21 CFR 1311.115 - Additional requirements for two-factor authentication.
(a) To sign a controlled substance prescription, the electronic prescription application must require the practitioner to authenticate to the application using an authentication protocol that uses two of the following three factors:
(3) Something the practitioner has, a device (hard token) separate from the computer to which the practitioner is gaining access.
(b) If one factor is a hard token, it must be separate from the computer to which it is gaining access and must meet at least the criteria of FIPS 140-2 Security Level 1, as incorporated by reference in § 1311.08, for cryptographic modules or one-time-password devices.
(c) If one factor is a biometric, the biometric subsystem must comply with the requirements of § 1311.116.
Title 21 published on 2013-04-01
no entries appear in the Federal Register after this date.