(5 ILCS 175/25-105)
    Sec. 25-105. Department of Central Management Services to adopt State standards.
    (a) The Department of Central Management Services may adopt rules setting forth minimum security requirements for the use of electronic records and electronic signatures by State agencies.
    (b) The Department of Central Management Services shall specify appropriate minimum security requirements to be implemented and followed by State agencies for (1) the generation, use, and storage of key pairs, (2) the issuance, acceptance, use, suspension, and revocation of certificates, and (3) the use of digital signatures.
    (c) Each State agency shall have the authority to issue, or contract for the issuance of, certificates to (i) its employees and agents and (ii) persons conducting business or other transactions with such State agency and to take other actions consistent therewith, including the establishment of repositories and the suspension or revocation of certificates so issued, provided that the foregoing is conducted in accordance with all the rules, procedures, and policies specified by the Department of Central Management Services. The Department of Central Management Services shall have the authority to specify the rules, procedures, and policies whereby State agencies may issue or contract for the issuance of certificates.
    (d) The Department of Central Management Services may specify appropriate minimum standards and requirements that must be satisfied by a certification authority before:
        (1) its services are used by any State agency for the
    
issuance, publication, revocation, and suspension of certificates to such agency, or its employees or agents (for official use); or
        (2) the certificates it issues will be accepted for
    
purposes of verifying digitally signed electronic records sent to any State agency by any person.
    (e) Where appropriate, the rules adopted by the Department of Central Management Services pursuant to this Section shall specify differing levels of minimum standards from which implementing State agencies can select the standard most appropriate for a particular application.
    (f) The General Assembly, through the Joint Committee on Legislative Support Services, and the Supreme Court, separately for the respective branches, may adopt rules setting forth the minimum security requirements for the use of electronic records and electronic signatures by the respective branches. The rules shall generally be consistent with the rules adopted by the Department of Central Management Services. The Joint Committee on Legislative Support Services and the Supreme Court may also accept the rules adopted by the Department of Central Management Services for the use of electronic records and electronic signatures by the respective branches.
    (g) Except as provided in subsection (f) and in Section 25-101, the Department of Central Management Services shall have exclusive authority to adopt rules authorized by this Section.
(Source: P.A. 90-759, eff. 7-1-99.)