(b) In making a determination regarding whether the security procedure
technology and algorithms it employs) has been generally accepted in the
applicable information security
or scientific community, the Secretary of State shall consider the opinion of
independent experts in the
applicable field and the published findings of such community, including
organizations such as the American National Standards Institute (ANSI),
Organization (ISO), International Telecommunications Union (ITU), and the
National Institute of
Standards and Technology (NIST).
(c) Such certification shall be done through the adoption of rules in
the provisions of the Illinois Administrative Procedure Act
and shall specify a
full and complete identification of the security procedure, including
requirements as to how it is to be
implemented, if appropriate.
(d) The Secretary of State may also decertify a security procedure as a
procedure for purposes of Sections 10-105 or 10-110 following an appropriate
investigation or review and
the adoption of rules in accordance with the provisions of the Illinois
Act if subsequent developments establish that the
security procedure is no
longer sufficiently trustworthy or reliable for its intended purpose, or for
any other reason no longer
meets the requirements for certification.
(e) The Secretary of State shall have exclusive authority to certify
under this Section.
(Source: P.A. 90-759, eff. 7-1-99