ARC 9288C - Iowa Administrative Rules

Notice of Intended Action

NIST special publications—dates certain, 29.4(11), 43.9(2)

Untitled document

ARC 9288C

SECRETARY OF STATE[721]

Notice of Intended Action

Proposing rulemaking related to dates certain
and providing an opportunity for public comment

The Secretary of State hereby proposes to amend Chapter 29, “Elections Technology Security,” and Chapter 43, “Notarial Acts,” Iowa Administrative Code.

Legal Authority for Rulemaking

This rulemaking is proposed under the authority provided in Iowa Code sections 9B.14A(8), 17A.5(5), 17A.5(6) and 47.1.

State or Federal Law Implemented

This rulemaking implements, in whole or in part, Iowa Code chapters 9B and 47.

Purpose and Summary

This proposed rulemaking amends rules 721—29.4(47) and 721—43.9(9B) to add dates certain for references to National Institute of Standards and Technology (NIST) Special Publications as required by 2024 Iowa Acts, House File 688.

Regulatory Analysis

A Regulatory Analysis for this rulemaking was published in the Iowa Administrative Bulletin on December 11, 2024. A public hearing was held on the following date(s):

●December 31, 2024

Fiscal Impact

This rulemaking has no fiscal impact to the State of Iowa.

Jobs Impact

After analysis and review of this rulemaking, no impact on jobs has been found.

Waivers

Any person who believes that the application of the discretionary provisions of this rulemaking would result in hardship or injustice to that person may petition the Secretary of State for a waiver of the discretionary provisions, if any, pursuant to 721—Chapter 10.

Public Comment

Any interested person may submit written comments concerning this proposed rulemaking, which must be received by the Secretary of State no later than 4:30 p.m. on June 17, 2025. Comments should be directed to:

Carl Dietz
Office of the Secretary of State
Lucas State Office Building, First Floor
321 East 12th Street
Des Moines, Iowa 50319
Email: carl.dietz@sos.iowa.gov

Public Hearing

No public hearing is scheduled at this time. As provided in Iowa Code section 17A.4(1)“b,” an oral presentation regarding this rulemaking may be demanded by 25 interested persons, a governmental subdivision, the Administrative Rules Review Committee, an agency, or an association having 25 or more members.

Review by Administrative Rules Review Committee

The Administrative Rules Review Committee, a bipartisan legislative committee which oversees rulemaking by executive branch agencies, may, on its own motion or on written request by any individual or group, review this rulemaking at its regular monthly meeting or at a special meeting. The Committee’s meetings are open to the public, and interested persons may be heard as provided in Iowa Code section 17A.8(6).

The following rulemaking action is proposed:

ITEM 1.Amend subrule 29.4(11) as follows:

29.4(11) Any county information technology infrastructure that is used to access or conduct any part of elections in the state is subject to the following requirements:

a.Passwords to access the county network must be compliant with the standards enumerated by either the National Institute of Standards and Technology,June 2017 edition, including the March 2, 2020, updates, of NIST Special Publication 800-63B; the OCIO,; or guidance issued by the state commissioner.

b.Session-lock timeout standards must be compliant with the standards enumerated by either the National Institute of Standards and TechnologyJune 2017 edition, including the March 2, 2020, updates, of NIST Special Publication 800-63B or guidance issued by the state commissioner.

c. and d. No change.

ITEM 2.Amend subrule 43.9(2) as follows:

43.9(2) Identity proofing and credential analysis must be performed by a third-party credential service provider whose methods and standards are substantially similar to those defined in the most recent edition of the National Institute of Standards and Technology’s Digital Identity Guidelines,June 2017 edition, including the March 2, 2020, updates, of NIST Special Publication 800-63-3 and that has provided evidence to the notary public of the ability to satisfy the following requirements:

a. and b. No change.

c.Credential analysis shall, at a minimum, do all of the following:

(1)Use automated software processes to aid the notary public in verifying the identity of a principal or any credible witness.

(2)Ensure that the credential passes an authenticity test, substantially similar to those defined in the most recent edition of the National Institute of Standards and Technology’s Digital Identity GuidelinesJune 2017 edition, including the March 2, 2020, updates, of NIST Special Publication 800-63-3, that:

1. to 4. No change.

(3) No change.

d. No change.

Secretary of State

321 E 12th St
1st Flr
Des Moines, IA 50319
(515) 281-5204
Visit Website
Email
Agency Chapters
Agency Rules
RSS

Organization Overview

Open For Comments

This notice is open for comments for 18 more day(s). If you'd like to comment, select or click the text you wish to comment on in the document, or click the button below to make a general comment about the document. Comments will be collected through 6/17/2025

NOTE: You can also click the text in the document to make comments about specific sections.

Official Document

NIST special publications—dates certain, 29.4(11), 43.9(2)
Published on 5/28/2025
19 Views , 0 Comments
Notice of Intended Action

The official published PDF of this document is available from the Iowa General Assembly’s Administrative Rules page.

View Official PDF

View the Iowa Administrative Bulletin for 5/28/2025.

View Bulletin

Administrative Rule References

The following administrative rule references were added to this document. You may click a reference to view related notices.

Rule 721-29.4(11) Rule 721-43.9(2)

Notice of Intended Action

Secretary of State

Open For Comments

Official Document

Administrative Rule References

About

Division of Information Technology

Stay Connected