- (a) All ERDS shall assure submitted documents do not contain content that draws data or images from sources external to the digital and/or digitized record, including, but not limited to malware (such as viruses, worms, Trojan Horses, spyware, or adware) and executable software (such as ActiveX components, JavaScript, Java components, or HTML-encoded hyperlinks).
- (b) Active content detected by anti-malware software shall be removed, or if it cannot be removed, disabled as soon as it is detected. Active content that cannot be removed shall be disabled.
- (c) All ERDS shall use hashing to protect the Integrity of ERDS payloads. Hashing message digest size shall be a minimum of 224 bits. Hashing shall comply with FIPS 180-4, Secure Hash Standard (SHS) (publication date, August 2015) or FIPS 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions (publication date, August 2015).
Note: Authority cited: Section 27393, Government Code. Reference: Sections 27392(b), 27393(b)(2) and 27397.5(a), Government Code.
History
1. New section filed 7-31-2007; operative 8-30-2007 (Register 2007, No. 31).
2. Amendment filed 10-7-2019; operative 1-1-2020 (Register 2019, No. 41).