TITLE 1 GENERAL GOVERNMENT
CHAPTER 4 STATE PROCUREMENT
PART 9 ELECTRONIC SIGNATURES
1.4.9.1 ISSUING AGENCY:
General Services Department (GSD).
[1.4.9.1 NMAC, 04/10/2018]
1.4.9.2 SCOPE:
This rule applies to the use of electronic media, including electronic
signatures for the execution of contracts and amendments or change orders,
thereto, in the award process of procurements by state agencies and local
public bodies subject to
Sections 13-1-28 through 13-1-199 NMSA 1978 (“Procurement Code”).
[1.4.9.2 NMAC - N, 04/10/2018]
1.4.9.3 STATUTORY AUTHORITY:
Procurement Code, Sections 13-1-28
through 13-1-199 NMSA 1978; Uniform
Electronic Transactions Act, Section 14-16-1 et seq. NMSA 1978.
[1.4.9.3 NMAC – N, 04/10/2018]
1.4.9.4 DURATION:
Permanent.
[1.4.9.4 NMAC - N, 04/10/2018]
1.4.9.5 EFFECTIVE DATE:
April 10, 2018,
unless a later date is cited at the end of a section.
[1.4.9.5 NMAC - N, 04/10/2018]
1.4.9.6 OBJECTIVE:
This rule establishes
uniform procedures and defines levels of signature authority for the state
purchasing agent (and central purchasing offices when not excluded from
purchasing through the state purchasing agent) and local public bodies to use
electronic signatures for conducting procurements through the award process.
[1.4.9.6 NMAC - N, 04/10/2018]
1.4.9.7 DEFINITIONS:
For purposes of this part, all terms defined in the Uniform Electronic
Transactions Act, Section 14-16-1 et seq. NMSA 1978 have the meaning set forth
in statute. Additionally, the following
terms shall have the following meanings:
A. Definitions beginning with the
letter “A”:
(1) “Agency”
means the state of New Mexico or any of its branches, agencies, departments,
boards, instrumentalities, or institutions.
(2) “Agency head” means the individual, or
their proper designee, statutorily authorized to bind the state.
(3) “Award process” means when the final
individual or their proper designee signs a document that statutorily binds the
entity including the state or local public body to any contract, amendment or
change order when performing procurements subject to the Procurement Code.
(4) “Authenticate” refer to Electronic Authentication
of Documents Act, Subsection A of Section 14-15-3 NMSA
1978.
B. Definitions beginning with the letter “B”:
[RESERVED].
C. Definitions beginning with the letter “C”:
(1) “Contract” means any agreement for the
procurement of items of tangible personal property, services or construction.
(2) "Contractor" as defined in Section 13-1-43 NMSA
1978 means any business having a contract with a state agency.
(3) “CRS number” means the New Mexico tax
identification number issued by the New Mexico taxation and revenue department
that is used for reporting gross receipts, compensating, and withholding tax.
(4) “Cyber
Threat” means a potential circumstance, entity or event capable of
exploiting vulnerability and causing harm. Threats can come from natural
causes, human actions, or environmental conditions. A threat does not present a
risk when there is no vulnerability.
Vulnerability is a weakness that can be accidentally triggered or
intentionally exploited.
D. Definitions beginning with the
letter “D”:
(1) "Department"
means the general services department.
(2) “Digital signature” means any electronic signature that can be used to authenticate the identity of the sender of or signer of a document, and may also ensure that the content of the sent document is unaltered.
(3) “Digitized signature”
means a graphical image of a handwritten signature.
(4) “Document”
means an identifiable collection of
words, letters or graphical knowledge representations, regardless of the mode
of representation. For purposes of this
rule, "document" may include, but is not limited to correspondence,
agreements, contracts,
amendments, change orders, invoices,
reports, certifications, maps, drawings and images in both electronic and hard
copy.
E. Definitions beginning with the
letter “E”:
(1) “Electronic” includes
electric, digital, magnetic, optical, electronic or similar medium.
(2) “Electronic authentication” means
the electronic signing of a document that establishes a verifiable link between
the originator of a document and the document by means of optical, electrical,
digital, magnetic, electromagnetic, wireless, telephonic, biological, a public
key and private key system or other technology providing similar capabilities.
(3) “Electronic record” means
a record created, generated, sent, communicated, received or stored by
electronic means.
(4) “Electronic signature” means
an electronic sound, symbol or process attached to or logically associated with
a record and executed or adopted by a person with the intent to sign the
record. Refer to Uniform Electronic Transactions Act, Paragraph (8)
of Section 14-16-2 NMSA 1978.
F. Definitions
beginning with the letter “F”: [RESERVED].
G. Definitions
beginning with the letter “G”: “Governmental agency” means
an executive, legislative or judicial agency, department, board, commission,
authority, institution or instrumentality of the federal government or of a
state or of a county, municipality or other political subdivision of a state.
H. Definitions beginning with the letter “H”:
[RESERVED].
I. Definitions beginning with the letter “I”:
(1) “Identification” means the process of verifying and
associating attributes with a particular person designated by an identifier for
needed levels of signature authority.
(2) “Identity”
means the unique name of an individual person, and any associated attributes;
the set of the properties of a person that allows the person to be
distinguished from other persons.
(3) “Information” means
data, text, images, sounds, codes, computer programs, software, databases or
the like.
(4) “Integrity”
means a state in which information has remained unaltered from the point it was
produced by a source, during transmission, storage and eventual receipt by the
destination.
(5) “Intent
to sign” means the intent of a person that a sound, symbol or process is
applied to a record in order to have a legally binding effect.
J. Definitions beginning with the letter “J”:
[RESERVED].
K. Definitions beginning with the letter “K”:
[RESERVED].
L. Definitions beginning with the letter “L”:
“Level of assurance” means
the level of authentication assurance that describes the degree of certainty
that a user has presented an identifier that refers to her identity.
M. Definitions beginning with the letter “M”:
“Method” means a particular
way of doing something, a means, process or manner of procedure, especially a
regular and systematic way of accomplishing something and an orderly
arrangement of steps to accomplish an end.
N. Definitions beginning with the letter “N”:
[RESERVED].
O. Definitions beginning with the letter “O”:
“Originator” means the person
who signs a document electronically.
P. Definitions beginning with the
letter “P”:
(1) “Password” means a secret word or string of
characters that is used for authentication, to prove identity or to gain access
to a record or resource. Passwords are
typically character strings.
(2) “PDF” or “portable document format” refers to a file format used
to present documents in a manner independent of application software, hardware,
and operating systems. A PDF file
encapsulates a complete description of a fixed-layout flat document, including
the text, fonts, graphics, and other information needed to display it.
(3) “Person” means
an individual, corporation, business trust, estate, trust, partnership, limited liability company, association, joint venture,
governmental agency, public corporation or any other legal or commercial
entity.
(4) “Personal identification number (PIN)
means a shared secret a person
accessing a government organization’s electronic application is requested to
enter, such as a password or PIN. The
system checks that password or PIN against data in a database to ensure its
correctness and thereby “authenticates” the user.
(5) “Private key” means the code or alphanumeric
sequence used to encode an electronic authentication and which is known only to
its owner. The private key is the part
of a key pair used to create an electronic authentication.
(6) “Public
key” means the code or alphanumeric sequence used to decode an electronic
authentication. The public key is the
part of a key pair used to verify an electronic authentication.
(7) “Public/private
key system” means the hardware, software, and firmware that are provided by
a vendor for:
(a) the generation of public/private key pairs;
(b) the record abstraction by means of a secure hash code;
(c) the encoding of the signature block and the record
abstraction or the entire record;
(d) the decoding of the signature block and the record
abstraction or the entire record; and
(e) the verification of the integrity of the received record.
Q. Definitions beginning with the letter “Q”:
[RESERVED].
R. Definitions beginning with the letter “R”:
(1) “Reason for signing” means the purpose statement of a
person with regard to a document or electronic record that is affirmed by
signing the document or record. The
reason for signing should be distinguished from the intent to sign.
(2) “Record” means
information that is inscribed on a tangible medium or that is stored in an
electronic or other medium and is retrievable in a perceivable form.
(3) “Record abstraction”
means a condensed representation of a document, which condensation is prepared by
use of a secure hash code; it is also known as a message digest.
(4) "Regulation" as defined by
Section 13-1-80 NMSA 1978 means any rule, order, or statement of policy,
including amendments thereto and repeals thereof, issued by a state agency or a
local public body to affects persons not members or employees of the issuer.
(5) “Repudiate” and “non-repudiation” refer to the acts of
denying or proving the origin of a document from its sender, and to the acts of
denying or proving the receipt of a document by its recipient. The burden of proof is with the person
challenging the authenticity of the signature.
S. Definitions beginning with the letter “S”:
(1) "Secretary" means the secretary of the general
services department.
(2) “Security” shall mean either low, moderate or high risk transaction for any
electronic form of signature, as defined in 1.12.7.15 NMAC. The level of security (low, moderate and
high) is determined by the analysis of the likelihood of a successful challenge
to the enforceability of a signature and the analysis of the cost or impact of
an unenforceable signature.
(3) “Security procedure” means
a procedure employed for the purpose of verifying that an electronic signature,
record or performance is that of a specific person or for detecting changes or
errors in the information in an electronic record. The term includes a procedure that requires
the use of algorithms or other codes, identifying words or numbers, encryption,
callback or other acknowledgment procedures.
(4) “Signed”
and “signature” means the manual or electronic signature of an
individual or officer who is authorized, delegated, or required to legally bind
a party.
(5) “Signature block” means the
portion of a document, encoded by the private key, which contains the identity
of the originator and the date and time of the records creation, submittal or
approval.
(6) “Signing
requirements” means the requirements that must be satisfied to create a
valid and enforceable electronic signature.
(7) “Sole source” means tangible personal
property, services or construction for which there is only one source and that
source is unique and no other similar items of tangible personal property,
services or construction can meet the intended purpose of the procurement.
(8) "State agency" means any
department, agency, commission, council, board, advisory board, committee, or
institution of the state of New Mexico, and does not include local public
bodies.
(9) “State purchasing agent” means the
director of the purchasing division of the general services department.
T. Definitions beginning with the
letter “T”:
(1) “Tax
and revenue” shall mean the taxation and revenue department.
(2) “Transaction” means
an action or set of actions occurring between two or more persons relating to
the conduct of business, commercial affairs or governmental affairs.
(3) “Transferable record” means an
electronic record that would:
(a) be a note under Chapter 55, Article 3
NMSA 1978 or a document under Chapter 55, Article 7 NMSA 1978 if the electronic
record were in writing; and
(b) the issuer
of the electronic record expressly has agreed is a transferable record.
(4) “Trusted entity”
means an independent, unbiased third party that contributes to, or provides,
important security assurances that enhance the admissibility, enforceability
and reliability of information in electronic form. In a public/private key system, a trusted entity
registers a digitally signed data structure that binds an entity's name (or
identity) with its public key.
[1.9.7.7 NMAC - N, 04/10/2018]
1.4.9.8 ELECTRONIC SIGNATURE WORKFLOW PROCESS FOR
CONTRACTS AWARDED AND CONTRACT AMENDMENTS:
The
electronic signature workflow process for procurements, contracts awarded,
change orders and contract amendments that are initiated and executed by any
agency is as follows:
A. Signed by the
contractor, with moderate security, and shall be considered final and binding
as to the terms of contract.
B. Signed by any
tax and revenue employee, with low security, and shall be considered to confirm
the CRS number status of the contractor.
C. Signed by the
agency (or agencies’) head(s), if required by the state purchasing agent, with
moderate security, and shall be considered final and binding as to the agency
or agencies.
D. Signed by chief
legal counsel for the agency, with high security, and shall be considered to
have been reviewed and approved for execution.
E. Signed by the
state purchasing agent, with high security, and shall be considered final and
binding as to the terms of the contract or, for professional services, signed
by the contracts review bureau of the department of finance, as designated by
the department of finance cabinet secretary, with high security, and shall be
considered final and binding as to the terms of the contract.
[1.4.9.8
NMAC - N, 04/10/2018]
1.4.9.9 DELEGATION OF
APPROVAL AUTHORITY:
A. The
state purchasing agent may delegate, in writing, to certain members of the
department, the authority to approve contracts with the same level of security
to sign all contracts and all amendments to those contracts except retroactive
approval to contracts and contract amendments and sole source contracts and
amendments to sole source contracts as provided herein.
B. Any
agency head may delegate, in writing, to certain members of their department,
the authority to approve contracts with the same level of security to sign all
contracts and all amendments to those contracts except retroactive approval to
contracts and contract amendments and sole source contracts and amendments to
sole source contracts as provided herein.
C. Any
chief legal counsel may delegate, in writing, to certain members of the general
counsel office, the authority to approve contracts with the same level of
security to sign for execution for all contracts and all amendments to those
contracts except retroactive approval to contracts and contract amendments and
sole source contracts and amendments to sole source contracts as provided
herein.
[1.4.9.11
NMAC - N, 04/10/2018]
HISTORY
of 1.4.9 NMAC: [RESERVED]