1. LawStack
  2. Title 21 - Food and Drugs
  3. Chapter II - DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE
  4. Part 1311 - REQUIREMENTS FOR ELECTRONIC ORDERS AND PRESCRIPTIONS
  5. Subpart B - Obtaining and Using Digital Certificates for Electronic Orders
  6. 21 CFR § 1311.30
21 CFR § 1311.30
Requirements for storing and using a private key for digitally signing orders
June 25, 2020
CFR

(a) Only the certificate holder may access or use his or her digital certificate and private key.

(b) The certificate holder must provide FIPS-approved secure storage for the private key, as discussed by FIPS 140-2, 180-2, 186-2, and accompanying change notices and annexes, as incorporated by reference in §1311.08.

(c) A certificate holder must ensure that no one else uses the private key. While the private key is activated, the certificate holder must prevent unauthorized use of that private key.

(d) A certificate holder must not make back-up copies of the private key.

(e) The certificate holder must report the loss, theft, or compromise of the private key or the password, via a revocation request, to the Certification Authority within 24 hours of substantiation of the loss, theft, or compromise. Upon receipt and verification of a signed revocation request, the Certification Authority will revoke the certificate. The certificate holder must apply for a new certificate under the requirements of §1311.25.

Previous
§ 1311.25 Requirements for obtaining a CSOS digital certificate
Next
§ 1311.35 Number of CSOS digital certificates needed

Tried the LawStack mobile app?

Join thousands and try LawStack mobile for FREE today.

  • Carry the law offline, wherever you go.
  • Download CFR, USC, rules, and state law to your mobile device.

Designed and built by Tekk Innovations LLC, the makers of the LawStack iPhone app or Android app.

© 2020 Tekk Innovations LLC