I am trying to implement an Digital Signature solution that meets the requirement in the below regulation.
In Adobe Reader when you digitally sign a document, there is an option to create a self signed certificate for signing. Will this hold up with this regulation? I have seen third party document signing USB PKI certs that also allow for signing. I'm just not sure why I would go with a third party cert over a self signed cert.
Thanks for your help.
Sorry for the delay in response,
Self-signed certificates do not qualify for CFR. Per section 11.100, there is no identity verification done at creation time.
As required by 11.200, users are *not* administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires the collaboration of two or more individuals.
There are no controls (11.300) for loss management, such as revocation checking.
There's nowhere to report unauthorised use (no central Certificate Authority, for instance).
We support the broadest range of legal requirements. Digital signatures, secure and compliant globally | Adobe Sign
Let us know if you have further questions.