New Mexico Administrative Code
Title 1 - GENERAL GOVERNMENT ADMINISTRATION
Chapter 11 - E-GOVERNMENT
Part 2 - REAL PROPERTY ELECTRONIC RECORDING
Section 1.11.2.11 - DOCUMENT AND SYSTEM SECURITY REQUIREMENTS

Universal Citation: 1 NM Admin Code 1.11.2.11

Current through Register Vol. 35, No. 18, September 24, 2024

Security procedures shall be implemented to ensure the authenticity and integrity of the electronically filed instrument, including the ability to verify the identity of the filer, as well as the ability to verify that an instrument has not been altered since it was transmitted or filed. In order to protect the integrity of instruments to be recorded electronically, a participating county clerk and authorized filers shall meet the security procedure requirements set forth below.

A. An electronic recording delivery system implemented by a county clerk shall provide a secure method for accepting and recording digital or digitized electronic instruments. The system shall not permit an authorized filer or its employees and agents, or any third party, to modify, manipulate, insert or delete information in the public record maintained by the county clerk, or information in electronic records submitted pursuant to 1.11.2.NMAC.

B. Security standards implemented by county clerks shall accommodate electronic signatures and notarization of documents in a manner that complies with 12.9.2 NMAC, Performing Electronic Notarial Acts and that address the following encryption requirements. The electronic recording delivery system shall:

(1) support, at a minimum, 128-bit file and image encryption over a secure network;

(2) provide for periodic updates to encryption by the electronic recording delivery system vendor;

(3) advise the authorized filer of its liabilities and responsibilities for keeping its keys secure;

(4) provide a secure key management system for the administration and distribution of cryptographic keys; and

(5) require all encryption keys to be generated through an approved encryption package and securely stored.

C. The electronic recording delivery system shall control interactive access to the system through authentication processes that:

(1) utilize a process of requesting, granting, administering and terminating accounts;

(2) address the purpose, scope, responsibilities and requirements for managing accounts;

(3) designate one or more individuals to manage accounts; and

(4) provide for secure delivery of the authorized filer (s) initial password(s) and prohibit the transmission of identification and authentication information (password) without the use of industry-accepted encryption standards.

D. County clerks shall have a key management system in place for the secure administration and distribution of cryptographic keys.

(1) The electronic recording delivery system shall authenticate the authorized filer's private key.

(2) Authorized filers shall establish internal controls to assure the security of the private key is not compromised and certify compliance with the county clerk as part of the MOU.

(3) Security of private keys compromised within the electronic recording delivery system shall be promptly addressed by the clerk.

E. A risk analysis to identify potential threats to the electronic recording delivery system and the environment in which it operates shall be conducted at least once every three years by the county clerk and shall be submitted to the department of information technology and the commission of public records. The purpose of the risk analysis is to prevent the filing and recording of fraudulent instruments or alteration of instruments that were previously filed and recorded electronically. A risk analysis shall identify and evaluate system and environmental vulnerabilities and determine the loss impact if one or more vulnerabilities are exploited by a potential threat. The risk analysis shall include:

(1) a risk mitigation plan that defines the process for evaluating the system;

(2) documentation of management decisions regarding actions to be taken to mitigate vulnerabilities;

(3) identification and documentation of implementation of security controls as approved by management; and

(4) a reassessment of the electronic recording delivery system security after recommended controls have been implemented or in response to newly discovered threats and vulnerabilities.

F. Authorized filers who are enrolled in a participating county clerk's electronic filing and recording program shall implement security procedures for all electronic filing transmissions and shall be responsible for maintaining the security of the systems within their respective offices.

G. Electronic recording delivery systems shall protect against system and security failures and, in addition, shall provide normal backup and disaster recovery mechanisms.

Disclaimer: These regulations may not be the most recent version. New Mexico may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.