Quick Links: Skip to main page content Skip to Search Skip to Topics Menu Skip to Common Links
  • Decrease font size
  • Return font size to normal
  • Increase font size
U.S. Department of Health and Human Services

CFR - Code of Federal Regulations Title 21
  • Print
  • Share
  • E-mail
-

The information on this page is current as of Dec 22, 2023.

For the most up-to-date version of CFR Title 21, go to the Electronic Code of Federal Regulations (eCFR).

New Search
Help | More About 21CFR
[Code of Federal Regulations]
[Title 21, Volume 9]
[CITE: 21CFR1311.30]



TITLE 21--FOOD AND DRUGS
CHAPTER II--DRUG ENFORCEMENT ADMINISTRATION
DEPARTMENT OF JUSTICE

PART 1311 -- REQUIREMENTS FOR ELECTRONIC ORDERS AND PRESCRIPTIONS

Subpart B - Obtaining and Using Digital Certificates for Electronic Orders

Sec. 1311.30 Requirements for storing and using a private key for digitally signing orders.

(a) Only the certificate holder may access or use his or her digital certificate and private key.

(b) The certificate holder must provide FIPS-approved secure storage for the private key, as discussed by FIPS 140-2, 180-2, 186-2, and accompanying change notices and annexes, as incorporated by reference in § 1311.08.

(c) A certificate holder must ensure that no one else uses the private key. While the private key is activated, the certificate holder must prevent unauthorized use of that private key.

(d) A certificate holder must not make back-up copies of the private key.

(e) The certificate holder must report the loss, theft, or compromise of the private key or the password, via a revocation request, to the Certification Authority within 24 hours of substantiation of the loss, theft, or compromise. Upon receipt and verification of a signed revocation request, the Certification Authority will revoke the certificate. The certificate holder must apply for a new certificate under the requirements of § 1311.25.

-
-