> For the complete documentation index, see [llms.txt](https://esignature.govstack.global/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://esignature.govstack.global/5-cross-cutting-requirements.md). # 5 Cross-Cutting Requirements The Cross-cutting requirements described in this section are an extension of the cross-cutting requirements defined in the architecture specification document. ## 5.1 Hardware Security Module Compliance (REQUIRED) HSM must be compliant to a minimum of FIPS 140-2 Level 3. This guarantees the protection of private keys. HSM/Key Management application shall not print any information about the end-use details. Keys should be created only within the HSM. This may apply to all other Building Blocks when dealing with cryptographic keys. ## 5.2 Audit (REQUIRED) All audit logs shall be integrity-protected against tampering. The eSignature Building Block shall follow the data policy and audit logging requirements as laid out in the GovStack architecture. ## 5.3 Privacy (REQUIRED) Signing using a single key can compromise the user's privacy in the long run. For example, a single key used to sign the consent of health form and agreement of the medical insurance could reveal that the consent and the agreement are from the same person. Generally available signed documents could be used to perform 360-degree profiling. This violates the Generic Architectural Privacy recommendation. Privacy-preserving techniques can be used in signature schemes, document storage, or reducing the key's lifespan to protect the user's privacy. ## 5.4 Logging * The system shall provide traceability across services using trace ID or similar design patterns. (REQUIRED) * The system shall provide logs to help debug the problems. (REQUIRED) * The system shall not print sensitive information. (REQUIRED) * Private Key * User details * Authentication Token * Payment Token * Signature of the document * Full Certificate (Thumbprint is allowed to be printed) * User PIN * OTP * In case a user/mobile app is involved, then logging shall provide traceability from the app to the server. (REQUIRED) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://esignature.govstack.global/5-cross-cutting-requirements.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.