• Decrease font size
  • Return font size to normal
  • Increase font size
U.S. Department of Health and Human Services

CFR - Code of Federal Regulations Title 21

  • Print
  • Share
  • E-mail
-

The information on this page is current as of April 1 2016.

For the most up-to-date version of CFR Title 21, go to the Electronic Code of Federal Regulations (eCFR).

New Search
Help | More About 21CFR
[Code of Federal Regulations]
[Title 21, Volume 1]
[Revised as of April 1, 2016]
[CITE: 21CFR11.300]



TITLE 21--FOOD AND DRUGS
CHAPTER I--FOOD AND DRUG ADMINISTRATION
DEPARTMENT OF HEALTH AND HUMAN SERVICES
SUBCHAPTER A--GENERAL

PART 11 -- ELECTRONIC RECORDS; ELECTRONIC SIGNATURES

Subpart C--Electronic Signatures

Sec. 11.300 Controls for identification codes/passwords.

Persons who use electronic signatures based upon use of identification codes in combination with passwords shall employ controls to ensure their security and integrity. Such controls shall include:

(a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password.

(b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging).

(c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, and other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls.

(d) Use of transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit, and, as appropriate, to organizational management.

(e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in an unauthorized manner.

-
-