Minnesota Administrative Rules
8275.0065 RECORD KEEPING.
Subpart 1.
General requirement.
A licensed certification authority shall make, keep, and preserve records that demonstrate compliance with:
Subp. 2.
Subscriber identity records.
A licensed certification authority shall maintain a database file that contains:
A.
records of the identity of the subscriber named in each certificate issued by the certification authority, including all the facts represented in the certificate other than the extension data referenced in X.509;
Subp. 3.
Time stamp records.
A licensed certification authority shall maintain a database file of certificate-related time-stamps issued by the certification authority, including the name of the subscriber, a reference to the certificate used in the transaction such as a serial number, and a description of the item being time-stamped.
Subp. 4.
Retention period.
All records retained under this part must be kept by the licensed certification authority for at least ten years.
Subp. 5.
Form and accessibility.
Records may be inscribed on any tangible medium or stored in an electronic or other medium so long as they are retrievable, readable, accurate, complete, and accessible. The records must be indexed, stored, preserved, and reproducible so as to be authentic, reliable, complete, and accessible. Certificate extension data, referenced in X.509, is not required to be part of any publicly accessible record.
History:
23 SR 1352
Published Electronically:
October 27, 2003
Official Publication of the State of Minnesota
Revisor of Statutes