Milestone Srl MA245-001 – ultraWAVE 3 – User Manual
149
signature components; subsequent
signings shall be executed using at
least one electronic signature
component that is only executable
by, and designed to be used only
by, the individual.
(ii) When an individual executes one
or more signings not performed
during a single, continuous period
of controlled system access, each
signing shall be executed using all
of the electronic signature
components.
(2) Be used only by their genuine
owners; and
(3) Be administered and executed
to ensure that attempted use of an
individual's electronic signature by
anyone other than its genuine
owner requires collaboration of two
or more individuals.
(b) Electronic signatures based
upon biometrics shall be designed
to ensure that they cannot be used
by anyone other than their genuine
owners.
a)(2) The organization of the user is responsible for
implementing procedures to ensure that electronic
signatures are exclusively used by the owner of the
account.
The system prevents the repeated use of the same
account name for different users.
The access to the software can be further secured by the
use of individual account password.
a)(3) The organization of the user is responsible for
implementing procedures to ensure that any attempt to
use the electronic signature of someone other than the
owner will require the collaboration of two or more
individuals.
This target can be achieved also through easyCONTROL
software thanks to the obligation of change the password
at the first access of a new account and to the periodic
expiration (configurable) of the passwords.
(b) N/A
Electronic signatures on the system are not based upon
biometrics
Persons who use electronic
signatures based upon use of
identification codes in combination
with passwords shall employ
controls to ensure their security and
integrity. Such controls shall
include:
(a) Maintaining the uniqueness of
each combined identification code
and password, such that no two
individuals have the same
combination of identification code
and password.
(b) Ensuring that identification code
and password issuances are
periodically checked, recalled, or
revised (e.g., to cover such events
as password aging).
(c) Following loss management
procedures to electronically
deauthorize lost, stolen, missing, or
otherwise potentially compromised
tokens, cards, and other devices
that bear or generate identification
(a) The system prevents the repeated use of the same
account name for different users.
Each user must identify himself by his own account name
and password.
The access to the software can be further secured by the
use of individual and electronically signed USB sticks.
(b) EasyCONTROL software does not allow to set
simultaneously two accounts with the same name and it is
possible to define an expiration time for the passwords.
It is not possible to reuse an identical password
immediately after the expiration of the same.
Passwords must have a minimum length of 5 digits and
must be changed at the first access of a new account.
(c) The organization of the user is responsible for
implementing procedures for the management of
accounts and password also in case a person left the
company or changes his working position. Those
To Next Page
Loading...
