shall, except as otherwise provided in subsection 2, give notice of the suspension or revocation in such a manner as is specified in the certificate. If the certificate specifies that the notice must be given in one or more repositories, the certification authority shall publish a signed notice of the suspension or revocation:
(a) In each of the specified repositories that will accept publication; and
(b) In a recognized repository if:
(1) Any of the specified repositories refuse to accept publication or have ceased to exist; or
(2) None of the specified repositories is a recognized repository.
2. The Secretary of State will not give notice of a suspension requested pursuant to NAC 720.570 unless the person requesting the suspension pays in advance any fee for publication required by each repository where the notice is to be published.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.610 Discharge of certification authority or subscriber from responsibility for certain transactions. (NRS 720.150)
1. Upon giving notice of the revocation of a certificate as required pursuant to NAC 720.600, the certification authority who issued the certificate is discharged from any liability or other responsibility, with regard to any transactions occurring after the notice is given, for any promise, warranty or certification provided pursuant to NAC 720.480 or 720.490 regarding the certificate.
2. When a certificate expires, the certification authority who issued the certificate, the subscriber identified in the certificate and the agents of that subscriber are discharged from any liability or other responsibility, with regard to any transactions occurring after the expiration occurs, for any promise, warranty or certification provided pursuant to NAC 720.480, 720.490, 720.500, 720.510 or 720.520 regarding the certificate.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
RECOGNIZED REPOSITORIES
NAC 720.650 Designation. (NRS 720.150)
1. The Secretary of State may designate a repository as a recognized repository after he or she:
(a) Receives:
(1) An application for such a designation submitted by a licensee;
(2) Such evidence as he or she deems sufficient to determine that the licensee and repository meet the requirements of this chapter; and
(3) Except as otherwise provided in NAC 720.260, the amounts required pursuant to NAC 720.430 and 720.810; and
(b) Determines, if the repository will publish certificates that are not issued by recognized certification authorities, that the certification authorities issuing those certificates conform to legally binding requirements that the Secretary of State determines to be substantially similar to or more stringent than the requirements of this chapter.
2. The designation of a repository as a recognized repository is valid for 1 year unless the designation is revoked or otherwise terminated at an earlier date.
3. The operator of a recognized repository may discontinue its designation as such by:
(a) Filing a notice of discontinuance with the Secretary of State at least 30 days before the date of discontinuance; and
(b) Complying with NAC 720.690.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.660 Application for designation. (NRS 720.150) An application for designation as a recognized repository must be on a form prescribed by the Secretary of State and include:
1. The name of the licensee or applicant for a license who will operate the repository;
2. The mailing address and, if different, the physical address of the applicant;
3. The telephone number of the applicant;
4. The electronic mail address of the applicant;
5. The electronic mail address of the repository; and
6. A description of the computer hardware, software and database of the repository that demonstrates compliance with the requirements of this chapter.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.670 Operation. (NRS 720.150) A recognized repository:
1. Must be operated by a licensee;
2. Must operate by means of a trustworthy system that:
(a) Provides access to the repository on-line through the Internet on a continuous basis, except for such periods as are reasonably required for scheduled maintenance;
(b) Has the capacity to process transactions in a reasonably adequate manner for the anticipated volume of transactions; and
(c) Provides for the periodic reproduction and secure storage of data, in accordance with NRS 239.051, in a location other than the location of the principal system of the repository;
3. Must include a database that contains:
(a) Certificates that are published in the repository;
(b) Notices of suspended or revoked certificates that are published by recognized certification authorities;
(c) A record of certificates that have expired or been suspended or revoked pursuant to this chapter; and
(d) Any other information required by the Secretary of State; and
4. Must not contain a significant amount of information that is known or reasonably likely to be untrue, inaccurate or unreliable.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.680 Revocation of designation; notice to licensee. (NRS 720.150)
1. The designation of a repository as a recognized repository shall be deemed revoked immediately upon the expiration or revocation of the license of the licensee who operates the repository.
2. The Secretary of State may, in accordance with subsection 3 and without revoking the license of the licensee who operates a recognized repository, revoke the designation of the repository as a recognized repository if the Secretary of State determines that the licensee or repository is not in compliance with all the provisions of this chapter.
3. The Secretary of State will inform a licensee who operates a recognized repository of his or her determination to revoke that designation by mailing a written notice to the mailing address and electronic mail address of the licensee specified on the application for the designation of the repository as a recognized repository. The notice must state the date when the revocation becomes effective, which must not occur until at least 30 days after the mailing of the notice. If the licensee files an application for a hearing on the matter before the effective date specified in the notice, the revocation does not become effective until so ordered by the hearing officer.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.690 Cessation of operation. (NRS 720.150) If a repository of a licensee ceases to operate as a recognized repository, the licensee shall publish the information maintained in the repository in another recognized repository.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.700 State repository. (NRS 720.150)
1. The Secretary of State may operate or contract for the operation of a state repository. If the Secretary of State contracts for the operation of the repository by an entity other than the Division of Enterprise Information Technology Services of the Department of Administration, the contractor must be a licensee and agree to operate the repository in compliance with the provisions of this chapter. The Secretary of State may rescind a contract for the operation of the state repository for:
(a) Any ground that would be sufficient for the revocation of the designation of the repository as a recognized repository; or
(b) Any other legally recognized ground for rescission.
2. If a state repository is operated pursuant to subsection 1, the repository must include:
(a) A disclosure record for each licensee;
(b) A list of all judgments filed with the Secretary of State pursuant to NAC 720.410 within the past 5 years;
(c) Each advisory statement published by the Secretary of State pursuant to NAC 720.800; and
(d) Any other information the Secretary of State deems appropriate for inclusion in the state repository.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.710 Liability of licensee. (NRS 720.150)
1. Except as otherwise provided in this section, a licensee who operates a recognized repository shall agree to pay for any loss incurred by a person who reasonably relies on a digital signature that is verified by the public key set forth in a suspended or revoked certificate, if the reliance occurs:
(a) More than 1 business day after the licensee receives from a recognized certification authority a request to publish notice of the suspension or revocation; and
(b) Before the licensee has published the notice in the recognized repository it operates.
2. Subsection 1 does not require a licensee to agree to pay any:
(a) Punitive or exemplary damages or damages for pain or suffering; or
(b) Amount in excess of any limitations on obligations, losses or damages listed in the suspended or revoked certificate.
3. A licensee may liquidate, limit, alter or exclude liability for any consequential or incidental damages resulting from the requirements of subsection 1 by:
(a) Agreement with the person who incurs the loss; or
(b) Notification of the person who incurs the loss, before he or she relies on the digital signature, of the liquidation, limitation, alteration or exclusion,
Ê if the liquidation, limitation, alteration or exclusion is not unconscionable.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
USE AND EFFECT OF DIGITAL SIGNATURE
NAC 720.750 General provisions. (NRS 720.150)
1. Except as otherwise provided by a specific statute, regulation or contract:
(a) An electronic message that bears in its entirety a digital signature which is verified by the public key set forth in a certificate that was a valid certificate when the digital signature was created, is as valid, enforceable and effective as a record set forth on paper.
(b) An electronic message that is digitally signed shall be deemed to be an original of the message.
(c) A digital signature may be accepted in any manner that is reasonable under the circumstances.
2. Except as otherwise provided by a specific statute or regulation:
(a) An electronic message that bears a digital signature does not constitute an instrument pursuant to chapter 104 of NRS unless all the parties to the transaction agree, including any financial institutions affected by the transaction.
(b) In any action for the adjudication of a dispute involving a digital signature, issues regarding jurisdiction, venue and choice of law must be determined in the same manner as if all transactions had been effected through documents set forth on paper.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.760 Public agency: Acceptance and use of digital signature; confidentiality of private key. (NRS 720.150)
1. Except as otherwise provided by a specific statute or regulation, a public agency shall not accept a digital signature as a substitute for a handwritten or facsimile signature unless the digital signature is verified by a valid certificate.
2. Except as otherwise provided in subsection 3 or by a specific statute or regulation, a public agency shall not use a digital signature to conduct official public business unless the digital signature is verifiable with reference to a public key set forth in a valid certificate that identifies the public agency as the subscriber. A public agency may become the subscriber of a certificate issued by a recognized certification authority to conduct through electronic messages any official public business for which any statute or regulation requires the signature of an officer, employee or other agent of the public agency.
3. Subsection 2 does not apply to the use of a digital signature for internal procedures of a public agency unless otherwise required by a specific statute, regulation or court rule, or by the office of financial management, training and controls of the Department of Administration.
4. A private key held by a public agency or any person on behalf of a public agency, and any information that identifies such a private key are confidential.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.770 Acceptance of digital signature as acknowledgment; liability of certification authority. (NRS 720.150)
1. Except as otherwise provided by a specific statute, regulation or contract, a digital signature that is verifiable with reference to the public key set forth in a valid certificate shall be deemed to satisfy the requirements for an acknowledgment, regardless of whether the person who executed the digital signature appeared before the certification authority or a person who is authorized to take acknowledgments in this State, if:
(a) The digitally signed message includes a statement that the digital signature is intended as an acknowledgment;
(b) The digital signature is verified by the public key set forth in the certificate;
(c) The certificate was a valid certificate when the digital signature was affixed; and
(d) The certificate provides that the digital signature satisfies the requirements for an acknowledgment.
2. If a certificate provides that a digital signature satisfies the requirements for an acknowledgment, the certification authority who issued the certificate is liable for the digital signature to the same extent as if the certification authority was a notary public who had acknowledged the signature, except that his or her liability must not exceed any recommended limit of reliance set forth in the certificate. No certification authority may waive, disclaim or otherwise limit by agreement the provisions of this subsection.
3. As used in this section, “acknowledgment” has the meaning ascribed to it in NRS 240.002.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.780 Reasonable reliance on digital signature or certificate. (NRS 720.150)
1. Except as otherwise provided by a specific statute, regulation or contract, if reliance on a digital signature is not reasonable under the circumstances, the recipient of the digital signature assumes the risk that the digital signature was forged.
2. Any determination of whether it is reasonable to rely upon a certificate or a digital signature verifiable with reference to the public key set forth in a certificate must include, without limitation, an evaluation of:
(a) The facts known to the relying person or of which he or she has notice, including all the facts stated or incorporated by reference in the certificate;
(b) The value or relative importance of the digitally signed message, if known;
(c) The course of dealing between the relying person and the subscriber, and any available indicia of reliability or unreliability other than the digital signature; and
(d) The usage of the trade, particularly trade conducted by trustworthy systems or other computer systems.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.790 Good faith of certification authority, subscriber and recipient of digital signature. (NRS 720.150)
1. A certification authority, a subscriber and a recipient of a digital signature shall use good faith in the use of a digital signature and in conducting any activities governed by the provisions of this chapter.
2. The provisions of subsection 1 may not be waived, disclaimed or otherwise limited by agreement, except that the parties to an agreement may establish the standards by which their good faith with regard to one another will be measured if those standards are not manifestly unreasonable.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
ENFORCEMENT
NAC 720.800 Activities of certification authority that create unreasonable risk prohibited; advisory statement from Secretary of State. (NRS 720.150)
1. A certification authority shall not conduct any activities as a certification authority in any manner that creates an unreasonable risk of loss to any subscriber of the certification authority, any person relying on a certificate issued by the certification authority or any repository.
2. If the Secretary of State determines that the activities of a certification authority create a risk of loss to any subscriber of the certification authority, any person relying on a certificate issued by the certification authority or any repository, the Secretary of State may publish a brief statement generally advising subscribers, persons who rely on digital signatures and repositories about those activities.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.810 Investigation of applicant; payment of costs of investigation. (NRS 720.150, 720.180)
1. The Secretary of State may conduct such an investigation of an applicant as he or she determines is necessary to determine the qualifications of the applicant and whether the applicant is in compliance with the provisions of this chapter and chapter 720 of NRS. Except as otherwise provided in NAC 720.260 or unless waived by the Secretary of State, all fees and other costs incurred by the Secretary of State to conduct the investigation must be paid by the applicant.
2. Before commencing the investigation of an applicant, the Secretary of State may require the applicant to deposit such an amount as the Secretary of State estimates will be necessary to pay the fees and other costs of that investigation. Upon taking final action on the application, the Secretary of State will provide the applicant with an itemized statement of the fees and other costs incurred and refund any unexpended portion of the amount deposited.
3. As used in this section, “applicant” means a person who submits an application pursuant to NAC 720.270, 720.420 or 720.650.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.820 Examination and copying of records of licensee. (NRS 720.150) To determine compliance with this chapter and chapter 720 of NRS, the Secretary of State may:
1. Without prior notice, examine in any manner that is reasonable under the circumstances the records of a licensee, whether maintained within or outside of this State. The licensee shall make his or her records available to the Secretary of State in legible form.
2. Copy any records of a licensee or require the licensee to provide the Secretary of State with copies of any of his or her records, to such an extent and in such a manner as is reasonable under the circumstances.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.830 Investigatory authority of Secretary of State. (NRS 720.150)
1. The Secretary of State may conduct any investigation, whether within or outside of this State, as he or she determines is necessary to ascertain whether a person has violated or is about to violate this chapter or chapter 720 of NRS, or to aid in the enforcement of this chapter or chapter 720 of NRS.
2. To carry out subsection 1, the Secretary of State or any employee designated by the Secretary of State may conduct hearings, administer oaths and affirmations, render findings of fact and conclusions of law, subpoena witnesses, compel their attendance, take evidence and require the production, by subpoena or otherwise, of books, papers, correspondence, memoranda, agreements or other documents or records which the Secretary of State determines to be relevant or material to the investigation. A person whom the Secretary of State does not consider to be the subject of an investigation is entitled to reimbursement at the rate of 25 cents per page for copies of documents which he or she is required by subpoena to produce. The Secretary of State may require or permit a person to file a statement, under oath or otherwise as the Secretary of State determines, as to the facts and circumstances concerning the matter to be investigated.
3. If the activities constituting an alleged violation for which the information is sought would be a violation of this chapter or chapter 720 of NRS had the activities occurred in this State, the Secretary of State may issue and apply to enforce subpoenas in this State at the request of a comparable licensing agency of another state.
4. If a person does not testify or produce any documents as required by a subpoena issued pursuant to this section, the Secretary of State may apply to the court for an order compelling compliance. A request for such an order may be addressed to:
(a) The district court in and for the county where service may be obtained on the person refusing to testify or produce, if the person is subject to service of process in this State; or
(b) A court of another state having jurisdiction over the person refusing to testify or produce, if the person is not subject to service of process in this State.
5. Not later than the time the Secretary of State requests an order for compliance, he or she shall:
(a) Send notice of the request by certified mail, return receipt requested, to the respondent at the last known address of the respondent; or
(b) Take other steps reasonably calculated to give the respondent actual notice.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.840 Payment of costs of investigation of licensee. (NRS 720.150, 720.180)
1. Except as otherwise provided in NAC 720.260, a licensee shall pay all proper costs incurred by the Secretary of State to conduct an investigation of the licensee pursuant to NAC 720.830.
2. The Secretary of State may require the licensee to deposit such an amount as the Secretary of State estimates will be necessary to pay those costs. The licensee shall remit:
(a) The deposit within 15 days after the Secretary of State provides the licensee with a statement of that estimate; and
(b) Any other balance due for the investigation within 45 days after the Secretary of State provides the licensee with a bill for that amount.
Ê The Secretary of State may issue an order for the denial, suspension or revocation of the license of a licensee who fails to comply with the provisions of this subsection.
3. For the purposes of this section, “proper costs” includes, without limitation:
(a) Not less than $500 for the compensation of employees of the Secretary of State for time spent:
(1) Traveling to and from the site of the investigation;
(2) Conducting the investigation; and
(3) Preparing a report of the investigation,
Ê at a rate of $50 per hour for each employee;
(b) The per diem allowance and travel expenses of the employees of the Secretary of State conducting the investigation, as provided for state officers and employees generally; and
(c) The cost of supplies, materials, photocopying and postage incurred in conducting the investigation.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.850 Issuance of orders for enforcement. (NRS 720.150, 720.190)
1. Except as otherwise provided in this section, the Secretary of State may, as appropriate, issue an order denying, suspending or revoking a license, limiting any of the activities as a certification authority in this State of a licensee or an applicant for a license or imposing a civil penalty on a licensee if the Secretary of State determines that the order is in the public interest and that the licensee or applicant for a license has:
(a) Filed with the Secretary of State an application for a license which, on the effective date of the application or, in the case of an order denying a license any date after the filing of the application, was incomplete in a material respect or contained a statement that was, in light of the circumstances under which the statement was made, false or misleading with regard to a material fact;
(b) Violated or failed to comply with a provision of this chapter or chapter 720 of NRS;
(c) Within the last 10 years been convicted of a felony or misdemeanor that the Secretary of State determines to have:
(1) Arisen out of the conduct of business as a certification authority or repository; or
(2) Involved larceny, theft, robbery, extortion, forgery, counterfeiting, fraudulent concealment, embezzlement, fraudulent conversion, misappropriation of money, or any similar offense or conspiracy to commit such an offense;
(d) Been temporarily or permanently enjoined by any court of competent jurisdiction, from:
(1) Performing any activity as a certification authority or repository;
(2) Performing any activity as an affiliated person or employee of a certification authority or repository; or
(3) Engaging in or continuing any conduct or practice in connection with an activity described in subparagraph (1) or (2),
Ê unless the order has been vacated;
(e) Been or is the subject of an order of the Secretary of State for the denial, suspension or revocation of a license, unless the order has been vacated;
(f) Been or is the subject of an order issued within the last 5 years under the authority of another country or state or a Canadian province or territory, after the provision of notice and an opportunity for a hearing:
(1) For the denial, suspension or revocation of a license as a certification authority; or
(2) To cease and desist any activity as a certification authority,
Ê unless the order has been vacated; or
(g) Become insolvent. For the purposes of this paragraph, “insolvent” means that:
(1) The liabilities of a person exceed his or her assets; or
(2) A person is unable to meet his or her obligations as they mature.
2. If the Secretary of State, when a license becomes effective, has knowledge of any fact or transaction for which he or she may issue an order pursuant to subsection 1, the Secretary of State must commence proceedings for the issuance of the order within 90 days after the issuance of the license.
3. If the Secretary of State determines that a licensee or an applicant for a license has ceased to exist or to do business as a certification authority, the Secretary of State may issue an order revoking the license or denying the application for a license.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
PROCEEDINGS
NAC 720.900 Applicability of chapter 233B of NRS; request for administrative hearing. (NRS 720.150)
1. Except as otherwise provided in this chapter, the provisions of this chapter must be carried out in accordance with the provisions of chapter 233B of NRS.
2. A person affected by a determination or action of the Secretary of State made pursuant to this chapter may request an administrative hearing on the matter before a hearing officer by submitting an application for such a hearing to the Secretary of State. The application:
(a) May be submitted on a form provided by the Secretary of State, or on another document or in an electronic message signed by the applicant or his or her representative; and
(b) Must specify each issue to be considered at the hearing.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.910 Persons permitted to appear in representative capacity. (NRS 720.150) No person may appear in a representative capacity in an administrative hearing conducted pursuant to this chapter except:
1. An attorney who is admitted to practice law in this State.
2. An authorized officer, manager, partner or full-time employee of an organization or governmental entity who appears on behalf of the organization or governmental entity.
3. A natural person who represents himself or herself.
4. An interpreter for a person who:
(a) Speaks a language other than English and does not know the English language; or
(b) Is a person with a disability, as that term is defined in NRS 50.050.
5. Such other persons as the hearing officer allows, based upon his or her determination that it would be unduly burdensome to require a person to use one of the representatives identified in subsections 1 and 2.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.920 Rebuttable presumptions. (NRS 720.150) For the purposes of an administrative hearing conducted pursuant to this chapter or any other adjudication of a dispute involving a digital signature, there is a rebuttable presumption that:
1. A certificate that has been:
(a) Digitally signed by a recognized certification authority; and
(b) Published in a recognized repository or otherwise made available by the certification authority who issued the certificate or the subscriber identified in the certificate,
Ê has been issued by that certification authority and accepted by that subscriber.
2. The information set forth in a valid certificate and confirmed by the certification authority who issued the certificate is accurate.
3. If a digital signature is verified by the public key set forth in a valid certificate:
(a) The digital signature is the digital signature of the subscriber identified in that certificate;
(b) The digital signature was affixed by that subscriber with the intention of signing the message;
(c) The message associated with the digital signature has not been altered since the signature was affixed; and
(d) The recipient of that digital signature has no notice or knowledge that:
(1) The subscriber has breached any term of his or her promise pursuant to NAC 720.530; or
(2) The signer does not rightfully hold the private key used to create the digital signature.
4. A digital signature was created before it was time stamped by a disinterested person using a trustworthy system.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.930 Filing of documents in electronic form; service by electronic transmission. (NRS 720.150) In an administrative hearing conducted pursuant to this chapter:
1. A party to the hearing may, unless the hearing officer directs otherwise, file any pleading or other document in electronic form.
2. If a pleading or other document that is filed electronically must be signed, it must be signed with a digital signature that is verifiable by a valid certificate issued by a certification authority who is not a party to the hearing.
3. The service of a pleading or other document by electronic transmission shall be deemed effective upon receipt, except that such an electronic transmission which is sent after 5 p.m. on a business day or at any time on a weekend or state holiday shall be deemed effective at 8 a.m. on the next business day.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.940 Summary proceeding. (NRS 720.150)
1. As an alternative to any other authorized procedure, the Secretary of State may commence a proceeding under this chapter or chapter 720 of NRS by entering a summary order pursuant to this section. The order must be in writing and may be entered without providing any prior notice or opportunity for a hearing, and need not be supported by findings of fact or conclusions of law.
2. Upon the entry of a summary order pursuant to subsection 1, the Secretary of State will promptly notify in writing all persons against whom action is taken or contemplated that the summary order has been entered and the reasons therefor. The Secretary of State will send all persons against whom action is taken a notice of an opportunity for a hearing on the matters set forth in the order. The notice must state that the persons have 15 calendar days after receipt of the notice to mail a written request for a hearing to the Secretary of State.
3. The Secretary of State will set the matter for a hearing on a date not more than 60 or less than 15 calendar days after the receipt of the request for a hearing, and will promptly notify the parties of the time and place for the hearing. The time of the hearing may be continued upon the written request of a party for good cause shown.
4. The Secretary of State may issue an order that makes a summary order final:
(a) Fifteen days after a person against whom action is taken or contemplated receives notice of the right to request a hearing, if that person fails to request a hearing; or
(b) If a party fails to appear at a hearing, on the date set for the hearing.
5. If a hearing is requested, the Secretary of State may:
(a) Extend the summary order until final determination of the matter; or
(b) After providing further notice of an opportunity for a prior hearing to all parties against whom action is taken or contemplated, modify or vacate the summary order.
6. For the purposes of this section, notice is complete:
(a) Upon delivery personally to a person;
(b) By mailing by certified mail to the last known address of a person; or
(c) By mailing by electronic mail to the address of a person specified on an application submitted by the person pursuant to this chapter to the Secretary of State.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
NAC 720.950 Emergency administrative proceeding. (NRS 720.150)
1. To carry out the provisions of this chapter or chapter 720 of NRS and as an alternative to any other authorized procedure, the Secretary of State may use an emergency administrative proceeding pursuant to this section if there is an immediate danger to the public welfare requiring immediate action.
2. The Secretary of State may take only such action pursuant to this section as is necessary to prevent or avoid the immediate danger to the public welfare that justifies the use of an emergency administrative proceeding.
3. An order issued pursuant to this section will include a brief statement of:
(a) Findings of fact;
(b) Conclusions of law; and
(c) The reasons for:
(1) Determining that there is an immediate danger to the public welfare; and
(2) The decision of the Secretary of State to take the specific action ordered.
4. The Secretary of State will give such notice as is practicable to persons who are required to comply with the order. The order is effective when issued.
5. After issuing an order pursuant to this section, the Secretary of State will proceed as quickly as feasible to complete the proceedings in the manner otherwise provided pursuant to the provisions of chapter 233B of NRS.
6. The record of the Secretary of State consists of the documents regarding the matter that were considered or prepared by him or her. The Secretary of State will maintain these documents as the official record.
7. Except as otherwise required by law, the official record need not constitute the exclusive basis for his or her action in an emergency administrative proceeding or for judicial review of the action.
8. An order issued pursuant to this section is subject to judicial review in the manner provided in chapter 233B of NRS for the final decision in a contested case.
(Added to NAC by Sec’y of State by R155-98, eff. 12-2-99)
