AC 23.2015

May 27, 2015

MEMORANDUM TO FEDERAL AGENCY CONTACTS: Request for Comments on Draft NARA Bulletin: Guidance on Managing Digital Identity Authentication Records

We are requesting comments on a draft NARA Bulletin entitled “Guidance on Managing Digital Identity Authentication Records".

This draft Bulletin will provide guidance on the records management requirements related to digital identification records. Specifically, this guidance will provide guidance on managing digital identity authentication-related transactional records, such as digital certificates and Public Key Infrastructure (PKI) files created or used in the course of agency business. This Bulletin will also supersede several of NARA’s records management guidance for PKI digital signature authenticated and secured transaction records.

Agencies use digital identity authentication to protect sensitive records, authenticate employee sign-ins, identify ownership of websites, and many other purposes. They use a wide variety of software. Because of the wide variety of uses and software, the Bulletin provides agencies flexibility in using digital identity authentication technology to manage temporary records. However, when agencies transfer permanent electronic records to NARA, the records must be free of encryption or other forms of security (unless permanent records must be encrypted during transfer to NARA).

Please send any questions and comments to Lisa Haralampus at Lisa.Haralampus@nara.gov. We will accept comments through June 12, 2015. We will review all the comments we receive. Thank you.

PAUL M. WESTER, JR.
Chief Records Officer
for the U.S. Government