Lesson 6: The CROMERR Requirements and the Checklist Items
From the detailed discussion of the CROMERR System Checklist items, it should be evident that each checklist item corresponds to specific CROMERR requirements, and vice versa.
The tables on the two tabs on this page make this correspondence explicit.
- The first table maps CROMERR requirements to the corresponding checklist items.
- The second table maps checklist items to the corresponding CROMERR requirements.
|System Requirements||Related Checklist Items|
|§ 3.2000(b)(1): The e-document is not alterable without detection.||Items 8, 10, 18|
|§ 3.2000(b)(2): Alterations to the e-document are documented by the system.||Items 8, 10, 18|
|§ 3.2000(b)(3): The e-document can only be submitted intentionally.||Item 11|
|§ 3.2000(b)(4): Submitters and signers can review the COR of the e-document.||Item 9|
|§ 3.2000(b)(5): If an e-signature is required, then the e-document meets e-signature requirements:|
|(i) Signature valid at time of signing||Items 1, 2, 3, 13, 14, 15, 16|
|(ii) Document cannot be altered without detection after signing||Items 5, 17|
|(iii) Opportunity to review content||Item 6|
|(iv) Opportunity to review certifications statement||Item 7|
|(v) Receipt Acknowledgement||Item 4|
|(vi) E-signature agreements||Item 12|
|(vii) Identity proofing with legal certainty||Items 1, 2|
|Checklist Items||System Requirement|
|1. Identity-Proofing of Registrant||§ 3.2000(b)(5)(vii)|
|2. Determination of Registrants Signing Authority||§ 3.2000(b)(5)(vii)
|3. Issuance (or Registration) of a Signing Credential in a Way that Protects it from Compromise||§ 3.2000(b)(5)(i)|
|4. Electronic Signature Agreement||§ 3.2000(b)(5)(v)|
|5. Binding of Signatures to Document Content||§ 3.2000(b)(5)(ii)|
|6. Opportunity to Review Document Content||§ 3.2000(b)(5)(iii)|
|7. Opportunity to Review Certification Statements and Warnings||§ 3.2000(b)(5)(iv)|
|8. Transmission Error Checking and Documentation||§ 3.2000(b)(1)(2)|
|9. Opportunity to Review COR||§ 3.2000(b)(4)|
|10. Procedures to Address Submitter or Signatory||§ 3.2000(b)(1)(2)|
|11. Procedure to Flag Accidental Submissions||§ 3.2000(b)(3)|
|12. Automatic Acknowledgement of Submission||§ 3.2000(b)(5)(vi)|
|13. Credential Validation||§ 3.2000(b)(5)(i)|
|14. Signatory Authorization||§ 3.2000(b)(5)(i)|
|15. Procedures to Flag Counterfeit Credential Use||§ 3.2000(b)(5)(i)|
|16. Procedures to Revoke or Reject Compromised Credentials||§ 3.2000(b)(5)(i)|
|17. Confirmation of Signature Binding to Document Content||§ 3.2000(b)(5)(ii)|
|18. Creation of COR||§ 3.2000(b)(1)(2)|
|19. Timely Availability of COR, as needed||§ 3.2000(b)(1)(2)|
|20. Maintenance of COR||§ 3.2000(b)(1)(2)|
The CROMERR System Checklist can help states that are preparing their CROMERR applications in two ways:
- First, it explains the CROMERR system requirements as specific system processes.
- Second, it provides an approach for documenting how a system meets CROMERR requirements, by describing how the system provides for each of the Roadmap items.
To support the second use of the checklist, EPA has also developed a corresponding CROMERR System Checklist Template—a document that provides a format for describing how the states system satisfies each of the checklist items. While the CROMERR System Template is not required for application, EPA strongly recommends its use.
For each checklist item, the template provides three blank spaces, for:
- Business Practices
- System Functions
- Supporting Documentation (a list of attachments)
Depending on the systems solution for the item, the description may fit into one, two, or all of these blanks.
The CROMERR website provides several examples of how to use the CROMERR System Checklist Template to successfully document CROMERR-compliant systems for receiving electronic reports.
See: Sample applications and checklists