GOVERNMENT OF INDIA (BHARAT SARXAR)

MINISTRY OF RAILWAYS (RAIL MANTRALAYA)

(RAILWAY BOARI})

No.201?/RBCC/7/10/e-OIIice./DSC Pollcy for IR Drt€dl-11-2021

The General Manogers Dircctor Generals

All Indian Railways' NAI& Vadodara
CORE & Pmducaion Units RDSO, Lucknow

Pr. CAO Dirtetor Generald DirectoN'

COFMOWPMWPotiaIa All Centralised Training Institut€s

sub: Prcvision of class 3 Digitrl Signaturc certilicate (DscyDlgitd Encryption certificate

@EC) to Ofiicers/staff ln Indian Railwoys.
Reft (i) This office letter No. 20 l TRB CC1T tlDte0lffrcelDSC Policy for IR D8,;ed09llln020
(ii) ldentity Verification Guidelines (IVG) Version 2.0 Dated 25ll l/2020 issued by CCA

policy guidelines for provision of DSC to all officers & stalf in Indian Railways were laid down vide
lelt€r under *i*"" -fWo in view the IVG version 2.0 dated
(i). Ketprng 26tlll2020 issued by Controller of
Certiffing Aurhorities iCCal, Electronics and lnformation Technolory vide _reference (ii)' the policy
guiaefi"J for OSC are being revised in supersession ofthe earlier policy letter referred above. The.modifications
in the existing policy have 6een indicated h Annexure-I and the Rwised comprehensive DSC policy is attached
at Annexue-Il.

This issues with the concurrcnce of Finrnce Dircctorate of Minlstry of Railways'

Please acknowledge receiPt.

Encl: DSC Policy.

(Bhrrrt Bhushrn Errit)

Joiot Director ME(C&IS)

No.20l7lRBCC///10/e-OItrce/DSC Policy forlR Datedot-11-2021

Copy to :

l. The PFAs, All Indian Railways, PUs, CORE, COFMOW, PED/Finance, RDSO/ Lucknow'
2. Principal Direc-tors of Audit, All lndian Railways/PUs.
3. The Dy. Comptsoller and Auditor General of lndia (Railways), Room No. -224' Rail Bhawan, New Delhi. - ,

W&,,
'''/r1
For Member (Finance)

Copy to :

l. PSs to M& MSR(J) & MSR(D).

2. pSOV Sr. ppss/ ppSV pss to CRB & CEO/Board Members, Secr€tary, DG/RHS, DG/RPF, Additional
Members, OSDs, Advisors, JSs, Executive Dircstors, DIP, Editor/Indian Railways, Editor/Bhartiya Rail,
All Other OIlicers & Dircctoratev Sections Railway Board.
3. All Associations (as po standard list)
4. Pay & Accomts OIficer, Railway Board.
5. Financ{X), Budge! Cash Branches, Railway Board.
 Annexure-I

GOVERNMENT OF INDIA (BHARAT SARKAR)

MINISTRY OF RAILWAYS (RAIL MANTRALAYA)

ffi (RAILWAYBOARD)

Policy on Lifeclcle Monagemenl of Digital Signoture Certilicates on Indian Railwoys

Version History:

S. No. Version Date Version R€asom for Issu€

No.
1 21.07.2017 1.G.do First DSC Policy fol Indian Railways
2. 09.11.2020 2.0 Life Cycle Management in view of proliferation ofe-ofnc€ & SPARROW in
tndian Railways, inclusion of DEC and procurement through GeM portal.

3 2021 3.0 Provision of Class 3 DSC for Indian Railways as mandated by Controller ol
Certifi ing Authority(CCA)

Modifrcations in the existing DSC policy dat(d 09lllt2020 r€vised DSC poticy are t bulatcd below:-
^ad
Descriptiotr Provisions of DSC policy issued on Provision ofRevised DSC poticy
@/11/2020
Class of DSC Issuance of class 3 level DSC for official purpose and
(Para 1.4 & 1.5) discontinuance of issue of class 2 levet DSC by
CertiSing Authorities (CA) as per IVG
Class 2 DSC issued earlier can still be used till its
validity expiry date.
Selection of (B) Class 2 DSC shall be used in general (B) Class 2 DSC shall be used, till its validity expiry
Class of DSC for applications on Indian Railways. date for applications on Indian Railways. For
(Para 3.2.1) new DSC on Indian Railways only Class 3 level
DSC be issued.
Fi[turg the The application forms for DSC/DEC and The apptication forms for DSC/DEC and tokens are
Rcgistration lokens are service provider specilic. service provider specific. The identity verification by
form (Para3.3) Forms and instructions may be followed the CAs will be done as per the Fevailing extant
on servicr provider's website. Name of guidelines issued by CCA from time to time. Foms
service providq are available at CCA and instructions may be followed on service
website provider's website. Name of sewice provider are
available at CCA wobsite
Selectiotr of Selcct "Class 2" by default or, Class 3 if Selegt "Class 3"
Clsss ofDSC required, especially.
(Para 3.3.2)
Olfrcial Issue of (A) Only one DSC shall be issued to a (A) Only one DSC shall be issued to a Railway
DSC Pars 3.4.1 Railway oflicial. In case, tlere is a o{ficial. Group A & B Railway Offrcers are
rcquirement to have Class 2 and Class empowered to sanction DSC for thernselves as
3 DSC to any Railway oflicial then well as for the subordinate Railway officiats
the higher Ctass shall be issued. under their direct confol .
Group A & B Railway Officers are
empowered to sanction DSC for
themselves as well as subordinate
Railway officials under their direct
contool.

Ig'1,2^-,

-t-
Proc$s of a) Group A&Bofficersmay a) Group A & B officers may Purchase
procurcmctrt of purchase DSC/DEC as prescriH DSC/DEC as prescribed under Para3.4 for
DSC/DEC (Pare un&r Para3.4 fot themselves on themselves on reimbursement bssis or
3.5.rxii) reimburEement besis or through through imprest controlled by them'
impr€st contsolled by them. b) Group C & D personnel, who arc required to
b) The limit of reimbursernent for use DSC/DEC for official work, can
DSC shall be lower of the purchase DSC/DEC on reimbursernent as
following values prescribed under Para 3.4. only on the basis
. Actuat cost of Purchase fiom of authorization & sanction by their higher
CCA approved vendors on officers.
production of Original Invoice c) The limit of rcimbusem€nt for DSC shall be
rnd lower of the following values
. Rs. 9El(Nine Hundred Twenty Acil8l cost of purchase from CCA approved
Eight only). Ral€ r€fer€nce taken vendors on prodrclion oforiginal Invoice or
Aom successfully completed PO Rs 1750/- (One Thousand seven hundred and
on GeM portal whichever is fifty only). Rate referenc€ taken from
lower successfully completed PO on GeM Portal
whichev€r is lower
c) The limit of reimbursement for
DEC stEll be actual cost of d) The limit of reimbursement for DEC shall b€
purchase from CCA approved actual cost of purchase from CCA approved
vendon on production of venalors on ppdudion ofOriginsl Invoice.
Original Invoic€ e) The reimbursern€nt shall b€ self sanctioned
d) (d)The rcimburs€ment shall self and applied by the authorized employee
sanctioned by the officer proouring the DSSDEC as prescribed under
procuring the DSC/DEC. There Para 3.4. There shall be no further sepamte
shall be no further separate sanctioning process.
sanctioning process.

Proess of (iiiXa) Group C & D Personnel, who are Th€s€ two points has been merged in Para 3.5.1(ii)
pmcuremetrt of required to us€ DSC/DEC for
DSC/DEC (Prrr offcial work, ar€ authsized &
3.s.rxiii) sanctioned to Purchas€
DSSDEC on rcimbursement as
prescribed under Para 3.4.
(iiixb)The reimbursement of expenses for
the purchase shall be done on the
basis of authorization. The amount
of the reimbursement shall be
govmred by Sr No (ii) above

.C-ll.!^'t
 AtrncrursII

1. Btckground

,.,.
(ccA) which in hm
t"::::*;*'fgt:IilHt
'^l#li1p#Sil."'trtrffiJtr"'#,S#.:i',..1,!J:',ffiip,lf#:i:?.ti.'i.&ffiiJ'$,Tf"
i:"!tfl;
"*","0.8!*',iin?iui'"'ri'"{aei*nr*
ii'r"t'riJ .iir-:"v' pGta signatue ctrtificate(s)
(DSc) arc berng use

"Ii.i,J,,irig-rl,,i"ir*+--;?S'fjlffi"J#;f;s,#'r",Jffi 'H:f#'"ff l'':?:qiff ;T

for rsvmmetric crypto8traphy
e-pto"iJ*t svttt- ltiues; "n0 tntegt't"a
e-auoion. lt has tte" etploiJ;; ;""i;i'"
R'li*"v'
"Mffi
ffi; ffi "s";; tnr6rmation svstem (ir'tls)'
Infrdstructurc (PKI) please
concep of D-qc / DEc and Public Key
Notc: For b€tter understanding of the iji*rt signatues. (wvw.cragov.in)
refer Brochure issuiJy"rr," cte -

t.2. y#:"?31.',t3tt l113.f s*"i,'J,'#T,'*'t-ili'ffiH"lrffX[E3lJ,:fl:;'d"i""##i"E:;

mn'rss,ttm',mfIsffim#dffi
(CCA). The inshlctions \f,en
'*m'Ir.+T,*
is I to ensure
€tc' rhere
' l.3.Alargenumb€rofDSCsarealreadyinuseintheofEcsoflndianRai|wavs'Thesenumbersarccontinuously
ne€d
increasing *iu, ut" inuoou#ffii ilffitil;
ltiifti11 lsnmnowuniuersaty aooss all applications
can be useJ
of Dsc *a io ui.*iur"Ert*" such that
these
uniformity
iii"n *l'i*"av r*dional or arc likely to be dePloyed in the tuture'

4tr.Htriit;irsllfti:?,Hlt?Hi,;h*:T#,#?,[iliHl*T,xdi+]']l4:-'ft
#fryfl;:I#IT:"""1H"liri',:T:i'7.T+i,9+^'"i1x,**:*:;m*;"'#,''I,".1'iffi1"'H",?
class 3 olD in the policv field' CA shal
[i';;iltir* 2 and
c€rtificat€s".
till its validity expiry date'
Class 2 DSC issued earlier can still b€
us€d
1.5.
2. Objectivcs and Scopc ofthis document

rhe poricy detairs.the ,,tT.J:1".:l#tff*:iB33BE3,TI ffii1,"T"th3ffi.,f-Y?is"STilli

iliyliii,ffittyJ1ilffi#'ffo5"li#,ip";irr"ru'*ii"ieuJo*"ppii*tio*thatuscDSCEr/or
DEC.
on two dillerent USB tokens'
NotG: Normally, DSC & DEC should be Procur€d

of DSC/DEC
3. INtructlon3 rcgording - Lifecycle msnlgcme[t

3.1 Prerequkit$ for obtaining DSC/DEC

be ensured from every appticant
of DSC/DECI
The following Fe-requisiteiay kindly

3.1.1. Ardbr.r ID snd lhked mobilc numbcl

(A) Every applicant shall have an Aadhaar number' should
mobile number' The number used
(B) The Aadhaa' number stralt be link€d to the applicant's
tn" u-ser. Use olofficiatly issued mobile number
preferably * ",i"'it".-'Iffi' fr-**t 'i,li*, tr
of change i"Jtt*J mobile number adds additional
shoutd be avoided' as the process
complexity during fansfers / postings'
of mobile number at the UIDAI websit€'
Note: Kindly reflr instruc{ions for Aadhaar and linking
httos://ssup'uidai'cov'i web/quest/uodate

3.1.2. Emril-ID on gov'iD domsln

(A)EveryappticantshouldhavehiVherregistered&functionalemailonthe.ni,uin/gov'ln.domain.
domain mandatorily requires the us€r
to register a mobile
(B) The emait account on'hic'i gov'in'

/8,ttLr"
 number. The mobile number used should pleferably b€ such thst it remains permanently with the
user. Use of ofticiatly issued mobile numbq shoutd b€ avoided as the process of change of
registered mobile number adds additional compleity during trsnsfers / Postings.

Not€: Kindly refer instructions for obtaining email-ID in gov.in at the REIS website at
http://wr.!'v,/.reis.railnet. gov.i n

3.2 Pl,rtrning for procur![cnt

3.2.1 Sclecttotr of Clrr! of DSC
(A) DSC is classilied in0o different classes by the CCA, namely: Class 1, Class 2 snd Ctass 3'
Note: Refer webpege of CCA detailing rhe classes of DSC.(btto:/hvww.cca.sov.ln)'
(B) Clsss 2 DSC shall be use4 till its validity expiry dat€ for applications on lndian Railways. For
new DSC on lndian Railways only Class 3 level DSC be issued.
(C) Class 3 DSC shall be mandate4 wherE required, especially for e-tendering purpos€'

3.2.2 Sclectio[ of TypG of Kc|l Store

The privae key associated with the digital signatures needs !o be stored secuely.

Note: Please refer insEuctions on Storsge of private key used by subscribeB for crcating Digital
-understanding
Signatures, issued by CCA for Setter of the featu€s of difrer€nt tyPes of
storage options.(Mpl&ary,gg,gql!!!)

For applications on Indian Railways, usB crypto Tokens shsll be used by default fol' storage of the
fivate key and associated certificales.
Any other option for storage shatl requir€ prior approval ofthe c&Is Dilectorate ofRailway Board.
3.2.3. Sources for ProcurcEent
DSC/DEC servicts and requircd crypto-tokens shalt be purchased only from the CCA approved
certification Authorities (cA). The website of CCA shall be checked !o asc€rtain the approved
agencies.
Notc: Please refer the CCA webeite at: !@;1@[
3.3 Fillitrg thc RGglstrstion form for DSC
The apptication forms for DSC/DEC and tokens are service provider specific' ]he ide+ity
verificaiion by the CAs witl be done as per the Fevailing extant guidelines issued by CCA from time
to ti-". Forinr and instructions may be followed on service provider's website. Nsme of service
provider are available at CCA website (c{a.qov'in/lic€ns€d-ca.hunl)

3.3.1 Use Registrrtlon Form for Digltd Ccrtilicrtc (GovernEent)

Use the form specifically meanl for "Government''

3.3.2 Selection of Class of DSC

*Class 3"
Select

33.3 Sclect Vr[dlty

Select Validity of -two years" by default. Ifany us€r desir€s to take l€sser period ofvalidity i.e. lcss
than 02 y€ors, he may apply accordingly.

33.4 Sigtr & EDcrypt

Select the option for both "Sigr & Ercrypt" use for the DSC.

3.3.5 Follow rll lnstructions correctly

Follow all instruction govided on the registmtion fom to ensue a error fiee submission. The colour
ofthe ink used for filling the form is mandated. It ne€ds to be followed conectly.
3,3.6 Unique Emrll-ID
Use the personal Email-lD fieated on the "gov.in/nic.in'domain as the Unique Email ID'

3.3.7 UDiquc Moblle Number

Use the personal mobile number (the one which is linked to Aadhsar) as the unique mobile number.

Frnul
-+
3,3.E ldentltyDetailsofApplicrnt
Use the "Government ldcotity Card" as the document of identity of the applicant. The att€sted
copy shall be attached along with the duly filled form.

33.9 Oryrtrizrtion Nrme

This is an importanl field and shall be filleein by providing the information of the applicant as
illustrated below:
Officer Itrformotion to be f lcd itr
Group
Group A Orgstrization NaEG: Miristry of Railwoys
OIIicc Address:
Servic€ & Ye3r (e.g. IRTS 1994)
CYo Confidential Crll, Room No. NNN,
Ministry of Railways
Rail Bhawan, Raisina Road
New Delhi - I10001.
Group B Orqanlzrtlon Nrme : Ministry of R ilways
Officc Addrcss:
Servic€ & Year,
C/o Confidential Cell, Room No. NNN,
HQ Ad&ess of ZR / PU / CTI etc.
Croup C Orqanlzrtlon Nrme : Ministry of Rrilwsyg
Omce Addrcss:
Service & Year,
C/o Confidential Celt, Room No. NNN,
Provide Address ofthe Cadre Contsolling Authority

3.3.10 The abovc method of filling the registration form ensues that the DSC can be used by the ofticer
for the full duration of the validity and irespective of incumbency on any posl This saves a
significant cost by utilizing the full validity ofDSC and also conserves resowces which othesise
shall be needed to cancel and reissue DSC whenever an officer is hansfered.

3.3.11 Arthorlzrtion Letter para of thc Registretion Form

The Authorization Letter part of the form shall be verified and signed by oflice(s) nominaled by
the Confidential Cell of the Railway Unit. All offic€rs in JAG end rbovc grrdc src empowered
to sign the authorization letter. Oth€r offic€rs may be nominatcd by the respective officers (JAG
& Above) !o sign the authorization letteB. The following details ofthes€ nominat€d ofiicen shall
be maintained by the r€spective confidential cells and !o be Ploduccd on dernand:
l. Name
2. Servic€/ Year
3. Designation
4. lD Card Number
5. Email ID (NIC personal on gov.in domain)
6. Aadhaar Number
7. Cell Number

3.1 E[gtb ity for DSC & DEC for Rrilw.y ofiici.k
3.,1.1 Oflicial issuc ofDSC
(A) Only one DSC shall b€ issued io a Railway offioial. Group A & B Railway OIficers are
empowerod !o sanction DSC for thems€lves as well as for the subordimte Railway oflicials
under thoir dfuect control.

(B) Any eligible ofiicial may apply for DSC 0l month prior to expiry ofDSC.

--s- $r,+ lb.l1,L\

3.4.2 Olficial issu. of Dlgitd Encryption Certilicrte @EC) on trecd brsis for tcndcrltrg & ructior
purpose

(A) Each individual tendedng unit or auction conducting unit shall require one DEC' Sinc€ the
usage ofDEC is limited and sp€cific, the issue needs to be regulated. Thereforg all ofiicers
in ,AG and above grade are empowettd !o sanction DEC for tendering & auction
conducting Railway Unis.
@) Oflicer may apply for DEC 03 months before the expiry of DEC.

3.4.3 Any contravention of the above limit by an officer will be tseated as breach of under the Railway
Services Conduct Rules.

3.5 Proccss of proc{rcment of DSC/DEC.

3.5.1 The DSC/DEC and limit would be the fol
S, No. Purch8e Mode Ilecdptlotr
(D Purchaseof Class (a)ln Railway Boan4 the procusnent will be done by C&IS
3 DSC by th€ DirEclorak and in zonal Railways/PUs by ST.EDPM or as decided
departnent by GM of the Zonal RailwayiPU or by DRIWCWM at
DivisionaL/Workshop level.
through GeM
(b)As per Rule No.l49 of General Finance Rule (GFR) 2017, it is
portd mandatory to plocx.uE itens svsilable in GeM through GeM portal.
DSC is available in CeM, therefore, bulk procurement of DSC
should normally be done through GeM portal.
(c) The sanctioning au0rority will be as mentioned at Para 3.4.
(ii) Self purchase of (a) Group A & B officers may purchase DSCyDEC as prescribed under
DSC & DEC Para 3.4 for themsetves on reimbursement basis or through imFest
contolled by them.
(b) Group C & D pesonnel, who are required to use DSC/DEC for
official wqlq can purchase DSC/DEC on reimbursem€nt as
prescdb€d under Para 3.4. only on the basis of authorization &
sanction by thet higher officers.
(c) The limit of reimbusement for DSC shall be the lower of the
following values:
. Actual cost of purchase fiom CCA approved vendors on
production of Original Invoice or
o Rs. 1750/- (One Thoussnd Seven Hundred and Fifty only)
(Rare rrference taken from successflrlly completed PO on GeM
Portal plac€d by RBCC under @IS Directorate vide Contact
No. GEMC51 l6t7?83126E47 placed on IWs ACE Technology
for Class 3 DSC - Sign Plus Encryption with Token for 2 years
validity.
(d) The limit of rcimburs€ment for DEC shall be sctual cost of
purchase fiom CCA apgoved vendors on production of Original
Invoice
(e) The reimbursernent shall be self sanctioned and applied by the
authorized employee procuring the DSC/DEC as prescribed under
Para 3.4. There shall be no filrther separare sanctioning process.

3.6 srfckc€ping ltsc & cxpens$ durltrg vslidity of DSC/DEC

3.6.1 Ssfckccpltrg of Tokcn and PIN

(A) Safekeeping of the crypto-token, Digiral Certificates, PIN €to. is the personal resporsibility of
thc ofiicers to whom the DSC/DEC is issued.
(B) The oflic€r shall ensure that the DSC/DEC remain functional during its validity.

Note: As p€r the IT Ac! documents signed or messages sent using the DSC sre deemed to be
signe.d by the holder of the DSC, therefore tlre DSC / PIN should not b€ shared as the
complete liability rests on fie holder ofthe DSC.

t0.lt,1-4

-6-
 3.6.2 Use of DSC
(A) The offtcer shall use the DSC issued as required fm olficial working. The DSC provided can be
used for signing the documents and also for sending seourc encrypt€d m€ssages to other users.
(B) The officen can use the DSC to digitally sign their personal documents i.e. income tax rcturns
etc. and also send encrypted mcssages.

3.6.3. Erpens€s on maintenrtrce of DSC

The DSC procured using this procedure does not incur any maintenance or service charges over
the validity. However, in case of loss / danage of token or loss of PIN, locking out due !o
multiple vrrong PIN'S, etc, the services provider may levy certain charges for rqnvery I
reissue. Such charges shall be paid personally by the officer concerned and shall not be
reimbursed.

3.7 Action to bc taken otr transfcr/ dcputetion

3.7,1 For DSC
The DSC is issued to the offcer by name, thus the officer shall take it along with him / her on
tsansf€r/d€putations in Railway Unitycentaustate & PSUS etc. The detail about the DSC shall
be entrred into the LPC ofthe officer clearly mentioning the CA, date ofpurchase and validity.

3.7.2 For DEC

Following to be followed if DEC is issued to Railway offrciali
l. On transfer/deputation/superannuation of the DEC holder, the DEC shall be handed over to
fle new incumb€nt. Thc DEC holder wilt under no circumst{trces carry the DEC slong
with him evctr ttough thc DEC may bevc bceD lssucd itr highcr DrEG-
ii. All the expired DEC shdl b€ kept in safe custody for the required period. A label shall be
put on each such expired DEC indicating the name ofthe unit and the validity start and end
date ofthe DEC. On transfer ofan olficial having cusiody of the expired DEC, he/she shall
handover all such DEC to the oew incumbent and obtains an acknowledgement ofth€ same,
iii. ln case of loss of DEC, it shall be responsibility of $€ DEC holder to infom rhe CA
immediately for revocstion of the DEC. The holder shall also immediately inform CRIS
about the loss ofDEC
{Ref: Railway Board's lefrer No.2olglRs(MyMisc dated 27.11.2019}

3.E Action to b. trkcn tur crsc of r.tircmcnt of DSC/DEC holder.

3.8.1 In case of superannuation or Voluntary Retirement or in case of death of Railway ofticial,

Railway Adminishation will not take back DSC from him/her.
3.E.2 Same as Para 3.7.2 above.

3.9 Disposrl et end of vdidity

(A) At the end of validity of the DSC, the CA informs the user and prompts for renewal of the
same. The olficer may eitho op for renewal or s€ek an aliogetler new DSC. tn both caseg
the process ofprocurement is similar to the initial Focess.
(B) Th€ USB crypto-token can b€ rcused ifpermitted by the CA.
(C) The USB tokens shall not be rctumed !o the oflice by the omcer. The officer shall follow
advice of CA for safe disposal of the non-used USB crypto-token.

lllt,'L\1

T-