top of page
Protocols & Security1 Protocols for NNCSV.png
Protocols & Security Protocols for NNCSV.png

Overview

The National Notarial Centralized Verification System (NNCSV) aims to provide a secure, reliable, and efficient platform for the centralized verification of notarial acts, including Remote Online Notarization (RON). To ensure the highest level of security and operational integrity, the following protocols and security measures are established for the website and system hosted at

1. User Authentication

1.1 Multi-Factor Authentication (MFA)

All users must use MFA for logging into the system. This includes a combination of passwords and biometric verification or SMS/email-based one-time passwords (OTPs)​.

1.2 Password Policies:

  • Minimum length of 12 characters.

  • Must include uppercase, lowercase, numeric, and special characters.

  • Mandatory password changes every 90 days.

  • Prohibit reuse of the last five passwords.

2. Data Encryption

2.1 Data at Rest

All data stored in the system, including ID documents and notarization records, must be encrypted using AES-256 encryption.

2.2 Data in Transit

Data transmitted between users and the system must be encrypted using TLS 1.3 or higher.

3. Access Control

3.1 Role-Based Access Control (RBAC)

Access to system resources must be controlled based on user roles and responsibilities.

3.2 Least Privilege Principle

Users are granted the minimum levels of access necessary to perform their job functions.

3.3 Regular Access Reviews

Conduct quarterly reviews of user access rights and make necessary adjustments.

4. Network Security

4.1 Firewall Configurations

Implement and maintain firewalls to protect the internal network from external threats. Only necessary ports should be open.

4.2 Intrusion Detection and Prevention Systems (IDPS)

Deploy IDPS to monitor network traffic for suspicious activities and respond to potential threats in real-time.

4.3 Virtual Private Network (VPN)

Require VPN usage for remote access to the system.

5. Application Security

5.1 Regular Security Assessments

Conduct periodic vulnerability assessments and penetration testing to identify and address security weaknesses.

5.2 Secure Coding Practices

Follow secure coding standards (e.g., OWASP) to prevent common vulnerabilities such as SQL injection, XSS, and CSRF.

5.3 Security Patches and Updates

Apply security patches and updates to all software components promptly.

6. Remote Online Notarization (RON) Security

6.1 Identity Verification

Implement multi-layered identity verification processes, including biometric verification, government-issued ID scans, and knowledge-based authentication (KBA).

6.2 Video Recording

Record all RON sessions and securely store the recordings for a minimum of 10 years.

6.3 Tamper-Evident Technology

Use tamper-evident technology to ensure the integrity of notarized documents.

7. Data Storage and Retention

7.1 ID Storage

Securely store all scanned IDs and notarization records for at least 10 years using encrypted storage solutions.

7.2 Data Retrieval

Implement robust indexing and search capabilities to ensure records are easily findable by authorized third parties.

7.3 Data Purging

Implement automated data purging protocols for records older than 10 years, ensuring compliance with retention policies.

8. Incident Response

8.1 Incident Response Plan

Develop and maintain an incident response plan that outlines procedures for detecting, responding to, and recovering from security incidents.

8.2 Incident Reporting

Establish a process for users to report security incidents. Ensure that all reports are reviewed and investigated promptly.

8.3 Incident Documentation

Document all security incidents, including details of the incident, response actions taken, and lessons learned.

9. Data Backup and Recovery

9.1 Regular Backups

Perform regular backups of all critical data. Ensure that backups are stored securely and tested periodically for integrity.

9.2 Disaster Recovery Plan

Develop and maintain a disaster recovery plan that ensures the system can be restored to normal operation in case of a catastrophic event.

10. User Training and Awareness

10.1 Security Awareness Training

Provide regular security awareness training to all users. Topics should include phishing, social engineering, and best practices for maintaining security.

10.2 Policy Acknowledgment

Require all users to acknowledge and agree to the security policies and protocols.

11. Compliance

11.1 Regulatory Compliance

Ensure that the system complies with relevant regulatory requirements and standards, such as GDPR, HIPAA, or others applicable to the jurisdiction.

11.2 Audit Logs

Maintain comprehensive audit logs of all user activities and system events. Logs should be reviewed regularly for signs of unauthorized activity.

12. Third-Party Vendors

12.1 Vendor Risk Management

Assess the security practices of third-party vendors and ensure they meet the organization's security standards.

12.2 Contracts and Agreements

Include security requirements in contracts with third-party vendors, including the right to audit their security practices.

13. Continuous Monitoring and Security

13.1 24/7 Security Monitoring

Implement continuous monitoring of the system's security posture using advanced security information and event management (SIEM) tools.

13.2 Threat Intelligence

Leverage threat intelligence to stay ahead of potential security threats and adjust security measures proactively.

13.3 Automated Alerts

Set up automated alerts for suspicious activities or potential security breaches to enable swift response and mitigation.

Conclusion

By implementing these protocols and security measures, NNCSV aims to safeguard the integrity, confidentiality, and availability of its centralized verification system. Continuous monitoring, regular updates, and user education are essential to maintaining a robust security posture.
 

For more info contact support department at

bottom of page