Section



[Code of Federal Regulations]
[Title 21, Volume 9]
[Revised as of April 1, 2007]
From the U.S. Government Printing Office via GPO Access
[CITE: 21CFR1311.25]

[Page 143-144]
 
                         TITLE 21-FOOD AND DRUGS
 
   CHAPTER II--DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE
 
PART 1311_Digital Certificates--Table of Contents
 
Subpart B_Obtaining and Using Digital Certificates for Electronic Orders
 
Sec. 1311.25  Requirements for obtaining a CSOS digital certificate.

    (a) To obtain a certificate to use for signing electronic orders for 
controlled substances, a registrant or person with power of attorney for 
a registrant must complete the application that the DEA Certification 
Authority provides and submit the following:
    (1) Two copies of identification, one of which must be a government-
issued photographic identification.
    (2) A current listing of DEA registrations for which the individual 
has authority to sign controlled substances orders.
    (3) A copy of the power of attorney from the registrant, if 
applicable.
    (4) An acknowledgment that the applicant has read and understands 
the Subscriber Agreement and agrees to the statement of subscriber 
obligations that DEA provides.
    (b) The applicant must provide the completed application to the 
registrant's coordinator for CSOS digital certificate holders who will 
review the application and submit the completed application and 
accompanying documentation to the DEA Certification Authority.
    (c) When the Certification Authority approves the application, it 
will send the applicant a one-time use reference number and access code, 
via separate channels, and information on how to use them. Using this 
information, the

[[Page 144]]

applicant must then electronically submit a request for certification of 
the public digital signature key. After the request is approved, the 
Certification Authority will provide the applicant with the signed 
public key certificate.
    (d) Once the applicant has generated the key pair, the Certification 
Authority must prove that the user has possession of the key. For public 
keys, the corresponding private key must be used to sign the certificate 
request. Verification of the signature using the public key in the 
request will serve as proof of possession of the private key.