CROMERR Success Story Texas CEQ’s NetDMR


(Si:
OFFICE OF
ENVIRONMENTAL
INFORMATION
April 2009
CROMERR Success Story
Texas CEQ's NetDMR
¦
For More Information on
this Application Contact:
Brandon Harris
TCEQ
bharris@tceq.state .tx.us
512.239.4535
For More Information on
CROMERR Contact:
Evi Huffer
Office of Information Collection
huffer.evi@epa.gov
202.566.1697
David Schwarz
Office of Information Collection
schwarz.david@epa.gov
202.566.1704
http://www.epa.gov/cromerr/
The Texas Commission on Environmental Quality (TCEQ) received approval from
EPA, under the Cross-Media Electronic Reporting Regulation (CROMERR), for
modification to their approved Texas Pollutant Discharge Elimination System
(TPDES) program to allow electronic reporting for their Net Discharge Monitoring
Report (NetDMR) system. The TCEQ NetDMR receives CROMERR "priority
reports" with electronic signatures.
TCEQ NetDMR is based on EPA's national NetDMR system, and is the first such
state system to receive CROMERR approval. EPA's national NetDMR system
was created to receive electronic discharge monitoring reports (DMRs) from
regulated facilities and transfer the reported data to EPA ICIS-NPDES system.
The NetDMR model was created through a joint effort of Texas, EPA, the
Environmental Council of the States (ECOS), and other states. The effort was
funded by two U.S. EPA Environmental Exchange Network grants to Texas and
Illinois and by the Connecticut Department of Environmental Protection as part of
a Supplemental Environmental Project. The NetDMR model can be implemented
by US EPA and any state or local government with the authority to accept DMRs.
The Texas Solution to Meeting CROMERR Requirements
The TCEQ NetDMR uses a variety of business practices and system functions to
meet CROMERR requirements that are based on the national NetDMR system.
The system provides for identity proofing by requiring a wet-ink signature
agreement. The signature device is a user-generated password combined with a
system-generated salt. The system achieves two-factor authentication by using the
challenge question approach. At registration, users provide answers to 5 questions
that they can answer based on personal information known only to them that
cannot be easily guessed by someone else, and the questions and answers are one-
way hashed in the same way as the passwords. When a user signs a document
electronically, in addition to providing the correct password, one of the 5 questions
is selected at random, and the user must provide the correct response to be
authenticated. Electronic data, such as submitted reports, passwords, and answers
to challenge questions, are protected during transmission by Secure Socket Layer
(SSL) technology. Basing the approach to CROMERR compliance and the
CROMERR application on the nationally approved NetDMR streamlined the
CROMERR approval process for TCEQ.

-------