Accelerating the use of e-signatures is a priority identified for all agencies in the “Executive Order on
            Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government.” E-
            signatures can dramatically reduce paperwork, broaden the accessibility of government services, and
            streamline cumbersome approval processes.


            However, it is imperative that e-signatures meet the security standards set out by the OMB’s zero trust
            memorandum. In instances where additional levels of assurance (LOA) are necessary, digital signatures
            are preferable to e-signatures.



            What to look for in a digital signature solution

            Security  requirements  for  e-signatures  vary  by  region,  agency,  data  and  classifications  levels.  E-
            signatures use common authentication methods such as passwords or email verification, but for sensitive
            information, such minimal precautions are not nearly sufficient.

            There are some cases where additional LOA for signer identification are needed, and that’s where digital
            signatures  come  in.  Digital  signatures  are  a  specific  type  of  e-signature  that  is  backed  by  a  digital
            certificate as proof of a signer’s identity that is cryptographically bound to the signature field using public
            key infrastructure (PKI).

            To  achieve  this  strong  security  posture,  digital  signatures  must  uniquely  identify  each  signer.
            Furthermore, the signer’s identity must be reconfirmed prior to signing with tools such as a PIN or a
            secure signature device like a USB token or cloud-based hardware security module. Digital signatures
            must also demonstrate proof of signing with a tamper-evident seal and have the ability to re-confirm
            authenticity for at least 10 years.

            For  agencies  seeking  to  liberate  themselves  from  arduous  paper-based  authorizations,  while  also
            adhering  to  zero  trust’s  strict  identity  and  access  management  standards,  digital  signatures  are  an
            invaluable tool.

            Government  agencies  are  eager  to  adopt  digitization  practices,  such  as  digital  signatures,  that  will
            simplify their workload and make the lives of everyday citizens easier. However, security is paramount.
            To ensure any solutions adopted by agencies to meet their individual security needs, the Federal Risk
            and Authorization Management Program (FedRAMP) was created.



            How FedRAMP authorization provides peace of mind

            FedRAMP authorizes cloud-based solutions for government agencies at Low, Moderate, and High Impact
            levels. The Moderate Impact level accounts for 80% of authorizations and is designed to protect sensitive
            data, such as personally identifiable information (PII). Furthermore, the FedRAMP Moderate designation
            aligns  with  NIST  controls  for  Zero  Trust.  Encryption  management and  is  FIPS  140-2 verified,  which
            ensures that cryptographic modules have met NIST security requirements.







                                                                                                            137