[Code of Federal Regulations]
[Title 21, Volume 1]
[Revised as of April 1, 2005]
From the U.S. Government Printing Office via GPO Access
[CITE: 21CFR1311.30]

[Page 145]
 
                         TITLE 21-FOOD AND DRUGS
 
   CHAPTER II--DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE
 
PART 1311_DIGITAL CERTIFICATES--Table of Contents
 
Subpart B_Obtaining and Using Digital Certificates for Electronic Orders
 
Sec. 1311.30  Requirements for storing and using a private key for 
digitally signing orders.

    (a) Only the certificate holder may access or use his or her digital 
certificate and private key.
    (b) The certificate holder must provide FIPS-approved secure storage 
for the private key, as discussed by FIPS 140-2, 180-2, 186-2, and 
accompanying change notices and annexes, as incorporated by reference in 
Sec. 1311.08.
    (c) A certificate holder must ensure that no one else uses the 
private key. While the private key is activated, the certificate holder 
must prevent unauthorized use of that private key.
    (d) A certificate holder must not make back-up copies of the private 
key.
    (e) The certificate holder must report the loss, theft, or 
compromise of the private key or the password, via a revocation request, 
to the Certification Authority within 24 hours of substantiation of the 
loss, theft, or compromise. Upon receipt and verification of a signed 
revocation request, the Certification Authority will revoke the 
certificate. The certificate holder must apply for a new certificate 
under the requirements of Sec. 1311.25.