Ohio Electronic Records Committee Home

 About the TIS Working Group
Acknowledgements

Ohio Trustworthy Information Systems Handbook: Section 11

Bibliography

 

Ohio: Directives, Policies, Procedures, and Rules

 Department of Administrative Services.

Use of Electronic Signatures and Records. Effective March 1, 2001. Computer Services Division Administrative Rule 123.

Internet, Electronic Mail and Online Services Use and Abuse. Effective December 27, 1999. DAS Directive No. 00-25.

Electronic Records. Effective May 1, 1999. Policy No. OPP-030.

Software Copyright Compliance. Effective September 15, 1997. Policy No. OPP-026.

Limitations on the Use of Publicly Owned Computer Hardware and Software. Effective January 1, 1996. Policy No. OPP-008

Local Area Network System Security. Effective October 15, 1995. DAS Computer Services Division Internal Procedures, Procedure No. MIS-004.

Business Resumption Planning. Effective July 1, 1994. Policy No. OPP-007.

Software Copies and Copyrights. Effective January 1, 1992. Policy No. OPP-005.

 

Ohio: Laws

 Ohio Revised Code
1306.01 Definitions.
1306.08 When electronic record or signature is attributable to person; effect.
1306.11 Requirement that record be retained; checks.
1306.20. State agency provisions.
1306.23. Exemptions to disclosure of records.
1306.32. Rules for state agency use
2909.04. Disrupting public services
2913.04. Unauthorized use of property; computer or telecommunication property.
2913.42. Tampering with records.
2913.49. Taking the identity of another.
2913.42. Tampering with records.

 

Minnesota: Guidelines and Reports

 Office of the Secretary of State.
Digital Signature Program (including proposed "Minnesota State Agency Digital Signature Implementation and Use Standard"). 1999.[ http://www.sos.state.mn.us/business/digital/digsig.html ]
Office of the Legislative Auditor.
Summaries of the following reports are offered at: http://www.auditor.leg.state.mn. us/

Financial-Related Audit: Public Utilities Commission, July 1, 1997, through December 31, 1999. July 2000. Report No. 00-34.

Selected-Scope Financial Audit Report: Department of Corrections, Three Fiscal Years Ended June 30, 1999. July 2000. Report No. 00-32.

Audit Report: Metropolitan State University, Period from July 1, 1996, through December 31, 1999. July 2000. Report No. 00-29.

Financial Audit: Anoka-Metro Regional Treatment Center, Three Fiscal Years Ended June 30, 1999. June 2000. Report No. 00-27.

Financial Audit: Board of Architecture, Engineering, Land Surveying, Landscape Architecture, Geoscience, and Interior Design, July 1, 1996, through December 31, 1999. June 2000. Report No. 00-25.

Financial Audit: Fergus Falls Community College, July 1, 1996, through December 31, 1999. June 2000. Report No. 00-24.

Financial-Related Audit: Department of Economic Security Mainframe Scheduled Batch Processing and MIPS Accounting System for the Period Ending February 2000. May 2000. Report No. 00-21.

Financial Audit: Winona State University, Period from July 1, 1996, through December 31, 1999. May 2000. Report No. 00-18

Management Letter: State Agricultural Society for Year Ended October 31, 1999. April 2000. Report No. 00-14.

Financial-Related Audit: Board of Electricity for the Period July 1, 1996, through December 31, 1999. April 2000. Report No. 00-13.

Department of Economic Security: Statewide Audit—Selected Audit Areas, Fiscal Year Ended June 30, 1998. March 1999. Report No. 99-21.

Itasca Community College: Financial Audit for the Three Fiscal Years Ended June 30, 1998. February 1999. Report No. 99-12.

Minnesota Department of Employee Relations, Minnesota Department of Finance, SEMA4 Database Security Audit. December 1998. Report No. 98-63.

South Central Technical College Financial Audit: For the Period July 1, 1995, Through June 30, 1997. October 1998. Report No. 98-59.

Department of Finance: Information Warehouse Data Integrity Review. June 1998. Report No. 98-36.

Minnesota Veterans Homes Board: Financial Audit—Two Years Ended June 30, 1997. April 1998. Report No. 98-23.

Department of Economic Security: Financial Audit—Fiscal Year Ended June 30, 1997. March 1998. Report No. 98-19

Department of Children, Families and Learning, Selected Programs: Fiscal Year 1997 Statewide Audit. March 1998. Report No. 98-12.

Department of Public Safety, Selected Programs: Fiscal Year 1997 Statewide Audit. February 1998. Report No. 98-10.

Department of Labor and Industry: Financial Audit—Fiscal Year Ended June 30, 1997. February 1998. Report No. 98-5.

Minnesota Accounting and Procurement System / Minnesota Statewide Employee Management System. September 1996. Report No. 96-39.

Department of Human Services: Programs Selected for Statewide Audit for the Fiscal Year Ended June 30, 1995. June 1996. Report No. 96-22.

Department of Public Safety, Selected Programs: Fiscal Year 1995 Statewide Audit. April 1996. Report No. 96-15.

Department of Labor and Industry: Programs Selected for Fiscal Year 1995 Statewide Audit. February 1996. Report No. 96-8.

 

Minnesota Department of Administration, Office of Technology.
The following reports are available at http://www.ot.state.mn.us/ot_files/handbook/ standard/standard.html

Minnesota State Agency Digital Signature Implementation and Use Standard. IRM Standard 18, Version 1. November 1999.

Computerized Information Resources Security Standards for State Agencies. IRM Standard 16, Version 1. June 1998.

Management Standards for the Reproduction of Government Records Using Imaging Systems. IRM Standard 13, Version 1. February 1995.

Technical Standards for the Reproduction of Government Records Using Imaging Systems. IRM Standard 12, Version 1. February 1995.

Minnesota Historical Society, State Archives Department. Reproduction of Government Records Using Imaging Systems. 1994. [ http://www.mnhs.org/preserve/records/imaging.html ]

 

Minnesota: Laws

Rules of Evidence: Article 9 (Authentication and Identification—Rules 901 and 902). Statutes: Court Rules. 1998.
[ http://www.revisor.leg.state.mn.us/ ]

Chapter 13 (Government Data Practices). Statutes. 1998.
[ http://www.revisor.leg.state.mn.us/stats/13/ ]

Chapter 15.10 (Records Delivered to Department Heads). Statutes. 1998.
[ http://www.revisor.leg.state.mn.us/stats/15/10.html ]

Chapter 15.17 (Official Records). Statutes. 1998.
[ http://www.revisor.leg.state.mn.us/stats/15/17.html ]

Chapter 138.163(Preservation and Disposal of Public Records). Statutes. 1998.
[ http://www.revisor.leg.state.mn.us/stats/138/163.html ]

Chapter 138.17 (Government Records; Administration). Statutes. 1998.
[ http://www.revisor.leg.state.mn.us/stats/138/17.html ]

Chapter 325K (Minnesota Electronic Authentication Act). Statutes. 1998.
[ http://www.revisor.leg.state.mn.us/stats/325K/ ]

Chapter 371 (Uniform Electronic Transactions Act). Minnesota 2000 Session Laws. 2000.

[ http://www.revisor.leg.state.mn.us/slaws/2000/c371.html ]

Chapter 8130.7500, Subpart 8 (Department of Revenue, Sales and Use Taxes: Returns and Records – Electronic Data Processing Records). Rules. 1997.
[ http://www.revisor.leg.state.mn.us/arule/8130/7500.html ]

Chapter 8275 (Secretary of State: Electronic Authentication). Rules. 1998.
[ http://www.revisor.leg.state.mn.us/arule/8275/ ]

 

Other States: Guidelines, Reports, and Laws

Delaware. Delaware Public Archives. Model Guidelines for Electronic Records. 20 January 1998.
[ http://www.archives.lib.de.us/recman/g-lines.htm ]

New York. New York State Archives and Records Administration. Guidelines for the Legal Acceptance of Public Records in an Emerging Electronic Environment. 1994.
[ http://unix6.nysed.gov/pubs/lgrtip.htm ]

Utah. Utah Digital Signature Act. 1996.
[ http://www.commerce.state.ut.us/digsig/dsmain.htm ]

Washington. Chapter 19.34 RCW (Washington Electronic Authentication Act). Statutes. 1998.
[ http://www.secstate.wa.gov/ea/default.htm ]

 

Federal Government: Guidelines, Reports, and Laws

U.S. Public Law 106-229. 106th Congress, 2nd Session, 30 June 2000. Electronic Signatures in Global and National Commerce Act.
[ http://thomas.loc.gov/ ]

Commodity Futures Trading Commission. Recordkeeping. Proposed Rule (17 CFR Part 1) in Federal Register (5 June 1998) vol. 63, no. 108, 30668-30675.
[ http://www.access.gpo.gov/nara/ ]

National Archives and Records Administration. Electronic Records Management. Code of Federal Regulations, Chapter 12, Title 36, Part 1234.
[ http://www.access.gpo.gov/nara/cfr/index.html ]

U.S Department of Commerce. Patent and Trademark Office. Checklist of Requirements for Electronic Records Management (ERM) Over the Life Cycle of Patent and Trademark Records. Prepared by Cohasset Associates, Inc., 26 February 1999.

U.S. Department of Commerce. Technology Administration. National Institute of Standards and Technology.

CS2: Protection Profile Guidance for Near-Term COTS, (Draft Version 0.5), and Rationale for CS2: Protection Profile Guidance for Near-Term COTS, (Draft Version 0.5), by Gary Stoneburner. 25 March 1999. Re-titled as, and superseded by, CSPP - Guidance for COTS Security Protection Profiles, (Version 1.0, NISTIR 6462), January 2000.
[ http://csrc.nist.gov/cc/pp/pplist.htm ]

An Introduction to Computer Security: The NIST Handbook. NIST Special Publication 800-12. October 1995.
[ http://csrc.nist.gov/nistpubs/ ]

Generally Accepted Principles and Practices for Securing Information Technology Systems, by Marianne Swanson and Barbara Guttman. NIST Special Publication 800-14. September 1996.
[ http://csrc.nist.gov/nistpubs/ ]

U.S. Department of Commerce. Technology Administration. National Institute of Standards and Technology, Federal Computer Security Program Managers’ Forum Working Group. Guide for Developing Security Plans for Information Technology Systems, by Marianne Swanson. NIST Special Publication 800-18. December 1998.
[ http://csrc.nist.gov/nistpubs/ ]

U.S. Department of Defense.

Design Criteria for Electronic Records Management Software. Prepared by the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence. DoD 5015.2-STD. November 1997.
[ http://jitc.fhu.disa.mil/recmgt/#standard ]

Department of Defense Trusted Computer System Evaluation Criteria. DoD 5200.28-STD. December 1985.
[ http://www.radium.ncsc.mil/tpep/library/rainbow/ ]

Password Management Guideline. CSC-STD-002-85. 12 April 1985.
[ http://www.radium.ncsc.mil/tpep/library/rainbow/ ]

U.S. Department of Defense. National Computer Security Center.

A Guide to Understanding Audit in Trusted Systems. NCSC-TG-001. 1 June 1988.
[ http://www.radium.ncsc.mil/tpep/library/rainbow/ ]

A Guide to Understanding Configuration Management in Trusted Systems. NCSC-TG-006-88. 28 March 1988.
[ http://www.radium.ncsc.mil/tpep/library/rainbow/ ]

A Guide to Understanding Identification and Authentication in Trusted Systems. NCSC-TG-017. September 1991.
[ http://www.radium.ncsc.mil/tpep/library/rainbow/ ]

Trusted Network Interpretation of the TCSEC (TNI). NCSC-TG-005. 31 July 1987.
[ http://www.radium.ncsc.mil/tpep/library/rainbow/ ]

Trusted Product Evaluation Questionnaire. 2 May 1992.
[ http://www.radium.ncsc.mil/tpep/library/rainbow/ ]

Integrity in Automated Information Systems, by Terry Mayfield, J. Eric Roskos, Stephen R. Welke, and John M. Boone. C Technical Report 79-91. September 1991.
[ http://www.radium.ncsc.mil/tpep/library/rainbow/ ]

U.S. Department of Defense. National Security Agency. National Telecommunications and Automated Information Systems Security Committee. Advisory Memorandum on Office Automation Security Guidelines. NTISSAM COMPUSEC 1-87. 1987.
[ http://www.radium.ncsc.mil/tpep/library/rainbow/ ]

U.S. Department of Energy. Records Considerations for Electronic Information: Guidelines for Individuals and Systems Administrators. Prepared by the Lockheed Martin Energy Systems Electronic Records Committee for the Oak Ridge National Laboratory. February 1996.
[ http://www.ornl.gov/guide_er/contents.htm ]

U.S. Department of Health and Human Services. Security and Electronic Signature Standards [as related to Health Insurance Portability and Accountability Act of 1996]. Proposed Rule (45 CFR Part 142) in Federal Register (12 August 1998) vol. 63, no. 155, 43241-43280.
[ http://www.access.gpo.gov/nara/ ]

U.S. Department of Health and Human Services. Food and Drug Administration. Electronic Records; Electronic Signatures. Code of Federal Regulations, Chapter 1, Title 21, Part 11. Final Rule in Federal Register (20 March 1997) vol. 62, no. 54, 13430-13466.
[ http://www.access.gpo.gov/nara/ ]

U.S. Department of Justice. National Criminal Background Check System Regulations. Proposed Rule (28 CFR Part 25) in Federal Register (4 June 1998) vol. 63, no. 107, 30430-30438.
[ http://www.access.gpo.gov/nara/ ]

U.S. Department of Treasury. Customs Service. Recordkeeping Requirements. Code of Federal Regulations, Chapter 1, Title 19, Parts 19, 24, 111, 113, 143, 162, 163, 178, and 181. Final Rule in Federal Register (16 June 1998) vol. 63, no. 115, 32916-32955.
[ http://www.access.gpo.gov/nara/ ]

U.S. Department of Treasury. Internal Revenue Service.

Revenue Procedure 98-25. 1998.

"Retention of Books and Records: Section 4—Electronic Storage System Requirements." Revenue Procedure 97-22. 1997.

International Government: Guidelines, Reports, and Laws

Australia. Australian Archives (National Archives of Australia). Keeping Electronic Records: Policy for Electronic Recordkeeping in the Commonwealth Government. September 1995. Now part of NAA’s expanded online offerings for the Commonwealth Recordkeeping Program.
[ http://www.naa.gov.au/recordkeeping/overview/summary.html ]
[ http://www.naa.gov.au/recordkeeping/er/summary.html ]

Australia. Defence Signals Directorate.

Australian Communications—Electronic Security Instructions 33 (ACSI 33): Security Guidelines for Australian Government IT Systems. April 1998.
[ http://www.dsd.gov.au/infosec/acsi33/ ]

Australian Communications—Electronic Security Instructions 38 (ACSI 38): Australian Government Standards for the Protection of Electronic Business Systems and Internet Delivery Mechanisms. 9 February 1999.

Australia. State of Victoria, Public Records Office. Victorian Electronic Records Strategy Final Report. 1998.
[ http://home.vicnet.net.au/~provic/vers/ ]

Great Britain. Public Record Office.

Management, Appraisal and Preservation of Electronic Records—Vol. I: Principles. 1999.
[ http://www.pro.gov.uk/recordsmanagement/eros/default.htm ]

Management, Appraisal and Preservation of Electronic Records—Vol. II: Procedures. 1999.
[ http://www.pro.gov.uk/recordsmanagement/eros/default.htm ]

National Organizations: Guidelines and Reports

American Bar Association, Internal Security Committee, Electronic Commerce and Information Technology Division, Section of Science and Technology. Digital Signature Guidelines: Legal Infrastructure for Certification Authorities and Secure Electronic Commerce. 1 August 1996.
[ http://www.abanet.org/scitech/ec/isc/dsgfree.html ]

Association for Information and Image Management.
The following reports are available for purchase at: http://www.aiim.org

Performance Guideline for the Legal Acceptance of Records Produced by Information Technology Systems—Part I: Performance Guideline for Admissibility of Records Produced by Information Technology Systems as Evidence. AIIM Report No. TR31-1992. 1992.

Performance Guideline for the Legal Acceptance of Records Produced by Information Technology Systems—Part II: Performance Guideline for the Acceptance by Government Agencies of Records Produced by Information Technology Systems. ANSI/AIIM Report No. TR31-1993. 1993.

Performance Guideline for the Legal Acceptance of Records Produced by Information Technology Systems—Part III: Implementation of the Performance Guideline for the Legal Acceptance of Records Produced by Information Technology Systems. ANSI/AIIM Report No. TR31-1994. 1994.

Performance Guideline for the Legal Acceptance of Records Produced by Information Technology Systems—Part IV: Model Act and Rule. ANSI/AIIM Report No. TR31-1994. 1994.

Information Systems Audit and Control Association and Foundation. COBIT: Control Objectives for Information and Related Technology. 1998.
[ http://www.isaca.org/cobit.htm ]

International Federation of Accountants, Information Technology Committee. International Information Technology Guideline: Managing Security of Information. January 1998.
[ http://www.ifac.org ]

National Conference of Commissioners on Uniform State Laws. Draft: Uniform Electronic Transactions Act. 19 March 1999.
[ http://www.law.upenn.edu/library/ulc/ulc.htm ]

Nuclear Information and Records Management Association.

The following reports are available at: http://www.nirma.org/newhome/publications/publications.html

Authentication of Records and Media (Report No. TG11-1998). 1998.

Electronic Records Protection and Restoration (Report No. TG21-1998). 1998.

Management of Electronic Records (Report No. TG15-1998). 1998.

Software Configuration Management and Quality Assurance (Report No. TG16-1998). 1998.

Electronic Records Projects and Studies

Center for Technology in Government (Albany, New York). Models for Action: Developing Practical Approaches to Electronic Records Management and Preservation. 1998.
[ http://www.ctg.albany.edu/projects/er/ermn.html ]

Duranti, Luciana, Terry Eastwood, and Heather MacNeil. The Preservation of the Integrity of Electronic Records. 1997.
[ http://www.slais.ubc.ca/users/duranti/ ]

Indiana University Archives. Indiana University Electronic Records Project, 1995-1997: Final Report to the National Historical Publications and Records Commission (NHPRC). April 1998.
[ http://www.indiana.edu/~libarche/index.html ]

University of Pittsburgh, School of Information Sciences. Functional Requirements for Evidence in Recordkeeping. 1996.
[ http://www.lis.pitt.edu/~nhprc/evidence.html ]

Appendices
Go to Table of Contents

Ohio TIS Handbook last updated November 2001, Version 1.
Ohio Electronic Records Committee